Blocking access of a web application

Question

0.00/5 (No votes)

See more:

Hi all,
I have a web application in which I want to block an autorized user(who have a username and password to login) from other computer other than his alloted office computer. If the user try to access the Web appln from his home or from other computer in his office, I want to block him..How can I implement that?
Can any one help me..please...it's urgent...

Posted 2-May-11 18:06pm

pufo

Updated 2-May-11 19:46pm

v2

Add a Solution

Comments

Bryian Tan 3-May-11 0:22am

You can code the application to allow IP address from the office to login. Restrict the user to access the application if the IP is not from the office computer.

pufo 3-May-11 1:31am

But I think its easy to duplicate IPaddress.. How about MAC address?

2 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Ra-one · Answer 1 · 2011-05-02T18:21:00

Solution 1

Track the IPAddress and check it as a credential with the loginID and password.

Posted 2-May-11 18:21pm

Ra-one

Comments

pufo 3-May-11 2:40am

Thanks for you help rahultandon... but is this ipaddress is secure enough?

CodeHawkz · Answer 2 · 2011-05-02T21:34:00

Hi there,

Assuming that you have the authority to take the decision, what I would do is,

Alert all the users not to use the application only from their respective machines and that their usage is tracked. In your application log the access of your application and store these data (machine name, ipaddress, user name, date and time).

You can develop a view for a system administrators to see who has logged in from different locations :) or even generate an email to be sent to configured addresses when a user does that.

Why I suggested this approach to you is for multiple reasons, which are:
1. If you use the IP filtering approach, you have to keep track of all the employees, machine names and IP addresses in your database and update the database as in when a change happens, which would be difficult to maintain in a long run.
2. You mentioned that this application is running in your office, so even though some users may be give the permissions to change the IP addresses, I am sure they are not allowed to change machine name which would cause the computer to be added to the domain again, which needs network administrator level access (which am sure not many people would have). So it is better than the IPAddress in the sense.
3. The reason for the IPAddress to be there is just so that you can clearly differentiate between office IPs and other IPs. But if you host this application in your Intranet, you could easily overcome this problem, since anyone outside cannot access your intranet without a VPN.
4. Since it only generates an email or a notification to the configured users (System administrators or managers, etc) you can review the list and generate weekly reports and advice the users on such behavior.
5. Date and time is mainly for querying results for a specific time period, useful when and if generating reports off this data.

Hope this helps :) Regards