Click here to Skip to main content
15,884,176 members
Search within:


How to find out that the client is my customer?
Please Sign up or sign in to vote.
0.00/5 (No votes)
Hello Experts

Here is a scenario. My Project is a simple project that it could be Desktop Application; But because it should run in more than 8 station all over the city and they must connect to a same database I decided to develop an Asp.Net Application.

The main problem is that the customer asked me that no body should see even the log in webpage except my personnel.

The only way I can think about, is to get a unique key from their computers to authenticate them.
I do not know even if it is possible!

Any suggestion?

Good luck everyone
Posted
Updated 11-Nov-13 8:21am
v2
Add a Solution

2 solutions

There is no actual hardware identifier you could use with confidence. You could use a smartcard or biometric identification. See these articles: http://www.atgi.com/dist/Implementing%20Smart%20Card%20Authentication%20and%20Authorization%20with%20ASP.NET.pdf[^], http://www.sharepointsecurity.com/sharepoint/sharepoint-development/biometric-authentication-for-sharepoint/[^]. But these are quite complicated approaches, are rather platform-dependent.

But you have an option that is quite platform-independent on client side: using client side certificates. See this for the start: http://support.microsoft.com/kb/315588[^].
 
Share this answer
 
Posted
You can't get info about the client computer easily - it is possible, but it opens up security holes which it's difficult to plug up afterwise.

A better approach would be to send an email to each authorised user which contains a "click here" link to a "hardware validation" page on your site. If the link contains a query string which you check in your DB (a different Guid per user is good) and if it is correct and not used yet, writes an authorisation cookie to the client computer. You then check the cookie in your "normal" website and if ok, show the login screen or just treat them as logged in.

Sounds complex - but it isn't. The email link is just a standard HTML HREF with a query string:

HTML
<a href="http://MyDomain.com/validation.html?id=9dcb491f-0edc-46d7-bc5a-6994416179a7">Click here to validate</a>

In the page, all you have to do is read the query, check it against your DB and write a cookie. Simples!
 
Share this answer
 
Posted
Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month
Related Questions
conditional Custom validation client side
Ability to handle multiple clients (customers)
How to find if client is idle or not?
find the username of client computer in domain
Finding an updating a custom object in a list
How to customize ASP.NET identity with my own user table
How to find which clients are using my webservice and listing them
X509 Client certificate
Find the list of client ip address who are connected to my router
To Find Client Side Default Printer Dynamically

Advertise
Privacy
Cookies
Terms of Use
Last Updated 11 Nov 2013
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web02 2.8:2024-04-02:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900