Disallow sharing the same login

[Zeng]

Hello,

I'm not sure if this is the right newsgroup. I'm wondering if anyone out
there are experienced with solving this problem and can share your opinion
or give me some advice. I'm planning to disallow multiple users of our .net
application to share the same login. How do I do that? Tracking IP address
of the computer they use? But is that true different machines out there
might have the same IP address because they use the same router?

Thanks!

[Ken Schaefer]

This is fairly difficult to do.

Do you want to prevent someone sharing a login? Or do you want to prevent
concurrent logins? The former is quite difficult to do - and it's a problem
that afflicts any authentication scheme, anyone can turn a private key into
a shared key. You could require users to use biometric identification or
similar, as that is difficult to share.

Cheers
Ken


"Zeng" <zzy@nonospam.com> wrote in message
news:eXyJedWiEHA.632@TK2MSFTNGP12.phx.gbl...

> Hello,
>
> I'm not sure if this is the right newsgroup. I'm wondering if anyone out
> there are experienced with solving this problem and can share your opinion
> or give me some advice. I'm planning to disallow multiple users of our
> .net
> application to share the same login. How do I do that? Tracking IP
> address
> of the computer they use? But is that true different machines out there
> might have the same IP address because they use the same router?
>
> Thanks!
>
>

[Zeng]

I would like to prevent someone sharing a login but I know that it would
know that would be difficult so it would be acceptable to prevent concurrent
logins. So here is my current plan, each time a user logins we will create
a unique id (a guid for example) and store it both in the cookie and in our
server for the login name. Our server will check for matching of that id for
each subsequent access (read, write data etc), if it is not matched, then we
will automatically log the user out. So if 2 people are using the same
login name, the last one log in will kick the first one out. Does anybody
see any problem with that approach?

Thank you very much advance for you help!


"Ken Schaefer" <kenREMOVE@THISadOpenStatic.com> wrote in message
news:uUFHk$YiEHA.3608@TK2MSFTNGP09.phx.gbl...

> This is fairly difficult to do.
>
> Do you want to prevent someone sharing a login? Or do you want to prevent
> concurrent logins? The former is quite difficult to do - and it's a

problem

> that afflicts any authentication scheme, anyone can turn a private key

into

> a shared key. You could require users to use biometric identification or
> similar, as that is difficult to share.
>
> Cheers
> Ken
>
>
> "Zeng" <zzy@nonospam.com> wrote in message
> news:eXyJedWiEHA.632@TK2MSFTNGP12.phx.gbl...

> > Hello,
> >
> > I'm not sure if this is the right newsgroup. I'm wondering if anyone

out

> > there are experienced with solving this problem and can share your

opinion

> > or give me some advice. I'm planning to disallow multiple users of our
> > .net
> > application to share the same login. How do I do that? Tracking IP
> > address
> > of the computer they use? But is that true different machines out there
> > might have the same IP address because they use the same router?
> >
> > Thanks!
> >
> >

>
>