how to develop an asp.net application to lock web-site to a particular computer?

[Michal A. Valasek]

Hello,

abandon the magic and harness client certificates, it should be good enough
for you.

--
Michal A. Valasek, Altair Communications, [url]http://www.altaircom.net[/url]
Please do not reply to this e-mail, for contact see [url]http://www.rider.cz[/url]
Keeping Freedom safe from Democracy

[MS News \(MS ILM\)]

No the perfect solution but give access to specific IPs only
I know someone can change their IP and still access the resource.
what about specific IP and authentication combined
Not the perfect solution.

"Don Chen" <DzDon@aol.com> wrote in message
news:063801c35e20$d053e7b0$a101280a@phx.gbl...

> Dear asp.net web gurus:
>
> We're planning on a porting project from client-server to
> browser-based. The client-server application has a
> critical built-in security mechanism we'd like to bring
> over to a web browser. It reads from a set of control
> files on the hard-drive to make sure it is being run from
> an "approved" computer. Can something equivalent to this
> be done in a browser-based application? The usual USER
> NAME/PASSWORD is not good enough for us. In other words,
> does any one know how you can "tie" a web site to a
> particular computer?
>
> I'm wondering if there's a way I can setup/configure the
> browser on my users' computer so the user can only access
> my app from that particular PC. All my users are in the
> same city and there're only a handful of them so we can
> visit them all if we have to. After I set the user up, I
> want the user to "magically" get to my site when on that
> approved computer, and "magically" fail to from any other
> non-approved computer (because it not have my hidden
> stuff). I know there're certain limitations as to what a
> browser can do. What kind of system information is
> available to a web-browser and what directories on a
> computer the browser has access to, in addition to the
> cache directories?
>
> Thanks in advance.
>
> Don
>
>
>
>
>
> -----Original Message-----
> From: Don Chen
> Sent: Friday, August 08, 2003 5:03 PM
> To: Zia Mojabi; James Spottiswoode
> Subject: draft question to post to newsgroups
>
>
>
> Hi,
>
>
>
> Please comment on the question to be posted to newsgroups.
> Thanks. -don
>
>
>
>
>
> Dear web gurus:
>
>
>
> We're planning on a porting project from client-server to
> browser-based. The client-server application has a
> critical built-in security mechanism we'd like to bring
> over to a web browser. We'd also like to preserve the rich-
> client experience as much as possible.
>
>
>
> Does any one know how you can "tie" a web site to a
> particular computer? In other words, I'm wondering if
> there's a way I can setup/configure the browser on my
> user's computer and then afterwards this user won't need
> to do a user login every time in order to use my secured
> web site? I know there're certain limitations as to what a
> browser can do. What kind of system information is
> available to a web-browser and what directories on a
> computer the browser has access to, in addition to the
> cache directories?
>
>
>
> Thanks in advance.
>
>
>
> Don
>

[Don Chen]

Hi Michal,
Thank you for the reply. Sounds like client certificates
is what I should be looking into. May I bother you for a
couple pointers to help me get started? I'd be much more
appreciative if you could also let me know how they work
and if they can be easily stolen from one computer to
another.

Don

>-----Original Message-----
>Hello,
>
>abandon the magic and harness client certificates, it

should be good enough

>for you.
>
>--
>Michal A. Valasek, Altair Communications,

[url]http://www.altaircom.net[/url]

>Please do not reply to this e-mail, for contact see

[url]http://www.rider.cz[/url]

>Keeping Freedom safe from Democracy
>
>
>.
>