 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / ASP.NET / General / February 2008web site protection
We're planning on a porting project from client-server to browser-based. The client-server application has a critical built-in security mechanism we'd like to bring over to a web browser. It reads from a set of control files on the hard-drive to make sure it is being run from an "approved" computer. Can something equivalent to this be done in a browser-based application? The usual USER NAME/PASSWORD is not good enough for us. In other words, does any one know how you can "tie" a web site to a particular computer? I'm wondering if there's a way I can setup/configure the browser on my users' computer so the user can only access my app from that particular PC. All my users are in the same city and there're only a handful of them so we can visit them all if we have to. After I set the user up, I want the user to "magically" get to my site when on that approved computer, and "magically" fail to from any other non-approved computer (because it not have my hidden stuff). I know there're certain limitations as to what a browser can do. What kind of system information is available to a web-browser and what directories on a computer the browser has access to, in addition to the cache directories? Thanks in advance. Your message is a bit contradicting and not clear what you want.... So here are some questions and my thoughts. Not clear what you want to lock down (pick correct option). a) The server side... so client only can install your application on one server and not be able to distribute it somewhere else and install it on another server.... b) Or may be you want clients to be able to only access your application from particular machine In case (b) I do not understand why. What is the point of rewriting application as a Browser based application. The only benefit is that users can access your application from any computer... But you can still achieve it, although not 100% proof, with custom certificate installed in browser. Then lock your application and make it available only with specific client certificate.... In case (a) You need to check the host. Request.ServerVariables["HTTP_HOST"] and if it's not predefined one then kick user back. George > We're planning on a porting project from client-server to > browser-based. The client-server application has a [quoted text clipped - 22 lines] > > Thanks in advance. > an "approved" computer. Can something equivalent to this > be done in a browser-based application? In addition to George's reply, you might find this helpful: http://www.windowsecurity.com/articles/Client-Certificate-Authentication-IIS6.html  SignatureMark Rae ASP.NET MVP http://www.markrae.net Yep, that article describes exactly what I meant. Could not come up with the url myself. Only knew that is possible. George. >> an "approved" computer. Can something equivalent to this >> be done in a browser-based application? > > In addition to George's reply, you might find this helpful: > http://www.windowsecurity.com/articles/Client-Certificate-Authentication-IIS6.html Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.