website restricted to fixed public IP or to only PC wth predefined configuration

Discussion in 'ASP .Net Security' started by Kausar Parveen, May 29, 2006.

  1. Hello All,

    I'm working on an ASP.NET application where I need for only a
    few machines (machines accessing the site will have fixed public IP) to be
    able to have access to the website. It should check some hardware components
    of PC to give access to the website. It should also give access to users
    having dynamic IP address, for all such users their Hardware fingerprint of
    predefined desktops and laptops should be checked before giving the access
    to the website.
    Can i use and check the remote machine for its MAC address
    and compare it with my database in ASP.NET. As per my knowledge I can get
    MAC in windows app using WMI.
    How can i get it done in ASP.NET?

    Thanks in advance,
    Kausar
    Kausar Parveen, May 29, 2006
    #1
    1. Advertising

  2. You can't.

    You should look into certificate based authentication - this would allow
    for scenarios where only owners of a valid cert are allowed access to your
    application - and you could utilize external hardware like smart cards.

    ---------------------------------------
    Dominick Baier - DevelopMentor
    http://www.leastprivilege.com

    > Hello All,
    >
    > I'm working on an ASP.NET application where I need for
    > only a
    > few machines (machines accessing the site will have fixed public IP)
    > to be
    > able to have access to the website. It should check some hardware
    > components
    > of PC to give access to the website. It should also give access to
    > users
    > having dynamic IP address, for all such users their Hardware
    > fingerprint of
    > predefined desktops and laptops should be checked before giving the
    > access
    > to the website.
    > Can i use and check the remote machine for its MAC
    > address
    > and compare it with my database in ASP.NET. As per my knowledge I can
    > get
    > MAC in windows app using WMI.
    > How can i get it done in ASP.NET?
    > Thanks in advance,
    > Kausar
    Dominick Baier [DevelopMentor], May 29, 2006
    #2
    1. Advertising

  3. Hello Dominick ,

    I created Windows User Control which is getting MAC ID using WMI. And I
    am using this User control just as ActiveX control do in Internet explorer.
    In other words I am embedding Windows User Controls into Internet
    Explorer but i am facing a secuirty problem it's giving following error

    "System.Security.SecurityException: That assembly does not allow partially
    trusted callers.
    at System.Security.CodeAccessSecurityEngine.ThrowSecurityException("

    can problem be solved by providing specified permission? If yes what i have
    to do for this??


    Thanks in advance,
    Kausar


    "Dominick Baier [DevelopMentor]" <>
    wrote in message news:...
    > You can't.
    >
    > You should look into certificate based authentication - this would allow
    > for scenarios where only owners of a valid cert are allowed access to your
    > application - and you could utilize external hardware like smart cards.
    >
    > ---------------------------------------
    > Dominick Baier - DevelopMentor
    > http://www.leastprivilege.com
    >
    > > Hello All,
    > >
    > > I'm working on an ASP.NET application where I need for
    > > only a
    > > few machines (machines accessing the site will have fixed public IP)
    > > to be
    > > able to have access to the website. It should check some hardware
    > > components
    > > of PC to give access to the website. It should also give access to
    > > users
    > > having dynamic IP address, for all such users their Hardware
    > > fingerprint of
    > > predefined desktops and laptops should be checked before giving the
    > > access
    > > to the website.
    > > Can i use and check the remote machine for its MAC
    > > address
    > > and compare it with my database in ASP.NET. As per my knowledge I can
    > > get
    > > MAC in windows app using WMI.
    > > How can i get it done in ASP.NET?
    > > Thanks in advance,
    > > Kausar

    >
    >
    Kausar Parveen, May 29, 2006
    #3
  4. Hi,

    well - this may not work for the following reasons:


    a) you are extending the trusted subsystem to the user - this is trivial
    to bypass
    b) WMI needs full trust - you obviously won't get that by default - you would
    have to adjust the security policy on every single client to give your "activex"
    control full trust.


    ---------------------------------------
    Dominick Baier - DevelopMentor
    http://www.leastprivilege.com

    > Hello Dominick ,
    >
    > I created Windows User Control which is getting MAC ID using WMI.
    > And I
    > am using this User control just as ActiveX control do in Internet
    > explorer.
    > In other words I am embedding Windows User Controls into Internet
    > Explorer but i am facing a secuirty problem it's giving following
    > error
    > "System.Security.SecurityException: That assembly does not allow
    > partially
    > trusted callers.
    > at
    > System.Security.CodeAccessSecurityEngine.ThrowSecurityException("
    > can problem be solved by providing specified permission? If yes what i
    > have to do for this??
    >
    > Thanks in advance,
    > Kausar
    > "Dominick Baier [DevelopMentor]"
    > <> wrote in message
    > news:...
    >
    >> You can't.
    >>
    >> You should look into certificate based authentication - this would
    >> allow for scenarios where only owners of a valid cert are allowed
    >> access to your application - and you could utilize external hardware
    >> like smart cards.
    >>
    >> ---------------------------------------
    >> Dominick Baier - DevelopMentor
    >> http://www.leastprivilege.com
    >>> Hello All,
    >>>
    >>> I'm working on an ASP.NET application where I need for
    >>> only a
    >>> few machines (machines accessing the site will have fixed public IP)
    >>> to be
    >>> able to have access to the website. It should check some hardware
    >>> components
    >>> of PC to give access to the website. It should also give access to
    >>> users
    >>> having dynamic IP address, for all such users their Hardware
    >>> fingerprint of
    >>> predefined desktops and laptops should be checked before giving the
    >>> access
    >>> to the website.
    >>> Can i use and check the remote machine for its MAC
    >>> address
    >>> and compare it with my database in ASP.NET. As per my knowledge I
    >>> can
    >>> get
    >>> MAC in windows app using WMI.
    >>> How can i get it done in ASP.NET?
    >>> Thanks in advance,
    >>> Kausar
    Dominick Baier [DevelopMentor], May 29, 2006
    #4
  5. Hello Dominick ,


    My web page is running fine. I am getting MAC ID of client's system
    using user control. Idid the required CAS,

    Is this not the correct way to do this even if i have very limited
    and known viewers/users for my website.
    I don't want to let the people to browse my website from cybercafe.
    That's why i am choosing this option coz to run my website client system
    should have configured the CAS. I have know user's and known
    machines where i can configure CAS,

    What can be the pitfalls/implications in implementing usercontrol in
    web app for getting MAC ID?

    Regards
    Kausar

    "Dominick Baier [DevelopMentor]" <>
    wrote in message news:...
    > Hi,
    >
    > well - this may not work for the following reasons:
    >
    >
    > a) you are extending the trusted subsystem to the user - this is trivial
    > to bypass
    > b) WMI needs full trust - you obviously won't get that by default - you

    would
    > have to adjust the security policy on every single client to give your

    "activex"
    > control full trust.
    >
    >
    > ---------------------------------------
    > Dominick Baier - DevelopMentor
    > http://www.leastprivilege.com
    >
    > > Hello Dominick ,
    > >
    > > I created Windows User Control which is getting MAC ID using WMI.
    > > And I
    > > am using this User control just as ActiveX control do in Internet
    > > explorer.
    > > In other words I am embedding Windows User Controls into Internet
    > > Explorer but i am facing a secuirty problem it's giving following
    > > error
    > > "System.Security.SecurityException: That assembly does not allow
    > > partially
    > > trusted callers.
    > > at
    > > System.Security.CodeAccessSecurityEngine.ThrowSecurityException("
    > > can problem be solved by providing specified permission? If yes what i
    > > have to do for this??
    > >
    > > Thanks in advance,
    > > Kausar
    > > "Dominick Baier [DevelopMentor]"
    > > <> wrote in message
    > > news:...
    > >
    > >> You can't.
    > >>
    > >> You should look into certificate based authentication - this would
    > >> allow for scenarios where only owners of a valid cert are allowed
    > >> access to your application - and you could utilize external hardware
    > >> like smart cards.
    > >>
    > >> ---------------------------------------
    > >> Dominick Baier - DevelopMentor
    > >> http://www.leastprivilege.com
    > >>> Hello All,
    > >>>
    > >>> I'm working on an ASP.NET application where I need for
    > >>> only a
    > >>> few machines (machines accessing the site will have fixed public IP)
    > >>> to be
    > >>> able to have access to the website. It should check some hardware
    > >>> components
    > >>> of PC to give access to the website. It should also give access to
    > >>> users
    > >>> having dynamic IP address, for all such users their Hardware
    > >>> fingerprint of
    > >>> predefined desktops and laptops should be checked before giving the
    > >>> access
    > >>> to the website.
    > >>> Can i use and check the remote machine for its MAC
    > >>> address
    > >>> and compare it with my database in ASP.NET. As per my knowledge I
    > >>> can
    > >>> get
    > >>> MAC in windows app using WMI.
    > >>> How can i get it done in ASP.NET?
    > >>> Thanks in advance,
    > >>> Kausar

    >
    >
    Kausar Parveen, May 31, 2006
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Charles A. Lackman
    Replies:
    1
    Views:
    1,340
    smith
    Dec 8, 2004
  2. SpamProof
    Replies:
    0
    Views:
    546
    SpamProof
    Oct 21, 2003
  3. Magnus Blomberg

    Simple website with open and restricted area

    Magnus Blomberg, Feb 20, 2006, in forum: ASP .Net
    Replies:
    0
    Views:
    2,015
    Magnus Blomberg
    Feb 20, 2006
  4. Tony Johansson
    Replies:
    2
    Views:
    329
    Victor Bazarov
    Aug 16, 2005
  5. Magnus Blomberg

    Simple website with open and restricted area

    Magnus Blomberg, Feb 20, 2006, in forum: ASP .Net Security
    Replies:
    2
    Views:
    167
    Henning Krause [MVP]
    Feb 21, 2006
Loading...

Share This Page