website restricted to fixed public IP or to only PC wth predefined configuration

[Kausar Parveen]

Hello All,

I'm working on an ASP.NET application where I need for only a
few machines (machines accessing the site will have fixed public IP) to be
able to have access to the website. It should check some hardware components
of PC to give access to the website. It should also give access to users
having dynamic IP address, for all such users their Hardware fingerprint of
predefined desktops and laptops should be checked before giving the access
to the website.
Can i use and check the remote machine for its MAC address
and compare it with my database in ASP.NET. As per my knowledge I can get
MAC in windows app using WMI.
How can i get it done in ASP.NET?

Thanks in advance,
Kausar

 

[Dominick Baier [DevelopMentor]]

You can't.

You should look into certificate based authentication - this would allow
for scenarios where only owners of a valid cert are allowed access to your
application - and you could utilize external hardware like smart cards.

 

[Kausar Parveen]

Hello Dominick ,

I created Windows User Control which is getting MAC ID using WMI. And I
am using this User control just as ActiveX control do in Internet explorer.
In other words I am embedding Windows User Controls into Internet
Explorer but i am facing a secuirty problem it's giving following error

"System.Security.SecurityException: That assembly does not allow partially
trusted callers.
at System.Security.CodeAccessSecurityEngine.ThrowSecurityException("

can problem be solved by providing specified permission? If yes what i have
to do for this??


Thanks in advance,
Kausar

 

[Dominick Baier [DevelopMentor]]

Hi,

well - this may not work for the following reasons:


a) you are extending the trusted subsystem to the user - this is trivial
to bypass
b) WMI needs full trust - you obviously won't get that by default - you would
have to adjust the security policy on every single client to give your "activex"
control full trust.

 

[Kausar Parveen]

Hello Dominick ,


My web page is running fine. I am getting MAC ID of client's system
using user control. Idid the required CAS,

Is this not the correct way to do this even if i have very limited
and known viewers/users for my website.
I don't want to let the people to browse my website from cybercafe.
That's why i am choosing this option coz to run my website client system
should have configured the CAS. I have know user's and known
machines where i can configure CAS,

What can be the pitfalls/implications in implementing usercontrol in
web app for getting MAC ID?

Regards
Kausar