I have two websites (one asp classic and the other asp.net) which we would like to implement some kind of security based on the client’s hardware. We want something other than a password which could be shared. The purpose is to be sure access to information on the websites is not shared.
We were contrmplating storing hardware info in our database and validating against that upun website entry.
I have been looking into ActiveX (it would be acceptable to limit our users to IE), although we do have users who would like to use I-Phones. I have done no ActiveX development myself but have found a few articles on the web about ActiveX but that whole approach looks complicated. And also there seems to be a 64bit issue making it even more difficult.
So, I wonder if anybody has any advice as to what the best options might be for securing the website access in a way that would prevent sharing?
I wonder if client side certificate authorization would help? I have not looked into these yet so will research those.
Thank you for any input.
Jim
If you’re looking for really high security, you can perhaps use an RSA SecurID.
I have a website which I connect to via a little dongle which generates a random key every 60 seconds, combined with a 4 digit pin of my choice.
Sharing it between users could still be possible, but less likely since the key changes all the time. They would need to communicate in person or via phone/chat to share the key..