Home/ Questions/Q 8784577
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-13T21:07:43+00:00

In brief, we have a website built in asp.net c# that we’re adding a

  • 0

In brief, we have a website built in asp.net c# that we’re adding a login area to for people to see some paid for content. There will be different levels of account, one which when logged in can download say 10 documents a day, another that can download 20 etc….

What the client has also now asked for is can they sell unlimited access to this facility to a customer, where that customer will only be able to get this unlimited access when using some specific computers.

Really don’t know if there is an elegant solution to this? I’m thinking MAC addresses must be the key, but as far as I know the c# code doesn’t have direct access to that? Have read that JavaSript will be too unreliable in it’s getting of the MAC adddress…and that writing a Java applet may be the only way.

Does anyone else have a better suggestion than this?

Any help would be greatly appreciated.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You are looking for the idea of Device Fingerprinting. Since this is a web application, you need the sub-field of Device Fingerprinting known as Browser Fingerprinting.

    It is pretty easy to get browser fingerprinting right 80% of the time, and quite hard to get it right 100% of the time.

    Have a look at Panopticlick (from the EFF) to get an idea of how it works.

    There are several commercial software providers that provide solid Browser Fingerprinting as a service.

    Although the general case is not easy, your specific case may be easier. For example, if you sell access to a company that is large enough to route all traffic through one or a few well-known IP addresses, you could just use that IP to authenticate users.

    Alternatively, or specifically if you need to allow only certain computers within a facility, you could create a browser plugin that checks hardware (like the MAC address) and makes that information available to your authentication code.

    Getting this kind of code right (in that it shows neither false positives nor false negatives, and is tolerant to changes in hardware such as a NIC upgrade) is very hard. It may be worthwhile to use a commercial browser fingerprinting company.

    • 0