I\'ve got a web based system where a specific site only shall be available on a

Question

I've got a web based system where a specific site only shall be available on a certain computer. On that computer I have a desktop application. The desktop application and the website communicate through a database.

For example: A user tries to use this "locked" website and therefore needs to authenticate. The website creates e.g a file on the computer that the desktop application can read. If the application can read the file it shall respond to the website that everything is ok.

Are there any good ways to verify that the user is located on the correct computer?

Explanation / Answer

One relatively easy approach to this would be to create a persistent cookie on the client's side after the first log in. The cookie should hold only the user's username and a generated key. During the next log in the server would verify the key against the same key stored in the database and if it doesn't match or the user doesn't have the cookie at all you can react in a way you want, for example some type of second level authentication etc..

This however brings up the question, what to do if the user for example clears cache or changes the browser? This should be something you take into account. Probably one of the most well known application which uses this system of authentication and verification on new computers is Steam. No cookies, but the principle is basically the same.

Related Questions

Navigate

• Browse (All)
• Browse I
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.