How can you “footprint” a specific computer behind

2019-05-15 21:06发布

问题:

I have a need to be able to identify one system from another in ASP.Net using anything available in HttpContext. I've attempted to use many of the ServerVariables available, but often the systems are configured from a drive built off of an image. So, because of the firewall their IP address is the same and all of their ServerVariables (browseragent, logonuser) are the same, I need to find something else that will tell different machines apart. Since the site is secured with formsauthentication, Windows Integrated Authentication must be turned off (otherwise i'd have access to different Logon_User values).

I'm not married to HttpContext, but it seems to me the only way to use code to retrieve identifiable user information.

EDIT/UPDATE:

@Robert Harvey provided a couple of seach links that brought up a lot of results, most of which don't fit my bill for one reason or another (although there is still a couple of great ideas in there that I hadn't thought of before). Primarily I need to be able to identify if someone has switched machines behind a firewall. So I'll provide some code structure details that will shed some light on why certain things don't work for me.

  1. Sessions/Cookies are persistent until midnight (decision made way over my head, I live with it)
  2. The authenticated user does not use a MembershipUser class. (even if it did, MembershipUser.IsOnline would offer me nothing more than a previously logged in user)
  3. Users are known to delete cookies or close browsers without logging off
  4. I need some criteria that can tell one machine from another not necessarily to prevent concurrent logins, but at least to identify them.

回答1:

Generate a guid when they login and store it in a cookie and against the user record in the database.

Compare this on each request if it doesnt match you have a concurrent login.

To be clear this cookie is a session cookie like forms authentication if they delete it they will get logged out anyway.



回答2:

This is a self-answer. I ran across Browser Spy, and while it doesn't address the specifics of how to do this, it does indicate that it is possible through a combination of these items to uniquely identify a specific system with a minimal margin of error.