Hi, i try to make my app more secure.
The user should not be able to login when he is not on his own pc or in the known lan (when he tries to connect from outside of his company)
After the user confirms an email, which is sent to his own mailaddress, he should be able.
So, first time the user is doing logon to the web-app the app stores some information of his client-machine.
Until now i did it by storing his:
local ip-address (from Application.ServerVariables(“REMOTE_HOST”))
and the Application.ClientFingerprint.
Next time, when the user is doing logon again, i compare the stored information with the actual values.
If the information is equally the user is allowed to logon.
If not: I send an email to the stored user-email-address with some text like “Your location has changed, you have to confirm the sent email”
and until this email is not confirmed, the user is not able to login.
I took both: ip-address and Fingerprint, because ip-address changes sometimes.
But now i recognized that the Fingerprint is changing too, i believe because it has included the session.
Can you make me any proposal how to do this?
Many thanks in advance.
Rupert
Hi Rupert
The value of Fingerprint change when the app is opened from different browsers.
If the users has more than one browsers installed on their computers, even if they are into the lan, they will get a different fingerprint
If the above is for your scenario. A suggestion is to standarized the browser used to access your app
Regards
Please login first to submit.
