Re: website restricted to fixed public IP or to only PC wth predefined configuration
- From: "Kausar Parveen" <kausar.parveen@xxxxxxxxxxxx>
- Date: Wed, 31 May 2006 11:19:10 +0530
Hello Dominick ,
My web page is running fine. I am getting MAC ID of client's system
using user control. Idid the required CAS,
Is this not the correct way to do this even if i have very limited
and known viewers/users for my website.
I don't want to let the people to browse my website from cybercafe.
That's why i am choosing this option coz to run my website client system
should have configured the CAS. I have know user's and known
machines where i can configure CAS,
What can be the pitfalls/implications in implementing usercontrol in
web app for getting MAC ID?
Regards
Kausar
"Dominick Baier [DevelopMentor]" <dbaier@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
wrote in message news:4580be6319c1428c85179c6f58470@xxxxxxxxxxxxxxxxxxxxx
Hi,would
well - this may not work for the following reasons:
a) you are extending the trusted subsystem to the user - this is trivial
to bypass
b) WMI needs full trust - you obviously won't get that by default - you
have to adjust the security policy on every single client to give your"activex"
control full trust.
---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
Hello Dominick ,
I created Windows User Control which is getting MAC ID using WMI.
And I
am using this User control just as ActiveX control do in Internet
explorer.
In other words I am embedding Windows User Controls into Internet
Explorer but i am facing a secuirty problem it's giving following
error
"System.Security.SecurityException: That assembly does not allow
partially
trusted callers.
at
System.Security.CodeAccessSecurityEngine.ThrowSecurityException("
can problem be solved by providing specified permission? If yes what i
have to do for this??
Thanks in advance,
Kausar
"Dominick Baier [DevelopMentor]"
<dbaier@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:4580be6319c0d88c85114051dcd10@xxxxxxxxxxxxxxxxxxxxx
You can't.
You should look into certificate based authentication - this would
allow for scenarios where only owners of a valid cert are allowed
access to your application - and you could utilize external hardware
like smart cards.
---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
Hello All,
I'm working on an ASP.NET application where I need for
only a
few machines (machines accessing the site will have fixed public IP)
to be
able to have access to the website. It should check some hardware
components
of PC to give access to the website. It should also give access to
users
having dynamic IP address, for all such users their Hardware
fingerprint of
predefined desktops and laptops should be checked before giving the
access
to the website.
Can i use and check the remote machine for its MAC
address
and compare it with my database in ASP.NET. As per my knowledge I
can
get
MAC in windows app using WMI.
How can i get it done in ASP.NET?
Thanks in advance,
Kausar
.
- References:
- Re: website restricted to fixed public IP or to only PC wth predefined configuration
- From: Kausar Parveen
- Re: website restricted to fixed public IP or to only PC wth predefined configuration
- From: Dominick Baier [DevelopMentor]
- Re: website restricted to fixed public IP or to only PC wth predefined configuration
- Prev by Date: Re: AspCrypt using .NET framework?
- Next by Date: Re: securing an intranet site
- Previous by thread: Re: website restricted to fixed public IP or to only PC wth predefined configuration
- Next by thread: Validation of viewstate MAC failed
- Index(es):
Relevant Pages
|
