Hi guys,

Is there any way to identify a computer when browsing my site? It is for a chat application, and I was wondering if it is possible to get the PCs mac address. I won't use the IP address since it may change if the user does not have an static IP address


Who is Participating?
Lee W, MVPTechnology and Business Process AdvisorCommented:
Not really... not without using some sort of ActiveX control.  You might try using cookies.
This will get a MAC address when passed a valid IP address, but most people are not comfortable running stuff like this on their servers...

Function GetMACAddress(strIP)
      Set net = Server.CreateObject("Wscript.Network")
      Set sh = Server.CreateObject("Wscript.Shell") "%comspec% /c nbtstat -A " & strIP & " >" & Server.MapPath(strIP) & ".txt",0,true
      Set sh = nothing
      Set fso = Server.Createobject("Scripting.Filesystemobject")
      Set ts = fso.opentextfile(Server.MapPath(strIP) & ".txt")
      macaddress = null
      Do While Not ts.AtEndOfStream
            data = ucase(trim(ts.readline))
            If instr(data,"MAC ADDRESS") Then
                  macaddress = trim(split(data,"=")(1))
                  Exit Do
                  macaddress = "Cannot Obtain Mac Address"
            End if
      Set ts = nothing
      fso.deletefile Server.MapPath(strIP) & ".txt"
      Set fso = nothing
      GetMACAddress = macaddress
End Function      

Just curios, what is the risk of that code on the server?  I would imagine it has something to do with allowing IUSR to access the network and write to disk.

Sounds like something that could be wrapped up into a DLL and sold for $10. :)

getMac.dll  $10 order yours today :)

Also, I think in ASP.NET there are some special accounts for performing disk access and netowkr functions from your ASPX pages without granting permissions to ISUR.  That should make it


Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

pvg1975Author Commented:
Hi peterxlane!

Same question than chisholmd. What's the risk of having that code on the server?
To be honest, I am just going based on what I have heard other users say in regards to running command line commands in your ASP code.

Once you have the permissions set correctly, this line:
<% "%comspec% /c nbtstat -A " & strIP & " >" & Server.MapPath(strIP) & ".txt",0,true

is executing that command line, so if it could be changed to:
<% "%comspec% /c delete c: >" & Server.MapPath(strIP) & ".txt",0,true

It would effectively delete the contents of the C: drive.  This is the type of example that people always mention when pointing out that this type of thing is a security issue, but what I have never understood is that if someone had access to modify your source code, then theoretically they could make it do anything.  One thing that you would obviously want to avoid is to give the user a text field and allow them to execute whatever they type in...clearly that would be a big security issue.  But since the above code is merely passing the IP address and executing a specific command, I am not really clear on how it is a security issue, other than what others have said...

Granted that does sound nasty and I am not disagreeing.  However, I would imagine that the shell is going to be running in the context of IUSR so delete C:\*.* probably wouldn't get very far.  Also, in your example your not using any user supplied parameters so you shouldn't have to worry so much about them injecting some nasty command.

In general I'd guess that granting IUSR write access so it can create the text files is probably more dangerous then simply shelling out a command (as long as there is no chance for injection).

Is someone hasn't already this should be (could be) written as an activeX dll. Maybe I'll do that tonight.

*To be clear I am not saying it is 100% safe to do anything mentioned, I am just discussing the reltive risks.

pvg1975Author Commented:
I think I will use cookies :)

Thanks guys!
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.