Non-standard User Identification for web application

Posted on 2011-10-14
Last Modified: 2012-05-12
I am building a mobile web CRM appication that will require users to login to our server.  We maintain an extensive user database/definition for these users who are logining in, what database they have access to, their access rights to individual tables, etc., and I need a different approach than the default methodology to track user access.

All communication after login will be via Ajax and Json, and I need to know how I can verify that each request coming from the user is coming from the original mobile device (whether it's an iPhone, iPad, Droid, etc.)

Since I'm pretty new to this, I was wondering what the IIS server, via Asp.MVC  has in the way of information that can confirm that the same user that logged in, is the same one now that is making additional requests.  Thanks for any infromation, links etc. that can guide me in the right direction!!

Question by:marketware
    LVL 9

    Accepted Solution

    Each request that comes from authenticated user comes with Session Id for that user. So IIS will know that this user has valid session and checks for if the session is still active.

    Author Comment

    OK, so once I have "authenticated" the user, I can then rely on the session ID. Can I also use it in combination with the IP address that is available, or is that overkill?  I don't want to have to check too many things on each request or it will slow down my responses.  BTW, all interaction with our server will be via SSL.

    Also, I want to use my own authentication method (We store username, password and other preferences, etc. in our SQL database), so how do I manually signal to IIS that this user is now "authenticated"?  Thanks!!

    Author Closing Comment

    Thanks.  I thought I already rewarded points to this solution, but maybe my submit didn't go through.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Threat Intelligence Starter Resources

    Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

    Summary: Persistence is the capability of an application to store the state of objects and recover it when necessary. This article compares the two common types of serialization in aspects of data access, readability, and runtime cost. A ready-to…
    Problem Hi all,    While many today have fast Internet connection, there are many still who do not, or are connecting through devices with a slower connect, so light web pages and fast load times are still popular.    If your ASP.NET page …
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
    Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    11 Experts available now in Live!

    Get 1:1 Help Now