Web-Based Application device detection / security
Posted on 2014-02-12
I have an ASP.NET(VB.NET) application we restrict users to Internet explorer due to the use of ActiveX. ActiveX allows us to check a tag on the computer which we use to allow access to the system and it is necessary on some situations to interact with hardware. We recently redeveloped the app to be more responsive only to find out that a whole bunch of our clients are still running XP which will not allow an IE upgrade past IE 8 so our new responsive design will not render correctly due to the lack of support for HTML5.
Most of our hardware vendors have redeveloped or have new technologies or updated SDK's that will allow our users to interface with the necessary hardware (in most cases) via Chrome for instance. Where this poses an issue for us is we still want to restrict access to computers that have been authorized.
With that said my question is;
Is there a way to tag a machine by installing or placing some sort of tag that can be read from any browser so that we can specifically identify computers allowed to access our system and is browser independent. The ideal scenario would be to allow access to the local machine (maybe through some sort of install or java applet) to uniquely identify it and post back to our database that it is authorized to access their instance of our application? I don't have a budget for token based authentication nor do I want to manage client/server certificates.
Thank you in advance for any input