?
Solved

Web-Based Application device detection / security

Posted on 2014-02-12
7
Medium Priority
?
182 Views
Last Modified: 2014-02-25
I have an ASP.NET(VB.NET) application we restrict users to Internet explorer due to the use of ActiveX.  ActiveX allows us to check a tag on the computer which we use to allow access to the system and it is necessary on some situations to interact with hardware. We recently redeveloped the app to be more responsive only to find out that a whole bunch of our clients are still running XP which will not allow an IE upgrade past IE 8 so our new responsive design will not render correctly due to the lack of support for HTML5.  

Most of our hardware vendors have redeveloped or have new technologies or updated SDK's that will allow our users to interface with the necessary hardware (in most cases) via Chrome for instance. Where this poses an issue for us is we still want to restrict access to computers that have been authorized.

With that said my question is;
 
Is there a way to tag a machine by installing or placing some sort of tag that can be read from any browser so that we can specifically identify computers allowed to access our system and is browser independent. The ideal scenario would be to allow access to the local machine (maybe through some sort of install or java applet) to uniquely identify it and post back to our database that it is authorized to access their instance of our application? I don't have a budget for token based authentication nor do I want to manage client/server certificates.

Thank you in advance for any input
0
Comment
Question by:jonesy_33
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
7 Comments
 
LVL 2

Expert Comment

by:DualCool
ID: 39854872
Why are you so worried about security when you aren't worried about having a browser certificate?

**I sincerely hope you aren't storing any sensitive data on the system you are building.
0
 

Author Comment

by:jonesy_33
ID: 39854920
I am using SSL certificate, but not client side certificates
0
 
LVL 2

Expert Comment

by:CubeOver
ID: 39858101
Non-exportable Computer certificates seem to be the answer to your worries.
There is nothing to manage - you can enforce enrollment via a GPO.

Or, are you omitting that these clients are NOT connected to Active Directory you can control?

If these are standalone oddball machines, you may look at something like CPUID functions - sorry I don't know how to access those from ActiveX.

I still think that manual certificate management is easier. Just be sure your issuing system has a certificate expiry reminder feature.
0
Simple, centralized multimedia control

Watch and learn to see how ATEN provided an easy and effective way for three jointly-owned pubs to control the 60 televisions located across their three venues utilizing the ATEN Control System, Modular Matrix Switch and HDBaseT extenders.

 

Author Comment

by:jonesy_33
ID: 39860428
They are of the standalone oddball variety I will have to look into the CPUID functions, but the goal here is to get away from ActiveX, maybe using Java Applets. Just not sure yet
0
 
LVL 2

Expert Comment

by:CubeOver
ID: 39860643
Another goal may be to get rid of obsolete OS (Windows XP)?
With Windows 7 you get the new IE and HTML5.
0
 

Accepted Solution

by:
jonesy_33 earned 0 total points
ID: 39874804
I cannot force my clients to get rid of XP and 1 of my goals is to achieve browser independence. I guess I will go back to the drawing board on this one.
0
 

Author Closing Comment

by:jonesy_33
ID: 39885107
There were no other valid solutions offered up by the community and since I am forced to either leave it open on accept my own post I choose the later.
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In threads here at EE, each comment has a unique Identifier (ID). It is easy to get the full path for an ID via the right-click context menu. However, we often want to post a short link within a thread rather than the full link. This article shows a…
Ever visit a website where you spotted a really cool looking Font, yet couldn't figure out which font family it belonged to, or how to get a copy of it for your own use? This article explains the process of doing exactly that, as well as showing how…
Google currently has a new report that is in beta and coming soon to Webmaster Tool accounts. This Micro Tutorial will highlight new features for Google Webmaster Tools.
This Micro Tutorial will demonstrate how nuggets on the Web are formatted by using Chrome Developer Tools. These tools would not only view the site's CSS but it can also modify it and save the CSS to use on your own site.
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question