Solved

Web-Based Application device detection / security

Posted on 2014-02-12
7
174 Views
Last Modified: 2014-02-25
I have an ASP.NET(VB.NET) application we restrict users to Internet explorer due to the use of ActiveX.  ActiveX allows us to check a tag on the computer which we use to allow access to the system and it is necessary on some situations to interact with hardware. We recently redeveloped the app to be more responsive only to find out that a whole bunch of our clients are still running XP which will not allow an IE upgrade past IE 8 so our new responsive design will not render correctly due to the lack of support for HTML5.  

Most of our hardware vendors have redeveloped or have new technologies or updated SDK's that will allow our users to interface with the necessary hardware (in most cases) via Chrome for instance. Where this poses an issue for us is we still want to restrict access to computers that have been authorized.

With that said my question is;
 
Is there a way to tag a machine by installing or placing some sort of tag that can be read from any browser so that we can specifically identify computers allowed to access our system and is browser independent. The ideal scenario would be to allow access to the local machine (maybe through some sort of install or java applet) to uniquely identify it and post back to our database that it is authorized to access their instance of our application? I don't have a budget for token based authentication nor do I want to manage client/server certificates.

Thank you in advance for any input
0
Comment
Question by:jonesy_33
  • 4
  • 2
7 Comments
 
LVL 2

Expert Comment

by:DualCool
Comment Utility
Why are you so worried about security when you aren't worried about having a browser certificate?

**I sincerely hope you aren't storing any sensitive data on the system you are building.
0
 

Author Comment

by:jonesy_33
Comment Utility
I am using SSL certificate, but not client side certificates
0
 
LVL 2

Expert Comment

by:CubeOver
Comment Utility
Non-exportable Computer certificates seem to be the answer to your worries.
There is nothing to manage - you can enforce enrollment via a GPO.

Or, are you omitting that these clients are NOT connected to Active Directory you can control?

If these are standalone oddball machines, you may look at something like CPUID functions - sorry I don't know how to access those from ActiveX.

I still think that manual certificate management is easier. Just be sure your issuing system has a certificate expiry reminder feature.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 

Author Comment

by:jonesy_33
Comment Utility
They are of the standalone oddball variety I will have to look into the CPUID functions, but the goal here is to get away from ActiveX, maybe using Java Applets. Just not sure yet
0
 
LVL 2

Expert Comment

by:CubeOver
Comment Utility
Another goal may be to get rid of obsolete OS (Windows XP)?
With Windows 7 you get the new IE and HTML5.
0
 

Accepted Solution

by:
jonesy_33 earned 0 total points
Comment Utility
I cannot force my clients to get rid of XP and 1 of my goals is to achieve browser independence. I guess I will go back to the drawing board on this one.
0
 

Author Closing Comment

by:jonesy_33
Comment Utility
There were no other valid solutions offered up by the community and since I am forced to either leave it open on accept my own post I choose the later.
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Introduction This article explores the design of a cache system that can improve the performance of a web site or web application.  The assumption is that the web site has many more “read” operations than “write” operations (this is commonly the ca…
Real-time is more about the business, not the technology. In day-to-day life, to make real-time decisions like buying or investing, business needs the latest information(e.g. Gold Rate/Stock Rate). Unlike traditional days, you need not wait for a fe…
Google currently has a new report that is in beta and coming soon to Webmaster Tool accounts. This Micro Tutorial will highlight new features for Google Webmaster Tools.
This Micro Tutorial will demonstrate how nuggets on the Web are formatted by using Chrome Developer Tools. These tools would not only view the site's CSS but it can also modify it and save the CSS to use on your own site.

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now