Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

asp.net, deter unauthenticated "cancelled" users from reentering the application

Posted on 2014-12-21
4
101 Views
Last Modified: 2015-01-06
In my asp.net application, with some Webex-like features,  I have unauthenticated users who can join an interactive meeting via a URL, using an encrypted parameter that leads them to the correct meeting.  

The URL is distributed via email.   When the "participant" gets to the application and past the TOS acceptance, they enter a participant id string (name), which is verified for uniqueness (for the meeting).

I'm looking at one low-likelihood scenario where an unwanted person gets the URL and joins the meeting.

I've got a procedure that lists all the "participants" and provides a button to "remove" them.  "Remove" deletes the participant's data records and causes that participant's window (on next polling event) to redirect to a page that says "Your participation has been cancelled".  I uses window.location.replace so there's no immediate back button to get back into the session.  If they do come back into the session the next polling event (every few seconds) will redirect them out again on the basis of not finding an participant record.

Right now there's nothing preventing that person from reentering the URL and using a different participant id name.  I don't want to make separate URLs per user;  like Webex, the URLs could be emailed to anyone, and that list would be controlled external to the application.

I'm looking for suggestions on how I might prevent such users from reentering the meeting;  like IP address?

Any thoughts on this would be appreciated, including "very difficult" or "not possible".

Thanks!
0
Comment
Question by:codequest
  • 2
4 Comments
 
LVL 80

Assisted Solution

by:David Johnson, CD, MVP
David Johnson, CD, MVP earned 200 total points
ID: 40512701
IP address is not really workable as you would have to know each users ip address and this would preclude them from accessing the session from elsewhere i.e. their laptop while on the road. for members of a domain they will all most likely have the same ip address and if you block 1 then you block all.

Since you have unique meeting id's and these meeting id's can be generated in a way that they don't follow a sequence then the meeting url can be the same but the meeting id would have to match the meeting url.  It would take a lot of hit or miss attempts to join the meeting with a made up meeting id.
0
 
LVL 2

Author Comment

by:codequest
ID: 40513528
Thanks for the response.  Let me chew on that for a bit.
0
 
LVL 13

Accepted Solution

by:
AngryBinary earned 300 total points
ID: 40513652
In cases like this, I think of police tape. It doesn't actually keep anyone from physically entering any area, but it does send a message, most people abide, and you handle any outliers as they come.

I don't think there is an airtight solution for client identification without the installation of a plugin, but what may be the best imperfect option is just to set a unique cookie value for each user. Obviously not secure, as a user who has a meeting URL can still easily rejoin by clearing their cookies or switching browsers, but this would cover the most typical scenario.
0
 
LVL 2

Author Comment

by:codequest
ID: 40513682
Thanks for the input.  Police tape is a great metaphor.  Setting cookie value sounds like a good technical solution.  I'll look into that and post back when I have some better understanding.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
C# LINQ ForEach() question 6 54
asp.net web application 3 29
Where is this file? 3 25
ASP.NET Content Page 3 29
This article discusses the ASP.NET AJAX ModalPopupExtender control. In this article we will show how to use the ModalPopupExtender control, how to display/show/call the ASP.NET AJAX ModalPopupExtender control from javascript, how to show/display/cal…
International Data Corporation (IDC) prognosticates that before the current the year gets over disbursing on IT framework products to be sent in cloud environs will be $37.1B.
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…

837 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question