We are building a client server based application where clients are win 7/8 desktops connecting to a server on the internet to exchange data. This exchange can be the client needing to check some settings and mostly to send some data.
At the moment, we are using curl to send the data to a php app over https.
The problem is as follows.
We want to get some unique information from the client so that we can confirm it's authentication now and then. This means that the client should send something like its GUID and/or system serial number.
Wondering if it would be possible to read a windows GUID, and/or it's system serial number and/or it's MAC address from a web page? If so, we would have the user connect to a support page when ever needed so that we can verify some information including the above.
-Not exclusive to IE, meaning, firefox for example could work as well
-Not dependent on a browser extension
-User could agree or prevent the action
The second part of this question is about credentials. At the moment, we are using a name/password being sent over https using curl. The connection is also using a cert at both ends. However, managing certs is becoming a bit of a nightmare and much of what I have read on the internet says instead of using name/passwords, use certificates.
Therefore, I am trying to understand how we might be able to change our authentication method to use certificates, perhaps, instead of name/pass?
Another problem that we are having is that someone could copy the software running on one desktop to another desktop and we need to prevent this from happening so need some way of preventing this.
Not really sure how others deal with such issues so thought I would ask the pros.