某台计算机的唯一标识

发布于 2024-07-21 21:40:42 字数 283 浏览 9 评论 0原文

我有以下场景,似乎在网上找不到任何东西,或者我可能正在寻找错误的东西:

我正在开发一个基于网络的数据存储系统。 有不同的用户和不同的地方,并且只允许某些用户访问系统的某些部分。 现在,我们不希望他们从家里或使用与工作场所使用不同的计算机连接到这些部件(原因不同)。

现在我的问题是:如果有办法让工作场所电脑通过浏览器以某种方式向服务器标识自己,我该怎么做? 哦,是的,它应该是基于网络的。

我希望我解释了以便每个人都能理解。 感谢您提前回复。

... dg

i have following scenario and can't seem to find anything on the net, or maybe i am looking for the wrong thing:

i am working on a webbased data storage system. there are different users and different places and only certain users are allowed to access certain parts of the system. now, we do not want them to connect to these parts from at home or with a different computer than they are using at their work-place (there are different reasons for that).

now my question is: if there is a way to have the work-place-pc identify itself to the server in some way over the browser, how can i do that?
oh and yes, it is supposed to be webbased.

i hope i explained it so everyone understands.
thnx for your replies in advance.

... dg

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(5

躲猫猫 2024-07-28 21:40:42

我同意 Lenni 的观点...如果 IP 地址是静态的或者 DHCP 服务器始终将相同的 IP 地址分配给同一台计算机,那么 IP 地址是一个可能的解决方案。

或者,您也可以考虑通过“个人证书”进行身份验证……这就是它们在 Firefox 中所提到的,不知道这是否是标准名称。 (显然我以前没有使用过这些。)

基本上,它们是安装在客户端(用户)计算机上的 SSL 或 PKI 证书,用于将机器识别为它所说的机器 -也就是说,如果用户尝试从没有证书或没有您允许的证书的计算机进行连接,您将拒绝他们。

我不知道这方面的问题...对于同一用户来说,从一台计算机上取下证书并使用正确的密码将其安装到另一台计算机上可能相对容易(即它验证了用户),或者它可能以某种方式专门针对该机器(即它对机器进行身份验证)。 快速的谷歌搜索并没有找到任何明显的“如何”说明来说明它是如何工作的,但它可能值得研究一下。

---劳伦斯

I agree with Lenni... IP address is a possible solution if they are static or the DHCP server consistently assigns the same IP address to the same machine.

Alternatively, you might also consider authentication via "personal certificates" ... that's what they are referred to in Firefox, don't know it that's the standard name or not. (Obviously I haven't worked with these before.)

Basically they are SSL or PKI certificates that are installed on the client (user's) machine that identify that machine as being the machine it says it is -- that is, if the user tries to connect from a machine that doesn't have a certificate or doesn't have a certificate that you allow, you would deny them.

I don't know the issues around this ... it might be relatively easy for the same user to take the certificate off one computer and install it on another one with the correct password (i.e. it authenticates the user), or it might be keyed specifically to that machine somehow (i.e. it authenticates the machine). And a quick google search didn't turn up any obvious "how to" instructions on how it all works, but it might be worth looking into.

---Lawrence

缘字诀 2024-07-28 21:40:42

由于您要基于 Web,您可以:

检查远程主机的 IP 地址(将其与已知的内部子网等进行比较)

在身份验证过程中,您可以 ping 远程 IP 并查看返回数据包的 TTL,如果它太低了,那么计算机不能来自本地网络。 (当然这可以被打破,但这只是多一件事)

如果您通过 IIS 执行此操作,那么您可以集成到 SSO(如果可以的话,可能是最好的)

Since you're going web based you can:

Examine the remote host's IP Address (compare it against known internal subnets, etc)

During the authentication process, you can ping the remote IP and take a look at the TTL on the returned packets, if it's too low, then the computer can't be from the local network. (of course this can be broken, but it's just 1 more thing)

If you're doing it over IIS, then you can integrate into SSO (probably the best if you can do it)

谁的新欢旧爱 2024-07-28 21:40:42

如果它应该是基于网络的(我的意思是网络服务器应该能够唯一地识别用户的机器),那么你的选择是有限的:本身,你无法从浏览器的标头或请求正文中获取任何内容这使您可以识别机器。 我认为这是设计使然,因为存在明显的隐私问题。

不过,还有一些选择,但没有一个是轻松的:您可以使用 ActiveX 控件,但它只能在 Windows 上运行(我认为并非在所有浏览器上运行)并且需要提升的权限。 您可以想到 Firefox 插件(显然仅限 Firefox)。 无论如何,普通浏览器否则将无法识别。

If it's supposed to be web-based (and by that I mean that the web server should be able to uniquely identify the user's machine), then you choices are limited: per se, there's nothing you can obtain from the browser's headers or request body that allows you to identify the machine. I suppose this is by design, due to the obvious privacy implications.

There are choices though, none of which pain-free: you could use an ActiveX control, which however only runs on Windows (and not on all browsers I think) and requires elevated privileges. You could think of a Firefox plug-in (obviously Firefox only). At any rate, a plain-vanilla browser will otherwise escape identification.

疾风者 2024-07-28 21:40:42

对此只有少数真正的解决方案。 这里有几个:

  1. 使用域身份验证,并禁止通过 VPN 连接的用户。
  2. 使用已知的 IP 范围来允许或禁止访问。

There are only a few of REAL solutions to this. Here are a couple:

  1. Use domain authentication, and disallow users who are connecting over a VPN.
  2. Use known IP ranges to allow or disallow access.
前事休说 2024-07-28 21:40:42

IP地址。 不是防弹安全,而是一个开始。

IP address. Not bombproof security but a start.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文