如何才能“留下足迹”呢?使用 HttpContext 的防火墙后面的特定计算机?

发布于 2024-09-09 11:02:07 字数 718 浏览 8 评论 0原文

我需要能够使用 HttpContext 中可用的任何内容在 ASP.Net 中识别一个系统与另一个系统。我尝试使用许多可用的 ServerVariables,但系统通常是通过基于映像构建的驱动器进行配置的。因此,由于防火墙的原因,它们的 IP 地址是相同的,并且它们的所有 ServerVariables(浏览器代理、登录用户)都是相同的,我需要找到其他东西来区分不同的机器。由于该站点通过表单身份验证进行保护,因此必须关闭 Windows 集成身份验证(否则我将有权访问不同的 Logon_User 值)。

我没有与 HttpContext 结婚,但在我看来,这是使用代码检索可识别用户信息的唯一方法。

编辑/更新:

@Robert Harvey 提供了几个搜索链接,这些链接带来了很多结果,其中大多数由于某种原因不符合我的要求(尽管其中仍然有一些我没有想到的好主意)之前没想到)。主要是我需要能够识别是否有人在防火墙后面切换了机器。因此,我将提供一些代码结构细节,这些细节将阐明为什么某些事情对我不起作用。

  1. 会话/Cookie 是持久的 直到午夜(决定让路 在我的头上,我忍受它)经过
  2. 身份验证的用户不使用 会员用户类。 (即使它 做了,MembershipUser.IsOnline 会 给我的只是一个 先前登录的用户)
  3. 用户是 已知删除 cookie 或关闭 无需注销的浏览器
  4. 我需要 一些可以告诉我们的标准 不一定是另一台机器 以防止并发登录,但在 至少要识别他们。

I have a need to be able to identify one system from another in ASP.Net using anything available in HttpContext. I've attempted to use many of the ServerVariables available, but often the systems are configured from a drive built off of an image. So, because of the firewall their IP address is the same and all of their ServerVariables (browseragent, logonuser) are the same, I need to find something else that will tell different machines apart. Since the site is secured with formsauthentication, Windows Integrated Authentication must be turned off (otherwise i'd have access to different Logon_User values).

I'm not married to HttpContext, but it seems to me the only way to use code to retrieve identifiable user information.

EDIT/UPDATE:

@Robert Harvey provided a couple of seach links that brought up a lot of results, most of which don't fit my bill for one reason or another (although there is still a couple of great ideas in there that I hadn't thought of before). Primarily I need to be able to identify if someone has switched machines behind a firewall. So I'll provide some code structure details that will shed some light on why certain things don't work for me.

  1. Sessions/Cookies are persistent
    until midnight (decision made way
    over my head, I live with it)
  2. The authenticated user does not use a
    MembershipUser class. (even if it
    did, MembershipUser.IsOnline would
    offer me nothing more than a
    previously logged in user)
  3. Users are
    known to delete cookies or close
    browsers without logging off
  4. I need
    some criteria that can tell one
    machine from another not necessarily
    to prevent concurrent logins, but at
    least to identify them.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

薄荷梦 2024-09-16 11:02:07

当他们登录时生成一个 guid,并将其存储在 cookie 中并对照数据库中的用户记录。

如果与您的并发登录不匹配,请在每个请求上进行比较。

需要明确的是,这个cookie是一个会话cookie,就像表单身份验证一样,如果他们删除它,他们无论如何都会被注销。

Generate a guid when they login and store it in a cookie and against the user record in the database.

Compare this on each request if it doesnt match you have a concurrent login.

To be clear this cookie is a session cookie like forms authentication if they delete it they will get logged out anyway.

远山浅 2024-09-16 11:02:07

这是一个自我回答。我遇到了浏览器间谍,虽然它没有说明如何执行此操作的具体细节,但它确实表明通过这些项目的组合,可以以最小的误差范围唯一地识别特定的系统。

This is a self-answer. I ran across Browser Spy, and while it doesn't address the specifics of how to do this, it does indicate that it is possible through a combination of these items to uniquely identify a specific system with a minimal margin of error.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文