IP Logging on Web application

GrimStoner · Post by **GrimStoner** » 18 Feb 2008, 11:20

Hi

Scenario : A web application (ASP.Net 2.0), where a user buys login details to access said website. He has to buy a login detail for each of his... shops.

Problem : A user can buy one set of login details, and access the website from each of his shops. The whole idea is to have him, if he has for argument's sake, 3 shops, buy 3 sets of login details.

Proposed solution : IP logging. Log from which IP a username logs in each time.

However, aren't most internet users' ip's dynamic? Is it possible to limit the user's access by way of ip logging? The only other way I can limit them is to curb the content of the website by their login details, by way of roles. That, or rely on human good will.

Slasher · Post by **Slasher** » 18 Feb 2008, 11:39

Not really much you can do. In RSA IP's are dynamic, unless you pay a big fat bill for a static one. Thus, the most you can do is check that there is only 1 active connection running...

human good will is a relative joke these days. Some will honor it, most will not. Yes, I AM pessimistic, but you get the idea...

viceroy · Post by **viceroy** » 18 Feb 2008, 11:45

About the best thing to use is cookies.

To make it secure, you'd need some way to make sure that even if they copied the cookie to another PC, the login wouldn't work.

GrimStoner · Post by **GrimStoner** » 18 Feb 2008, 11:54

Hmmm... persistent cookies could work... thx...