您如何才能“足迹"化?使用HttpContext在防火墙后面的特定计算机? [英] How can you "footprint" a specific computer behind a firewall using HttpContext?

问题描述

我需要能够使用HttpContext中可用的任何内容从ASP.Net中的另一个系统中识别一个系统.我曾尝试使用许多可用的ServerVariable，但通常是通过从映像构建的驱动器来配置系统的.因此，由于防火墙的IP地址是相同的，并且它们的所有ServerVariables(浏览器代理，logonuser)都是相同的，因此我需要找到其他东西来区分不同的计算机.由于该站点已通过Formsauthentication保护，因此必须关闭Windows Integrated Authentication(否则，我将有权访问其他Logon_User值).

I have a need to be able to identify one system from another in ASP.Net using anything available in HttpContext. I've attempted to use many of the ServerVariables available, but often the systems are configured from a drive built off of an image. So, because of the firewall their IP address is the same and all of their ServerVariables (browseragent, logonuser) are the same, I need to find something else that will tell different machines apart. Since the site is secured with formsauthentication, Windows Integrated Authentication must be turned off (otherwise i'd have access to different Logon_User values).

我还没有嫁给HttpContext，但是在我看来，这是使用代码检索可识别的用户信息的唯一方法.

I'm not married to HttpContext, but it seems to me the only way to use code to retrieve identifiable user information.

编辑/更新:

@Robert Harvey提供了两个搜索链接，这些搜索链接带来了很多结果，其中大多数由于一个或另一个原因与我的要求不符(尽管那里还有一些我没有的好主意)没想到过).首先，我需要能够确定是否有人将计算机切换到了防火墙之后.因此，我将提供一些代码结构细节，以阐明为什么某些事情对我不起作用的原因.

@Robert Harvey provided a couple of seach links that brought up a lot of results, most of which don't fit my bill for one reason or another (although there is still a couple of great ideas in there that I hadn't thought of before). Primarily I need to be able to identify if someone has switched machines behind a firewall. So I'll provide some code structure details that will shed some light on why certain things don't work for me.

1. 会话/Cookie是持久性的 直到午夜(决定的方式 在我头上，我忍受了它
2. 经过身份验证的用户未使用 MembershipUser类. (即使 做到了，MembershipUser.IsOnline将 只给我一个 以前登录的用户)
3. 用户是 已知删除Cookie或关闭 浏览器而无需注销
4. 我需要 一些可以告诉一个人的标准 从另一台机器不一定 防止并发登录，但在 至少不能识别它们.

1. Sessions/Cookies are persistent until midnight (decision made way over my head, I live with it)
2. The authenticated user does not use a MembershipUser class. (even if it did, MembershipUser.IsOnline would offer me nothing more than a previously logged in user)
3. Users are known to delete cookies or close browsers without logging off
4. I need some criteria that can tell one machine from another not necessarily to prevent concurrent logins, but at least to identify them.

推荐答案

这是一个自我答案.我遇到了浏览器间谍，虽然它没有说明如何执行此操作的细节，但它确实表明通过结合使用这些项，可以以最小的误差幅度唯一地标识特定系统.

This is a self-answer. I ran across Browser Spy, and while it doesn't address the specifics of how to do this, it does indicate that it is possible through a combination of these items to uniquely identify a specific system with a minimal margin of error.

这篇关于您如何才能“足迹"化?使用HttpContext在防火墙后面的特定计算机?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！