SAAS in place authentication

Question

SAAS in place authentication

Our company makes a web application that is evaluated for each workstation.

This means that user / password credentials should only be used from one specific machine.

Currently, it is happening that several users share credentials, and we have no way to prevent this if they do not do it at the same time.

The nature of the application is such that the user must use it from time to time, so the inability to work at the same time does not bother the users very much, and the company loses its possible income.

Currently the application is pure AJAX without flash / activeX / Java applets.

The ideal solution is to read the computer name or IP address of the client using javascript using the Shell.Network script interface.

But this is not possible due to the strict security settings in Internet Explorer. I should mention that the cross browser function does not matter, and IE is the only supported browser.

Google search I found this solution here http://www.reglos.de/myaddress/MyAddress.html , but this requires a JAVA applet, so it will not be very convenient.

Are there any other solutions for this?

+7

javascript authentication ajax ip saas

Sparcu Oct 30 '08 at 20:52

source share

5 answers

Bryan batchelder · Answer 1 · 2008-10-31T03:53:20+0000

Your licensing model does not match the delivery model. Change one of them.

Richh · Answer 2 · 2008-10-30T23:15:26+0000

Set cookie on machine with id. Receive a cookie every time a user logs in. If you see several different cookies alternating for one user, you know that something strange is happening to you.

(Of course, one switch may mean that they switched to the new computer as one.)

Alternatively, price per use, "request" or some other item.

Markr · Answer 3 · 2008-11-02T13:27:20+0000

Such abuse can probably be detected moderately efficiently using the Cookie technique proposed by RichH. At the very least, brutal violence can be detected quite easily (say, 10 licensed users, 100 real users).

But, of course, do not block the user, just follow the situation and ask your sellers to call, offering to buy more licenses.

We do the same (from the point of view of licensing and delivery), and I am sure that you have good business reasons not to change your model.

score +1 · Answer 4 · 2009-02-13T08:03:13+0000

Track sessions for each user. Do not allow multiple sessions to the same user. To do this, you will need to save the session ID in the database and check every time the user logs in.

So that users who occasionally encounter a browser crash and chat with a new session, let them log out of the previous session ... so you can kill the old session and register a new one instead.

Hope this is helpful.

Will hartung · Answer 5 · 2008-10-30T23:34:13+0000

There is no simple answer, since your clients (software) are anonymous and users are self-determined.

For IE, “block you” (I’m hardly an IE expert), but can’t I set IE settings for certain domains? You could simply make this requirement that users customize their browsers to provide excellent access to your application.

I see no reason why you cannot have certain requirements for the users browser (i.e. only IE 6/7/8, these security settings, etc.).

SAAS in place authentication

More articles: