验证用户计算机以进行网站登录
[英]Validating user computer for website login
问题描述
Here is our scenario... 
这是我们的情况...
We are developing a website with paid membership. 我们正在开发具有付费会员资格的网站。 Our client does not want our users to take one paid membership and share this details with their friends so that other can also use this website. 我们的客户不希望我们的用户获得一个付费会员资格并与他们的朋友分享此详细信息,以便其他用户也可以使用此网站。 So he wants to limit the login to the registered persons computer. 因此,他希望将登录名限制为注册人计算机。
Our client is ready to have the all users install some plugin or application after registration. 我们的客户已经准备好让所有用户在注册后安装一些插件或应用程序。 Something like a video plugin for gmail video. 类似于gmail视频的视频插件。
Ideally we want webiste login to initiate this application so that it can cross check the MAC address or some other unique information to make sure that user is logging in from a registered computer. 理想情况下,我们希望Webiste登录来启动此应用程序,以便它可以交叉检查MAC地址或其他一些唯一信息,以确保用户从注册的计算机登录。 Please let me know if this is feasible 请让我知道这是否可行
Also if you have any other suggestions to achieve this goal, please let us know about that too 另外,如果您还有其他建议可以实现此目标,请也告诉我们
Thanks in Advance 提前致谢
5 个解决方案
解决方案1
3
Forget it. 算了吧。 There is no sane way to do this without writing custom plug-ins for every browser. 如果没有为每个浏览器编写自定义插件,就没有明智的方法。 That would be an insane amount of work and a privacy nightmare to boot. 那将是一件疯狂的工作,而且会引发一场隐私噩梦。
No paid service I've ever heard does this, and there are good reasons why they don't. 我听说过没有有偿服务做到这一点,并有很好的理由,为什么他们不这样做。
That said, proprietary media services do this all the time: for example, iTunes allows its content to be played on (IIRC) 5 machines max. 也就是说,专有媒体服务一直在执行此操作:例如,iTunes允许其内容最多在(IIRC)5台计算机上播放。 And no one will give away their iTunes credentials to a friend, because you can buy stuff with them. 而且没有人会把他们的iTunes凭据泄露给朋友,因为您可以和他们一起购买东西。 Maybe your service can piggyback on iTunes or another similar service. 也许您的服务可以在iTunes或其他类似服务上搭载。 They have already invested the insane amounts of money and time necessary to build proper DRM. 他们已经投入了疯狂的金钱和时间来建立适当的DRM。
But most likely, your client needs to be told that it's an unrealistic requirement, and that they should provide their service the normal way, like everyone else does. 但是很可能需要告知您的客户这是不现实的要求,并且他们应该像其他所有人一样以正常方式提供服务。
解决方案2
2 2012-11-27 13:04:52
Actively requiring something like this of your users is a good (and darn near guaranteed) way of losing all of those users. 积极地要求您的用户这样的事情是一种很好的方式(而且几乎可以保证)失去所有这些用户。
Best you can do is check passively, logging IPs over time. 最好的办法是被动检查,随着时间的推移记录IP。 Maybe limit their login to 5 IPs in 24 hours, but then you'd also have to give exception for mobile IPs. 也许在24小时内将他们的登录限制为5个IP,但是您还必须为移动IP提供例外。
Basically, it's a nightmare; 基本上,这是一场噩梦; don't do it. 不要做
解决方案3
0 2012-11-27 13:08:25
Do you have a way for a user to login from their multiple computers/tablets/phones? 用户是否可以从多台计算机/平板电脑/电话登录? Users need to be able to register multiple devices. 用户需要能够注册多个设备。
Take a look at how Apple accounts work in iTunes. 看一下Apple帐户在iTunes中的工作方式。 They allow users to authorize up to 5 computers at a time, which means that although a user could share their account with a friend, at least it's limited to 5 people. 它们允许用户一次授权最多5台计算机,这意味着尽管用户可以与朋友共享他们的帐户,但至少限制为5个人。 On the plus side, one user could authorize their account on their home computer, work laptop, desktop, etc. 从好的方面来说,一个用户可以在家用计算机,办公笔记本电脑,台式机等上授权其帐户。
Another idea is to only allow 1 simultaneous login at a time. 另一个想法是一次只允许1个同时登录。 That way, if a user shares their account with a friend, they can't be logged in while their friend is also logged in. This is a good deterrent for people to not share their accounts. 这样,如果用户与朋友共享他们的帐户,则他们的朋友也同时登录时将无法登录。这对于人们不共享他们的帐户是一个很好的威慑力。 However, constantly re-logging in would be annoying for people who legitimately want to be logged in on multiple devices. 但是,对于希望合法地在多个设备上登录的人来说,不断重新登录会很烦人。
解决方案4
0 2012-11-27 13:10:24
For mobile users you can develop mobile APP, then you can easily control the number of users logged in with a device based on EMEI or something. 对于移动用户,您可以开发移动APP,然后可以轻松地控制基于EMEI或类似设备登录的用户数量。 for non-mobile users, easier way than plugin is providing the users with browser extensions and based on that extension, limit the number of connection to the accounts. 对于非移动用户,比插件更容易的方法是为用户提供浏览器扩展,并基于该扩展来限制与帐户的连接数。
解决方案5
0 2012-11-27 17:54:07
I would suggest using a browser cookie that holds a unique session id when a user logs in and tracking the sessions at the back end server. 我建议当用户登录并在后端服务器上跟踪会话时,使用具有唯一会话ID的浏览器cookie。 Eg 例如
User[joe@foo.com] = {
Session[1] = 1234;
}
When user joe@foo.com logs in from another device, you would have 当用户joe@foo.com从另一台设备登录时,您将拥有
User[joe@foo.com] = {
Session[1] = 1234;
Session[2] = 4567;
}
at which point you terminate Session[1] or send a message to Session[2] to log out of Session[1]. 此时,您终止会话[1]或向会话[2]发送消息以注销会话[1]。
Tracking IP or MAC addresses in not a good solution. 跟踪IP或MAC地址不是一个好的解决方案。 Since it is a web based app, the IP addresses will change if the browser is on a smartphone or the user has a dynamic IP. 由于它是基于Web的应用程序,因此如果浏览器在智能手机上或用户具有动态IP,则IP地址将更改。 IP addresses are the public facing addresses and often devices are behind routers/firewalls that do NAT. IP地址是面向公众的地址,通常设备位于进行NAT的路由器/防火墙之后。 Also, there is the possibility of tablets and other devices accessing the web app. 此外,平板电脑和其他设备也有可能访问该Web应用程序。
I think once users realize that login sessions are tracked, they learn very quickly not to do it. 我认为,一旦用户意识到登录会话得到跟踪,他们就会很快学会不这样做。
You could make this a feature so that if a user wants a multi-user account, eg a five user account, you could offer it at a slight discount and it would be a win-win for all. 您可以将此功能设为一个功能,这样,如果用户想要一个多用户帐户(例如,五个用户帐户),则可以以稍微折扣的价格提供它,这对所有人来说都是双赢的。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.