C# MVC Identity - Authenticating a “Kiosk User”

Question

I've got a C# MVC application using Identity. I'm trying to find a solution to authenticate a Kiosk User:

• normal users login using their credentials; be it local, FB, Google etc, from their home computer, phone or whatever
• a particular computer however needs to be always logged in - even after the web server/application rebooted, the kiosk computer restarted etc. (well, at least after the server/kiosk computer is back and the kiosk computer returns to the application website, the computer needs to be logged in as that kiosk user again)

My simplest idea was to create a user role Kiosk that would be disallowed from logging out; however that doesn't solve the login problem unless I "remember" the kiosk user by a crazy-long-expiry-date cookie.

It also doesn't necessarily stop anyone from simply deleting the cookie (although I could live with that, the kiosk computer is in a monitored environment).

Identification by IP is not possible.

I'm looking for ideas on how I might be able to accomplish this. What pieces of software, or a certificate, or something could I install on that computer that'd allow me to check it is that one in my application?

Thanks for any suggestion that you might have.

Answer 1

This is commonly done with a persistent cookie as you describe, in the case of a web app. You could set the login cookie expiration to some long term date such as 1 year, 5 years or whatever makes sense. You can do this based on a role the user is a member of, user name, or some other identifier. I have done this before and I usually add a new option of some kind to hide the logout button/menu option.

Other options would be:

• Client Certificate based authentication with IIS
• Window Authentication if the machine is an AD member.
• Special URL that is kiosk specific that signs the user in from a link/bookmark/button/whatever (this might just be a variation of the long term cookie option bypassing the password login)