https://stackoverflow.com/questions/18830558
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianWith IP and Port Number (I hope it is not a suitable solution Because change of IP is easy)
IP and Port Number doesn't work. If a user is behind a route with local IP address, same IP address will be sharing with other users.
Validate with some Vendor Id or Org Id (i thought it is also not an optimal solution).
I don't know about that.
I am thinking it is possible with machine key. How to get Machine key with Request?
Do you mean mac address? Get the MAC of ASP.NET website user
Solution
The first thing I'll try is to set cookieless="AutoDetect". If it doesn't work, then I'll find alternative solution.
<forms cookieless="AutoDetect" ... />
It basically embedded SessionID in url if a user doesn't support cookie.
Update 9/14/2013
so problem is when he have that token he can raise further request from any machine with that token. i want to restrict the token for single machine. so any idea how to restrict it?
User can copy his AuthenticationToken, and browses your site with same AuthenticationToken from other browsers. Why he want to do that although he can? It is like he sneaks into his own house although he has a key.
By default, AuthenticationToken can only be accessible from same browser from same domain (unless you modify it). As long as you are using HTTPS, AuthenticationToken cannot be hiked jack easily (unless the user's computer is hacked). It is not worth spending times restricting AuthenticationToken by IP.
