How do I add Enhanced Security Login to my website
I am developing an ASP.NET website and wanted to add another layer of protection to my users.
When they login from a new machine then they would need to setup that new machine with my website after answering 3 security questions.
How can I do this?
开发者_如何学GoCookies? Is there any other way?
Thanks!
When they login from a new machine
You want to track users who's machines are new to your website. The only possible way you can achieve this reliably is through using cookies. If they haven't been to your site before, then they won't have passed your cookie along during the request.
Therefore if the user is missing your cookie when they first request the page (assuming this is after log on?), then get them to answer the questions. Once the questions have been passed successfully, mark this in your database with a key and check future requests for a cookie containing this key.
One option would be to track known IP addresses. You could force the user to answer the questions if the request is from an unknown IP.
Use a persistent cookie. If the persistent cookie value doesn't match something you have stored on your database, make them answer the questions, and then set a persistent cookie value.
精彩评论