How to identify unique identity of device

Question

User-775831949 posted

I have asp.net site, user will pay for using my web app.
I already have login module but there may be cases where
a user after paying for id and password, may share the user id and password to another user
so the others can use it for free. Most users are mobile users but I really dont have time to built mobile apps
and web apps is more suitable to my case.

Is there way for my asp.net to minimize this chance or closing some loophole ?

No need to be bulletproof but if can block 90% of the case that is good enough.

This issue is killing me... any way to mitigate ?

Eg any way to identify who the user is on mobile device ?

pls help, thanks

Answer 1

User409696431 posted

Since a user who paid could validly log in to your site from their phone, their spouse's phone, their desktop PC, their kid's tablet, and from different locations/networks ... no, you can't reasonably prevent a paid login from being used on multiple devices, including those belonging to others since it could be a completely valid use. 

Do you have a reason to think people would really be passing their login and password to others?  (In applications I've written, different users have different data, and users would not want to give access to others, who could see and change their personal data.)

Answer 2

User283571144 posted

Hi hkbeer,

According to your description, I suggest you could try below idea.

I suggest you could use send the request to the backend every 10 seconds with client IP address and username.

Then you could store the user information with IP address and last request date inside the database.

If new user wants to login in, you could firstly check the new user's ip address and last request date.

If the date less than 10 seconds, you could block the account.

Best Regards,

Brando

Best Regards,

Brando