MAC Randomization, on Mobile Device, Getting Persistent Device ID, Over Wifi Access Points, with ASP.net, C#, WebSite

Question

User1045460610 posted

Summary
We have a Asp.net, c#, Website to allow students to check into class on their mobile device, which could be a phone or laptop computer. We use the wifi access point ID to determine if they are near their class. A third party web app that runs on our servers, opens up when the students connect to the wifi, and allows students to login and identify their device. Now that more devices are beginning to randomize the MAC Address, the students are having to constantly re-connect and verify their device on the wifi network. We are seeing the problem is mostly with ios, which is versions ios 8 to ios 12. I've read that there is real device ID that is persistent. How do we get a persistent device ID and keep track of that so we can use it instead of the randomized MAC Address?

Asp.net, c#, website
We have a campus web portal that students login for a variety of information. We have a goal to replace paper attendance rosters with automated attendance. When the instructors or students click the link for attendance they are directed to our asp.net web server attendance website. We use iis ipsecurity configured with ip addresses for wifi to determine if the students are on the wifi access point for their class. 

Authentication
The campus web portal uses a WiFi authentication page. That page uses the MAC Address to register the students device on the network. The network log shows the student number and device MAC Address. Now that many devices are using a Randomized Mac Address we don't get a persistent ID number to determine if the students are on the WiFi access point for their class. But the biggest problem is that students have to keep authenticating their device because it has a Randomized MAC Address. And, they don't want to do that.

Persistent Device ID
I think that there must be a persistent device ID in all devices or they wouldn't be able to operate in communications. How do I find out what the persistent device ID is and how to use that for authorization instead of the randomized MAC Address.

Answer 1

User475983607 posted

Aside from this question being off topic its a bit confusing.  802.11 is wireless (radio frequency) specification.  A Layer 2 device uses the device's MAC address.  Layer 2 networks broadcast messages to all the devices on the network. 

The random MAC address specification is designed to prevent MAC listeners (remember L2 is a broadcast network) from tracking devices.  This seems to be in direct conflict with your current approach.  I would start by contacting the third party app owner to see if they solved the problem.  But, it sounds like you need to find a different approach.  Perhaps craft a mobile application.