Unique Client ID in C#

Question

Situation:

I'm creating some kind of website that let users comment and like on posts. There are two types of users, users with user name and password (type 1) and guest (type 2).

For type 1, data will be stored with the keys are their login credentials. By this an user can't like a content multiple times (next time, loading the page, they will see the "Unlike" button)

Type 2, I'm using IP for differentiate between users. But, IP is changeable by time (since normally, IPs are dynamic).

Notes: Needed to be implementable with C#, ASP .Net.

I can't use session variable, because it will be destroyed after closing the browser.
About cookie, cookie is nowadays so easy to be deleted, this will be my worst way for implementing (in case there is no other).

Question:

Is there any ways to generate unique id for a client (a PC/smart device), so first time if you use a PC to view the post X on page, you like it, next time (even after you close your browser) page can identify you then change button to "Unlike".

No. The packet can hit gateways, proxy servers, software designed to spoof, or ... that hides device specifics. Allow comments from anonymous users is problematic. — paparazzo, Oct 31 '15 at 18:00

score 0 · Answer 1 · answered Oct 31 '15 at 17:44

0

There is no reliable way to do this. For example, what if a user opens the site on his laptop, then his mobile, then his tablet? You cannot prevent each of those devices being registered as a different guest. The only solution is to make people log in and only allow read access to anonymous guests.

answered Oct 31 '15 at 17:44

DavidG

113,891
12
217
223

The questioner wants to implement this for a single device and is currently using IP addresses to achieve this, and is asking for a better implementation (other than session and cookies). He is not asking about multiple devices owned by a user. – Fayyaz Naqvi Oct 31 '15 at 18:11

Ege F · Answer 2 · 2015-10-31T18:15:34.463

There are two ways of handling this.

A) Get the Unique Device Identifier (UDID) and store it on your server.

B) Generate a Universally Unique Identifier (UUID) and store it on both the device and your server.

With the first method, you don't store a UUID on the device, so you both save space (bytes worth of data, but still) an the user can't change the ID without reinstalling the OS. But, it would be highly platform dependent.

With the second method, you use the System.Guid.newGuid() method and save the resulting UUID to a cookie on the browser.

Then you either read the data off the cookie or get device UDID and compare it to your database.

But, this wouldn't keep the user from accessing the website from different devices. The best method would be to ask the user to sign in (But PLEASE be careful with password security as people generally use the same password across services).

Hope I helped :)

UDID is specific to phone. And just how is a web page going to read and write to the device? — paparazzo, Oct 31 '15 at 17:53
i admit that cookie is the easiest way but as mentioned above, it could be deleted :( — Trung Nguyen, Nov 01 '15 at 04:52

Unique Client ID in C#

2 Answers2