0

I have asp.net web api used by mobile app. In facebook I see notifications like "access to your account from new device". I want to implement the same. Device could be connected to different wi-fi or 3G so to use ip addrress is not good. How to define access from new device and remember it for future in "trusted devices"?

mtkachenko
  • 5,389
  • 9
  • 38
  • 68

2 Answers2

0

You could look at a combination of pieces of data to uniquely identify see EFF's website on browser fingerprinting.

But the common approach is to set a cookie and check if it is present in future visits.

Ben Hall
  • 1,353
  • 10
  • 19
  • 1
    cookies are not reliable for this and can be easily cleared, plus if your new device is a mobile app then there are no cookies anyway. – Andrei Dragotoniu Oct 25 '16 at 14:48
  • Indeed, hence some will use them combined with some other fingerprinting items (or use local storage) the OP can see if they run the test on the link given. However MAC addresses, CPU serial etc will not be accessible so cannot be used for this. – Ben Hall Oct 25 '16 at 15:29
0

You need a unique identifier for each device.

In case of a computer it could be a mac address, if it's a mobile device they each have a unique identifier you could send together with the request.

You would then keep a list of these IDs on the API side and every time a request comes in, just check if that ID is in the list you already have. If not then there it is .. new device.

Here is another discussion which could be relevant to your scenario : What is a good unique PC identifier?

Community
  • 1
  • 1
Andrei Dragotoniu
  • 6,155
  • 3
  • 18
  • 32
  • 1
    I don't think anything like MAC address will be accessible from a browser. Nowhere further than the first router hop from the client will know that. – Ben Hall Oct 25 '16 at 14:49
  • The edit with the unique identifier link doesn't help because, while these are clearly unique, they are not accessible from the Application layer / browser. – Ben Hall Oct 25 '16 at 15:31
  • I see I can generate some device id based on device settings like IMEI or pair DateTime.Now+username and send it with each request from thee app. – mtkachenko Oct 26 '16 at 11:26