Click here to Skip to main content
15,897,718 members
Search within:


Authenticate a mobile device when its visiting a website without using any other applications
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
C#
ASP.NET
WebAPI
We have a client requirement to authenticate a Mobile device whenever it accesses a specific URL, Since this is a rarely used functionality so this was decided to be done in Website only, The website would be based on ASP.net/Web API for further calls

So kindly help me with the below questions with respect to the Authentication of a Mobile Device when accessing a Specific URL,

1) Do we have any way which can be used to authenticate a mobile device based on its unique identification?
2) But based on our analysis it is considered as a security risk to obtain data like IMEI , IMSI, MSISDN or Phone Number etc? Also efforts to extract those data on website access also failed, So do we have any other unique data which can be used as an authentication parameter?
3) If none of the above is feasible , Kindly suggest us any Ideas where a specific mobile device can be authenticated whenever it accesses a URL without any User Login or One Time Password or Flash Call authentication?
4) The URL being accessed will be provided to the user using a 3rd Party SMS service Provider, is there any data in SMS provider that can be leveraged for the specific authentication?

Thanks,
B
Posted
Add a Solution
Comments
Nathan Minier 13-Oct-15 11:21am    
Is there a way to exchange a shared secret out-of-band, before the first request is ever made?
Bala1313 14-Oct-15 1:24am    
Sorry I'm not getting it, Can you please shed more light on the secret out-of-band before request thing?
Nathan Minier 14-Oct-15 7:16am    
Sure. A shared secret is generally a password or encryption key, it's a way of providing an authentication factor. You could target specific device GUIDs or phone numbers if you were installing software onto the device, but since you inferred that the browser was the only software (I assume that's what you mean by "Website only") you're stuck with JavaScript, which does not have reliable solutions for that.

Out-of-band just means that the message (the shared secret in this place) can be communicated through a different medium than the one that you're trying to secure.

In this context, what I'm saying is that the best thing you could do is install a certificate containing a private key onto the mobile device before the web application is ever accessed. This, unfortunately, requires PKI, and I don't know if your organization has a management infrastructure for that (a CA, key store, etc).

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month
Related Questions
After installing microsoft.aspnet.friendlyurls to hide .aspx from URL, the website is showing 500 internal server error only on mobile devices, but it works fine on the desktop.
How to pair with device with authentication off
Azure AD authentication in ASP.NET web forms
Client Application Authentication
Copied website no longer authenticates user.
Azure AD authentication in ASP.NET web forms using OWIN
mobile device application using android
Creating a system of devices used for data input, manipulation and interaction with online website/s
Re authentication and create session without going through the login page
Bluetooth connection with android mobile device and BLE peripheral device

Advertise
Privacy
Cookies
Terms of Use
Last Updated 13 Oct 2015
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web01 2.8:2024-04-02:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900