Member 10506003 wrote:
Actually we are providing services to clients and client have many users so for tracking all the users we match the ip address of the client to ensure client's user is validate or not. If we only use username name and password then it not ensure the client's user is validate because all have same username and password also we have to track by which client the request is coming or and user belong to which client. After using client side certificate it didn't full fill my requirement. Anything By which we can track client's user identity.
Sorry, such considerations look ridiculous. Why? When you create a new user profile and a new person gives you the user name matching one of existing names, you show "user name already exist" message and deny account creation. This is how it's done everywhere.
Tracking the user by IP is counter-productive, because 1) the same user often changes IP (especially these days when people become more and more mobile), 2) most users use
dynamic IP addresses, so the same user can have different IP address at different time at the same location; so, at different moments of time, the same user uses different IP addresses and different users can have the same IP address.
Besides, your arguments apparently contradict your own observations and your formulation of the problem. It looks like you fully realize what's going on and only are reluctant to accept it.
—SA