1

To provide security layer on top of loading Web Application.

Scenario:

Implement a .exe file (client side) which will ask for a password -

1) If the password is correct - it will grant the access to Web Application to load on browser whenever the URL gets hit.

2) If the password is NOT correct - it will not allow the Web Application to load ever.

NOTE:

1) Running .exe and feeding password is just the one time process (except formatting the system).

2) Later the group/user only hit URL of Web Application any number of time (Loads only when he has filled the password section correctly - one time process)

3) The purpose of .exe is to provide the access of Web Appication only to those group/user who have this .exe file and have that unique password.

Please explain in detailed view. THANKS in advance.

Vishal
  • 11
  • 1

1 Answers1

0

Not a very regular use case but let me try if I can be of any help! First thing is you'll need to connect your exe's output with the web application(I assume it will be browser on the client side). Once the user launches the exe, get the input and validate them by sending a request to your server. If the credentials are correct you'll need to save a file preferably with some auth token or may be username:password pair in an encrypted form on the disk. This is required so that user can use this while accessing the application using a browser.

Now when user launches the application in a browser, ask her to chose the exe's generated file and read the details there(one time activity). Can be done using How to open a local disk file with Javascript? Once you get the details, store it in the browser's local storage so that you don't have to ask the user to do this exercise again and again.

From next access onwards, if you have those details in the local storage just pass it the server so that it can authenticate the requests. Local storage doesn't have a expiration time so this should work. However it can be cleared using other means. Besides you'll need to take of the security. I would say it's a huge risk to keep the credentials on your local disk permanently.

Anurag Sinha
  • 1,014
  • 10
  • 17
  • Perhaps instead the username:password pair, you could instead store some sort of session token? Each time the login is called after the first authentication (password), the exe just uses this token / hash along with device-specific information such as IP or hardware serials etc to authenticate. Should match up on the server and very difficult to replicate since even if you stole the token, you'd have to have perfectly identical hardware with matching serials. Since the server stores the "correct hash", it would be near impossible to breach – Horkrine Nov 19 '18 at 16:14