How can I check if it is the same user in ASP.NET?

Question

This question is not related to ASP.NET specifically, but more web applications in general.

I am building a web application wherein I am registering a user. As of now I am taking in very basic credentials like First Name, Last Name, etc of the user. In this website I am giving some information for free for any user who has just registered so that the user finds my website authentic and that it is not a fake website. After that, to get more information, the user has to pay.

The information my site provides will get obsolete after sometime. So, when a new user registers, he/she will get the new information that gets updated; but the old users have to pay to get the same new information.

My problem here is once the information gets obsolete the same person can re-register with a different set of credentials and get the new information. I want to avoid this from happening.

So my question here is this: what information should I request from the user, or extract from the user, to check that the same user is not re-registering? Or any other way to make this possible.

I am thinking of getting the IP address of the machine from which the person is registering and use it to check. But the user can use a different machine to re-register.

I am completely lost here and not getting the solution. I even checked on the Internet but could not find an answer.

Please let me know if you need any further information from my side.

Answer 1

You will not find a technical way to prevent users from registering multiple times. They can simply use another device, IP, another email account and different credentials.

What you can do is asking them to send you hard to fake "offline" information, like a credit card number or a photo of the ID. Some users may still be able to register multiple times this way, but probably not indefinitly. You will however lose many possible clients this way who are unwilling to provide such information for a test account, so this is likely not the solution you want.

My advice would be one of the following two:

• Limit the information/service you give out to free users, so that even if they register again they will gain something when they pay.
• Try to bind them to their account in a way where they would lose something if they threw it away. This may for example be providing user rewards for activity (real or virtual) or increasing their experience based on their history. Take SO for example: If you registered again, you would lose all your reputation. The users will think twice if this is worth the new content.

Answer 2

After reading all of the above, i think a good solution could be to let the user identify himself through facebook or linkedin. Few people will have a second account.

Answer 3

I think you cannot put any users like that because every thing can be duplicate

There are some ways for which the user must have payment mode or identity details like passport or it is windows application you can have finger scanner it will be definitely Unique..

Answer 4

You can do this (with limitations) with the use of cookies. Setting a cookie on the users device will allow you to determine who the visitor is and that they have already registered.

The limitations are that cookies can be deleted or blocked and are only valid for that specific user agent - the user could use a different device or a different browser on the same device. A lot of people don't really know about cookies though and how to delete them.

By tying this technique with a requirement to provide a valid email address you can make it a hassle for somebody to register more than once as they will have to create a new email account and then delete their cookies.

Whether this will stop enough people depends on your site and your requirements - if you're giving money away then this technique is not nearly good enough. If you just want to discourage the practice of multiple accounts it may be enough.