Forcing a user to access the system from a specific machine


I am currently building an application that has a webpage (to sell some stuff) and a backoffice (where sellers can change items and communicate among them).

I have been requested if I can block a user (seller’s employee) from using the backoffice on unauthorized machines (e.g. at home).

I think I can do it by building a .Net app that a seller would run on the authorized machine. The app will connect to the Internet, validate user credentials (has to be an admin), and ask for the usernames to restrict. After that it can install a service to run each hour, so it will connect to the server and send the mac address and maybe a token (both of which were saved in the server when the user was restricted). So every hour I have a request in the web page that allows me to know the mac address and the ip (sellers’ ips can change). If the restricted user comes from a different IP, I will know it.

Two questions


[*]Is there an easier way to accomplish this? (forcing a user to access the system from a specific machine). Some information on the headers? other way to get mac address or some other unique info? (without writing the .Net program)

[*]Is there any problem in the way I am trying to do it?



Can’t you just use the Accessrules() in the controller to limit access by IP?

Thanks for your answer, but my problem is that the IP changes (in this area sometimes 3 times a week), so I I am trying to avoid user intervention (forcing the admin to log from the office so the app can record the IP)