I have a WPF client with an ASP.NET Web API server. I would like to generate a unique key for any particular Windows User that uses the client, so that the Web API can block multiple login attempts from that user. I first considered just using:
Environment.UserDomainName + "\" + Environment.UserName
but that could be the same for numerous users. I don't want to include machine name, because I want to track that user whatever machine they are using. How can I make a unique key for the one specific Windows User using the client app under that the UserDomainName + "\" + Environment.UserName combo, no matter on which machine they are using it?
NB: The key should be proofed against change by the user, so that a user changing their key to prevent being locked out would make it invalid. There is no local database, so at the moment the key is stored in a user settings file in the user's home directory. However, it doesn't matter where the file is stored, any admin on their machine can access it, and as home users, they will often be admins themselves.
You could use the GUID system, and something like:
key = Guid.NewGuid() + "\\" + Environment.UserDomainName + "\\" + Environment.UserName;
One problem is that there is a really small chance that the same GUID will be regenerated, to prevent this you could store all your 'used' GUID in a list/dictionary and regenerate one on any duplication.