Originally Posted by ess
Very interesting observation there. What if the website is hosted on a system that does not support Active Directory?
I am assuming that there is some authentication already required to access the network whether that be a domain controller or simple NTLM/workgroup authentication, and if so then it may make sense to make use of that.
If not then you still have the issue that mac addresses are not reliable because 1) they can be faked & 2) Dave and Sue as noted above.
Edit: and 3) the initial problem of getting the mac address in the first place