Suggestion for Secure site required

Hi

I need some advice/suggestions. Initially i have no idea where i need to post this but i think JSP would be the correct forum.

We are supposed to build a web interface that would require only specific clients to access the website. Right now theres one way to authenticate the user using a login Id and a password.

In order to restrict the access of the site we would like to provide another level of security.

I was wondering is there any way of locking the site access to a particular computer?

Are Certificates a way out?

Is there anyway to make the access non distributable even if the user name and password is known or leaked?

Any help regarding this would be appreciated

From the request you know the IP address of the client machine, or at least the IP address of the clients ISP. Depending on the circumstances it may be feasible to check that against a range of allowed addresses, and allow or deny access as appropriate.

We were initially going on with the idea of checking IP addresse, but that may not be feasible if the client would be using a dial-up.

So is there anymore solution to doing this ?

Like you already suggested, client certificates would be a way to go.

Hi

Where would be a good place for learning the basics of certificates, installing.

Thanks