0

I have a website where I want to verify a user owns an address. There will be no purchases on this site. I just need to drop the address into a file and know the user owns it. I looked at How to verify MetaMask account holder is the real owner of the address?, amongst other similar articles. They all rely on the JS API. A malicious user can overwrite ethereum or web3 in the browser to trigger my callbacks that are listening to what I'd expect from MetaMask. Then I'd say they own this address. I took a look Verifying if a user actually owns the address which made me realize there may be a backend way to solve this, but I don't use .NET.

Is there a way to use metamask in conjunction with a backend that can verify the user owns the address? Is Nethereum the standard answer and/or is there a similar library for Nodejs or any other languages? I saw https://www.npmjs.com/package/nethereum-codegen, but honestly don't understand what I am looking at.

Dave Stein
  • 71
  • 5
  • 2
    the only way to know if the user owns an account is to ask for a signature on a message (any message, not necesarily a tx) , so you will have to force user to pop up a window and sign it – Nulik Aug 16 '21 at 15:54
  • @Nulik but is there a writeup / good article somewhere about how to get that sign to a server to validate? Only being in browser isn't good validation. – Dave Stein Aug 16 '21 at 16:45
  • Basically where do I go with this signed info to check against and decrypt properly – Dave Stein Aug 16 '21 at 17:26
  • The first linked question solves the problem from the Ethereum side, the way to validate an address is with a signed message, you can do the validation on the server side. – Ismael Aug 17 '21 at 05:02
  • I totally did not read with my eyes yesterday. Sorry about that. You are right @Ismael. – Dave Stein Aug 17 '21 at 14:50

0 Answers0