If we have our website deployed on server "A", and a user requests a page in this website from his machine "B". Can we get the IP Address of "B" from database server "C" which is connected to "A".
For example at the time of logging in when I authenticate my user whose credentials are stored in "C", do we have any T-SQL statement to trace the IP address of the user.
I can read the IP address using ASP.Net but I want to know if it can be done from the SQL Server itself.
I googled and which suggests using SYS.DM_EXEC_CONNECTIONS. But that is applicable when we need to get the IP Address of client connected to database.
May be it is impossible to implement what I am asking. The problem is that I am new to IT world.
I will appreciate any help or suggestion.
Thanks in advance
SQL Server doesn't know or differentiate between the different clients that connect to it. In this case, the only client SQL Server knows about is the application/scripts on your webserver (A). The actual end user B is effectively masked from SQL Server by the webserver. As far as SQL Server is concerned, the only known client is the webserver since that's the only source of connections to SQL Server.
You can get the IP from your asp.net application (as you've indicated) and pass that to SQL Server. Do remember that IPs and headers can be spoofed easily. Also, most users connect via some corporate network or ISP so the IP you get is almost certainly from a shared block used by the organization for external connections. The same user on the same computer can connect again minutes later with a completely different IP without doing anything at all.
Related
In one of my applications (ASP.NET/VB.NET), I need to read the Client Machine Name. Based on the Client Machine we trigger a Point of Sale payment device to accept the payment. On each of these systems we have a stand alone software installed which communicates to the bank using HTTP requests. I am using the following .NET code to read the Client Computer Name.
Dim name As String = String.Empty
Dim hostEntry = Dns.GetHostEntry(HttpContext.Current.Request.UserHostAddress)
If hostEntry.HostName.Contains(".") Then
name = hostEntry.HostName.Substring(0, hostEntry.HostName.IndexOf("."))
Else
name = hostEntry.HostName.Trim
End If
In the development environment, all our systems are in a domain ("xyz.com") and we don't have any issues. In the customer location they don't have a domain name setup. My above logic works well in some of the systems in the client environment and is able to make payments but in most of the systems our logic fails and is not able to read the host name. Any help will be appreciated.
Your question doesn't have the specifics required to answer your question. There are many questions that need to be answered about both environments to give a correct answer. Since I can't ask questions, I will make some assumptions which might apply to future readers of this post and be able to help them out.
I would ask a question but my profile was forked for some unknown reason and I don't have the required reputation to ask a question. That being said I will run through the list of issues I can identify off the bat and suggest solutions for the issue and hopefully one will lead you to a solution.
So...
1) You state you need to read the client machine name. However, if your application isn't running on an internal LAN (aka an intranet) you can't read client machine names period. So this could be your first problem.
2) Combining point 1 and given that you are reading the IP Address from UserHostAddress of the client to look up a DNS host name and when the host look up succeeds you are taking the first part of the name up until the first "." it should be safe to assume that this an intranet application running on a LAN in both your development environment and at the client environment. With that assumption and given the statement that all machines are given an domain of xyz.com it can be assumed that DNS in your development environment is being dynamically updated from presumably through Active Directory (AD). In such case, whenever a client machine on development network requests an IP address, presumably through AD, the DHCP server integrated with AD issues the new IP Address. When it does and the DHCP offer is acknowledged and accepted by the client AD updates DNS (which on a windows network is also AD integrated) by adding a host entry with the computer name of the client machine pointing to the IP Address. Additionally a DNS pointer, depending on configuration, can be added to AD's DNS which allows an IP Address lookup to resolve to the record (which in this case would be the Client's machine name). So with your development environment (presumably running on Windows Active Directory Domain) everything works. Addi tonally, by default the top level domain name (XYZ.COM) gets appended to the clients computer name in initial DNS requests from the client.
3) Your client is not running a domain which leaves further questions. Are they running windows? If they are running windows is it as a non-Ad environment, for example a work group. First assumption would be they are not AD integrated or otherwise you most likely wouldn't be having this problem although I can think of a few rare case scenarios where they might. However, odds are the relevant questions are What DNS server are they running and what DHCP sever are they running? Your application is trying to use a client IP Address on their network and the host name lookup based on their IP is failing so it tells me in their environment for one reason or another you can't get a host name from the IP Address of the client. Mind you if they could be on AD and configured entirely correctly their DNS server is just overwhelmed and not responding within 2 seconds causing the name lookup failure but that is the rate case. With more information I could help more.
3) Assuming in 2 that they are not on AD, do you have the ability manually code host names on the computer your application is running? For example, lets say yourapp.exe runs client-server-01 and clients connect to it. Then on client-server-01 you could add static DNS entries in the host file for each PC on the client network that you expect to connect. On the other hand if your application is running locally on the client PCs you could pass the machine name as a header in the web request and then read it from the Request.Headers variable on the server.
4) Again, making another assumption the clients are web based and your application in the client environment is being hosted on the server... Is the server on a DMZ outside the client environment? If so the client environment may likely be configured, per best practices, that the server host your web app is in a DMZ and DNS requests to the box are forwarded to the client's ISP and not back into their network that has the DNS server capable of resolving an internal IP to a client machine name. If this is the case you need to send the client machine name as a variable from your client or code local IPs to host names in the servers host file (assuming the internal network isn't behind NAT and exposes the real client machine's IP) or request that the DMZ'd server can access the internal DNS and configure the access accordingly.
....
The list really goes on and on but I think I highlighted the problems for 99% of the situations and provided answers to their various solutions.
You can try to take it from X-Forwarded-For header
The X-Forwarded-For (XFF) HTTP header field is a common method for
identifying the originating IP address of a client connecting to a web
server through an HTTP proxy or load balancer.
This is what X-Forwarded-For should return:
X-Forwarded-For: client, proxy1, proxy2
Here some example code:
string ip = Request.ServerVariables["HTTP_X_FORWARDED_FOR"] ;
if (!string.IsNullOrEmpty(ip))
{
string[] ipRange = ip.Split(',');
ip = ipRange[0];
}
else
{
ip = Request.ServerVariables["REMOTE_ADDR"];
}
There was an issue with Firewall setup on the client machine.Due to that our .NET code was failing. After adding an exception to all the incoming requests from xyz.com. My code is working without any issues.
Thank you guys #Alexander Higgins, #halfer for the help.
I am currently working on module which has the following architecture:
When a client makes a request it is forwarded to a node server which has a ELB in front of it. The node server gets the data from backend .NET code hosted in another server with a different call.
Is it possible to access the client IP in the backend code written in .NET considering this architecture?
you can get ip in node
In your request object there is a property called connection, which is a net.Socket object. The net.Socket object has a property remoteAddress but it may be possible ip server is behind proxy server so try the below code to get IP
request.headers['x-forwarded-for']
Check the below Stack Link for more answers
How to determine a user's IP address in node
I'm running a web application on a glassfish 3 server. The application should not be accessible for anyone. Instead I want to limit access to a handful static IP addresses. To block all communication via a firewall is not an option, since the server hosts other web services too.
Given this background, my question would be:
How can I tell glassfish to only respond to requests from given number of IP addresses?
Your help is highly appreciated!
IP based security is not very robust and... secure (think network topology changes, IP spoofing) but it should be possible to:
create a virtual server
configure the application to be available on that virtual server only
define allowRemoteHost/denyRemoteHost properties at the virtual server level
A better alternative would be to move to certificates.
You can always write a filter that returns 404 or whatever for invalid IPs. Note that IPs can be spoofed.
I have problems connecting to my database server. The database server is not local, I am connected via its IP address.
It works fine in my development machine. After publishing the website to my server, it can not connect to my database server.
A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: Named Pipes Provider, error: 40 - Could not open a connection to SQL Server)
Why can't my publish server connect to the database server, whereas it works fine through the development machine?
I often had that problem. Mostly it's because of two problems.
Open the SQL Server Configuration Manager.
Check if the SQL Server Network Configuration supports TCP/IP, if it's disabled, enable it.
e.g. SqlServer 2005 Network Configuration, Protocols for SQLEXPRESS
Open the SQL Server Management Studio
Click on the Sql Server Properties (right click on the server name and
select properties).
After that, select the page "Security" and switch the check to "SQL Server and Windows Authentication mode".
That's all.
I'll attempt to go two for two on the psychic debugging for today...
I will assume that you are not using integrated security? If so it might explain things as the account on your local machine probably has permissions, but the SYSTEM account that is running on the server does not. Just a shot in the dark though.
It sounds like your server can't make the network connection, rather than a security issue.
Ensure that any firewalls on both the DB and app servers allow traffic on the port (1433).
Ensure you're able to ping or tracert from both machines.
Is it your first time you publish your website on the web server ? if it is , Are you sure you have set your connection string properly ?
You need to create a login ( of curse a password for that too ) and the IP Address of that SQL on the web server .
So you need IP Address of the sql server host , Database Name , UId , Pwd .
I will agree that this sounds like a network issue and not a security issue.
Remote into the web server and ping the DB server by IP address. If this does not work, your server cannot see the DB server via that address (different subnet, incorrect firewall/proxy setup, etc). There may be a proxy address you must use to get to the DB server from the web server, or your web server may also be the gateway and IIS doesn't know to look for the DB server on the LAN. If it does work, the computers may not be talking on the same port, or the firewall may be blocking that port exiting the web server.
I have spent hours trying to connect to SQL server using sqlcmd. I disabled my firewall, checked all ip listed in "Protocols for SQLEXPRESS", edited my hosts file. I tried using different ips and machinename to connect to the server. But none of work worked. After hours of investigation, I found out that I made absolutely stupid blunder making me unable to connect.
I want to remind people that the connection string is not case sensitive. But the option is!!
what i did is I put
sqlcmd -s .\sqlserver
But the correct string is
sqlcmd -S .\sqlserver
so watch out, people
I'm writing an app in CSLA and want to log IP addresses, but only if the client is calling a remote data portal (such as the WCF one).
How can I get the client's IP address when executing within a remote data portal? I realize I could probably pass it with the request, but I'd like to avoid this if possible.
CSLA .NET forum thread on this topic