Setup:
Two W2K3 machines in domain with IPv6 installed on both. App is on Machine #1.
What works with IE8:
Machine #2 can log into the app using IPv4 address (http://192.168.../app)
Machine #2 can log into the app using machine name (http://machine1name/app)
Machine #1 can log into the app using IPv4 address, machine name, and localhost.
Machine #1 can log into the app using local IPv6 address (without scope-id).
Machine #1 can log into the app using network IPv6 address (without scope-id).
What doesn't work with IE8, BUT works with Firefox:
Machine #2 can't log into the app using network IPv6 address of Machine #1 (with scope-id).
ORIGINAL ISSUE: I've tried to narrow down the problem. I can bring up the login page and enter my credentials. In code, I check Active Directory for authentication, and the user does get authenticated. However, the HttpContext.Current.User.Identity is never set. It should be set when I call RedirectFromLoginPage(username), and it is when Machine #2 uses IPv4 to access the app. However, when I use the IPv6 address, HttpContext.Current.User.Identity is always blank.
The authentication and application work fine when using IPv4, so I don't think it's a code issue, but not sure? Or is there some network/IE setting I need to adjust?
EDIT: Firefox with IPv6 and IE8 with IPv4 have no problem creating an authentication cookie. For some reason, IE8 with IPv6 cannot create the cookie, hence, the problem with RedirectFromLoginPage, which is supposed to create the cookie.
EDIT 2: The problem seems to be the % in the IPv6 address when using IE [ie. the scope-id]. For example, with Firefox, you can have the % in the address with no problem. With IE, if you are accessing an app locally using IPv6 (whether local or network IP), you can leave out the scope-id. However, when accessing an app on a network machine, you need the scope-id. And since
you have to encode the % with %25, that's where the problem is.
[ps. I know this question has a similar title, but it's not the same problem.]
Quite honestly, the best way to solve this is to not use link-local addresses as web endpoints. As you have discovered, this area of IPv6 is ill-defined.
I would recommend using static IPv6 addresses instead. Either that, or have your network administrator (you?) enable IPv6 router advertisements on your subnet so you can get "real" (not link-local) IPv6 addresses.
Note, you can still use "private" IPv6 space (like you're doing with 192.168.0.0/16 IPv4 addresses)
If you don't have a "real" IPv6 subnet, you could either use a /64 subnet numbered for 6to4 (which might be good if you have a real IPv4 address and you [eventually] want your hosts to participate on the "real" IPv6 internet) or get a unique local subnet to use.
Or just go for it and broker a 6in4 tunnel from a place like Hurricane Electric.
Related
Scenario: A Windows IIS server is installed on an IP, my subdomain points to that IP. The website works fine when I access it from on WiFi but as soon as I switch to the mobile data I get the ERR_SSL_PROTOCOL_ERROR.
I've added a binding, where I can access the website on PORT 400. I've checked the SSL as well on SSL Checker and everything is fine on that part.
I want the website to be accessible to the default https port. How can I achieve that?
Since the exact domain is not known I can only speculate about the cause of the problem.
But a common problem is that the site is configured for IPv4 but not properly configured for IPv6, even though it resolves to an IPv6 address. Mobile networks often use IPv6 while internet access using WiFi often uses only IPv4, which can explain the difference you encounter.
SSL checker only does rudimentary checks and checks only IPv4. Use SSLLabs instead which checks both IPv4 and IPv6 setups and also checks all visible IP addresses for the domain instead only a single one.
I am attempting to spin up an application that listens on a port and responds to HTTP requests. I am on a Windows 8 machine connecting through a Netgear router that provides port forwarding. I have:
modified my DNS zone file of one of my domains to point to the IP address that is assigned to my cable modem
Added a port-forwarding rule to my router that sends requests to port 8080 to port 8081 on my computer
Opened port 8081 on my Windows Firewall
Executed netsh http add urlact http://+:8081/ user=Everyone listen=yes as administrator
Started up my app which uses the simple webserver solution found at http://codehosting.net/blog/BlogEngine/post/Simple-C-Web-Server.aspx which uses an HttpListener object with a prefix of http://+:8081/.
From any machine on my local network, I can browse to http://home.example.com:8080/blah/blah and everything works great. Whenever I attempt the same URL from a machine connected elsewhere on the Internet, the connection times out. I have tried using the IP address instead the domain name, and have tried disabling my Windows Firewall (temporarily), still with no luck.
I'm sure this is more of a network setup issue than a code issue, but I thought I would ask anyway to see if there is anything I can do. Sorry for the spaces in the urls above. This is my first post to SO, and I apparently don't have enough of a reputation to post more than a single link.
By "elsewhere on the Internet", I am assuming you are attempting to access it from a different ISP.
The thing about some ISPs is that unless you are paying for a "business class" connection, they will do all sorts of tricks to ensure that you remain a "consumer". What you need is an unNATed static IP address.
By this I mean that the IP address that you may have at your home may not be accessible to the outside world because the ISP is actually NATing (or other) that address to you. This is a fairly common practice because of limited IP4 addresses. If you really want a service accessible via the WWW, I would suggest moving your product to a VPN, or at least a commodity hosting provider.
Edit: Try a VPN service like Hamachi
My goal is to have two laptops in a network. One is acting as a server, serving webpages to the other. The catch here is that neither is connected to the outside internet.
What I have done so far is setup WAMP on the server laptop, and it successfully serves web pages on localhost. Now I want to access these pages on the other laptop.
To do this, I had the server create an ad-hoc network and connected the other laptop to it, but I'm stuck - and I'm worried I'm not on the right track. I followed this tutorial but in the end I figured out that just explained how to spoof a text URL as an IP address, and not really what I was looking for.
So I guess I have two questions:
Is my method the best way to do this (with ad-hoc networks)? Is there some way to connect a laptop to a wireless router and have the laptop act as a server to another laptop?
If my WAMP and ad-hoc network should work, how do I connect other laptops to my server through the ad-hoc network?
Thanks!
I would suggest the first option: get a wifi router. Then you can assign static IP adresses from the routers private network or use DHCP server on the router. Hopefully you will have an option to reserve IP adresses on DHCP server so you dont have to check every time what IP adress the laptop acting as a server got. You use this address to access your web server. Also, you can use this router later as a gateway to the internet if you want.
In ad hoc mode you will probably get an address from 169.254.0.0/16 link-local scope, and you can check it by running ipconfig as #Robadob already suggested.
On your hosting laptop open cmd and call ipconfig look for the internal IP address on the network interface your hosting the ad-hoc network.
Enter that IP address into the browser on your client laptops web browser instead of localhost.
If that doesn't work, try other ip addresses listed by ipconfig (incase you used the wrong) and then check the properties of your ad-hoc network, windows firewall and any other firewall software to disable anything that might be blocking it.
An ad-hoc network is suitable option for what your doing, most people would probably use a switch or router though, however that requires hardware you probably don't have.
I have a website that I'm running locally at localhost:8000. I'd like to access my site from other devices on my network. I've tried to visit the site via my computer's internal IP address via: 127.0.0.1:8000but this doesn't work. Is this possible?
Three most probable things:
Check if there is a network route between the client and the server machine (commands like PING and TRACERT will help);
Check if the server machine has a firewall. If it does, there must be a rule allowing (opening) connections through that port (8000) in TCP;
Most likely, the problem is one of the two above. If not, there's one last thing:
Make sure the web server (the one that serves localhost:8000) is bound to listen to all IP addresses (not only 127.0.0.1).
To know that, search for servername bind all ip addresses on google. E.g., for apache HTTPD, it'd be apache bind all ip addresses.
here is what I do in similar cases:
search rejetto hfs on google, it is single executable less than 1Mb size and download it into your server machine.
after starting it, follow menu->IP addresses. these are all your possible addresess on the server side.
these are your IP addresses to enter, and your port is 8000 as you mentioned.
most possible IP addresses you will find are in the format of following:
192.168.?.?
10.0.0.?
169.254.?.?
besided you will probably need to add a firewall rule for your server app.
i am using windows server 2003 and 2008
i am about to install a web application on a server that is connected to other computers using simple wired network i.e. no active directory, no domain controller etc..
my question is:
is there a way to prevent mac addresses outside my specified list from accessing my application ? should it be through IIS or Web.config or should i put certain code in the page load events.
another concern: if i use an SSL to secure my application, is it enough along with a reputable anti virus to prevent a virus to access my server through any network computer using my web application
I don't think this is possible.
If you visualise the route from the client to your server; along this route there are 'hops', i.e., routers and switches which route the client's request down one of multiple paths.
At each hop a different MAC address is inserted into the packet - this is the MAC address of the next hop on the route.
So although the IP address always stays the same throughout the entire route (hence you can use the server variables or such like to determine the client's IP address) the MAC that you receive at the server after the final hop is actually the MAC address of the last networking device that the request was directed through.
The only way you'd be able to accurately use this MAC address for some sort of access control is if you had no routing or switching hardware between you and all the clients.
What if routing is involved - the MAC address you'd like to exclude is on another network? In that case you'll never see the MAC address. Using IIS you CAN filter specific IP addresses.
the simplest way to secure a network (also minimum requirement, else considered non-secure network)
1-get CISCO switches and router or (multilayer switch)
2-change native VLAN then create and configure VLANs for example 10, 20, 30 and put ranges of IP for each VLAN
3-enable port security: set max number of mac addresses and enable MAC address "sticky"
4-configure routing protocol to allow switches to "talk" to each other
good luck