i need to find the remote users ip address using asp.net and also i need clarification whether multiusers have same ip address
thanks
Shakthi
Dim userIP As string = Request.UserHostAddress
Edit Caveat - the below is talking about an internet scenario. On a more limited (intranet) network, you may be able to assume a 1-1 User-IP Address mapping
Multiple users may appear to have the same IP address.
The same user may make two requests in a row from different IP addresses.
Whatever you're trying to do, using the users IP address for anything other than logging is probably pointless.
Related
I am logging every user's IP when they access the company's page.
There are two ways to access the page from inside the local network:
http://company/webpage
and
https://webpage.company.com
What bugs me is that even when the users use the https global IP, their accesses are still recorded on database with their IP as 10.50.1.12 or 10.50.1.100.
Does that means that the browser or something else is redirecting the https://webpage.company.com to company/webpage? Or does that mean that I'm using a flawed method to log the users IP?
Another way to ask my question (just to make sure I'm being clear): if I'm accessing my Internet web page from inside the LAN network, am I effectively going outside my network and then back? If not, where am I going wrong with my logging?
Code used to log user's IP:
user.LastIP = HttpContext.Current.Request.UserHostAddress;
I'm curious about this because I want to make sure the users inside the company will access the page using exclusively the LAN Network. The goal is to save bandwidth usage, which is scarce.
Edit:
Pinging the https://webpage.company.com from inside the LAN network will result in a reply from a global IP address like 194.xxx.xxx.xxx. So I'm clearly getting the user's IP wrongly. What would be the ideal way of retrieving the IP from the page accessing entity?
Access to http://company/webpage will result in a DNS lookup of the host name "company". To resolve this, DNS will need a fully qualified domain name (fqdn), so it will add a top level domain (according to the configured search list in the client). In this example, it seems fair to assume that the fqdn will be "company.com". This, in turn, may very well resolve to the same IP address as the "webpage.company.com". You can check this by using dns lookup utilities like 'nslookup' and 'dig', or simply by using 'ping company' and 'ping webpage.company.com'.
The users IP addresses you mention, 10.50.1.12 and 10.50.1.100, seems to be the local IP addresses of the client hosts. I base this assumption on the fact that these IP addresses come from the RFC-1918 address range which is used for internal addresses. My guess is that these are the correct IP addresses, and that your logging works fine.
The users IP address you will log from accessing 'http://company/webpage' and 'https://webpage.company.com' should in most cases be the same. You can see it this way: it doesn't matter what the target URL is, traffic is still coming from the same host, the same IP address.
In any case, you most probably don't need to worry about any traffic leaving your local network.
Is it a way to add "IP Address" field in aspnet_Users, and then control it when user try to login?
There is a Comment property on the MembershipUser object. You can do it to do whatever you want (it is a string).
http://msdn.microsoft.com/en-us/library/system.web.security.membershipuser.comment.aspx
I have not heard of anyone doing this. Probably with good reason because it doesn't sound like a good idea for a web application.
Consider, many web clients have dynamically allocated IP addresses from their ISP and so their IP address changes all the time, also, if multiple clients are using the one proxy, then you will have non-unique records for IP address.
If you want to employ IPsec then consider using the server firewall or IIS rather than a membership provider.
I would like to get the user's IP locally without any invoking any service.
Looking for a purely client side solution.
In general this problem is not solvable because the client computer might not even know its own external IP address. This happens when the client is behind a NAT or some other kind of firewall.
Note that many different client machines might share the same external IP address, and also different client machines might have the same internal IP address but different external IP addresses. Or, I can even imagine a situation where two different clients have the same internal and external IP addresses.
If you would explain why you believe you need this information, another solution to your actual problem might be possible.
I need my system IP address. I've used Request.ServerVariables["remote_addr"] but it is being provided IP address of my network(intranet) not my local system ip.
Actually I've set session state off and want to identify the user request. So i want to fetch the system IP not router/network IP.
Please tell me the appropriate solutions.
Request.UserHostAddress.
Try this.
try this
how to get ip address of machine in c#
You should be able to use:
Request.ServerVariables["LOCAL_ADDR"]
As seen on: http://msdn.microsoft.com/en-us/library/ms524602(VS.90).aspx
Am I able to depend on a requestor's IP coming through on all web requests?
I have an asp.net application and I'd like to use the IP to identify unauthenticated visitors. I don't really care if the IP is unique as long as there is something there so that I don't get an empty value.
If not I guess I would have to handle the case where the value is empty.
Or is there a better identifier than IP?
You can get this from Request.ServerVariables["REMOTE_ADDR"].
It doesn't hurt to be defensive. If you're worried about some horrible error condition where this isn't set, check for that case and deal with it accordingly.
There could be many reasons for this value not to be useful. You may only get the address of the last hop, like a load balancer or SSL decoder on the local network. It might be an ISP proxy, or some company NAT firewall.
On that note, some proxies may provide the IP for which they're forwarding traffic in an additional HTTP header, accessible via
Request.ServerVariables["HTTP_X_FORWARDED_FOR"]. You might want to check this first, then fall back to Request.ServerVariables["REMOTE_ADDR"] or Request.UserHostAddress.
It's certainly not a bad idea to log these things for reference/auditing.
I believe that this value is set by your web sever and there is really no way to fake it as your response to there request wouldn't be able to get back to them if they set there IP to something else.
The only thing that you should worry about is proxies. Everyone from a proxy will get the same IP.
You'll always get an IP address, unless your web server is listening on some sort of network that is not an IP network. But the IP address won't necessarily be unique per user.
Well, web request is an http connection, which is a tcp connection and all tcp connections have two endpoints. So, it always exists. But that's about as much as you know about it. It's neither unique nor reliably accurate (with all the proxies and stuff).
Yes, every request must have an IP address, but as stated above, some ISP's use proxies, NAT or gateways which may not give you the individual's computer.
You can easily get this IP (in c#) with:
string IP = Context.Request.ServerVariables["REMOTE_ADDR"].ToString();
or in asp/vbscript with
IP = request.servervariables("REMOTE_ADDR")
IP address is not much use for identifying users. As mentioned already corporate proxies and other private networks can appear as a single IP address.
How are you authenticating users? Typically you would have them log in and then store that state in their session in your app.