Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / ASP.NET / General / October 2007

Tip: Looking for answers? Try searching our database.

Obtain real IP address of client

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Brian Cryer - 25 Oct 2007 12:10 GMT
What I'm looking for is a way to tell if two sessions are from the same
physical PC or from different PCs (within the same organisation say). This
is with the view to possibly enforcing license restrictions, i.e. limiting
the number of pcs that user account can connect from (say to 1 perhaps 2)
but not the number of open sessions that user can have.

So, with that in mind I was wondering whether it was possible to obtain the
local IP address of a PC? I know I can use Request.UserHostAddress but if
someone is behind a router (or proxy) then it just returns the external
public IP address. Is it possible to obtain the internal (real) IP address
of a visitor as well as their public IP address?

If not then does anyone have any other ideas for detecting whether two
sessions with the same Request.UserHostAddress are from the same PC or not?

TIA.
Signature

Brian Cryer
www.cryer.co.uk/brian

Reply to this Message
Alexey Smirnov - 25 Oct 2007 12:18 GMT
On Oct 25, 1:10 pm, "Brian Cryer" <bri...@127.0.0.1.activesol.co.uk>
wrote:
> What I'm looking for is a way to tell if two sessions are from the same
> physical PC or from different PCs (within the same organisation say). This
[quoted text clipped - 14 lines]
> --
> Brian Cryerwww.cryer.co.uk/brian

first test HTTP_X_FORWARDED_FOR and if it's not available, use
REMOTE_ADDR, or Request.UserHostAddress

string ip = Request.ServerVariables("HTTP_X_FORWARDED_FOR");
if(ip != "") {
ip=Request.ServerVariables("REMOTE_ADDR");
}
Reply to this Message
Brian Cryer - 25 Oct 2007 13:00 GMT
> On Oct 25, 1:10 pm, "Brian Cryer" <bri...@127.0.0.1.activesol.co.uk>
> wrote:
[quoted text clipped - 25 lines]
> ip=Request.ServerVariables("REMOTE_ADDR");
> }

Thanks Alexey. This is the best I've seen. I wasn't aware of
HTTP_X_FORWARDED_FOR, useful to know about thanks.

This does the job if the person is going via a proxy, but not if they are
behind a router. If they are behind a router I still only see the public IP
address (although at least I now see the public IP address before it hits a
proxy). Its a big step in the right direction. Thanks.
Signature

Brian Cryer
www.cryer.co.uk/brian

Reply to this Message
Mark Rae [MVP] - 25 Oct 2007 12:22 GMT
> So, with that in mind I was wondering whether it was possible to obtain
> the local IP address of a PC? I know I can use Request.UserHostAddress but
> if someone is behind a router (or proxy) then it just returns the external
> public IP address. Is it possible to obtain the internal (real) IP address
> of a visitor as well as their public IP address?

There is no reliable way to do this... For one thing, IP addresses are so
easy to spoof these days...

> If not then does anyone have any other ideas for detecting whether two
> sessions with the same Request.UserHostAddress are from the same PC or
> not?

You could look at cookies, I suppose, but what if the workstation has e.g.
IE, FireFox, Opera, Netscape and Safari installed (like I do on my test
machine)...?

Signature

Mark Rae
ASP.NET MVP
http://www.markrae.net

Reply to this Message
Brian Cryer - 25 Oct 2007 13:03 GMT
>> So, with that in mind I was wondering whether it was possible to obtain
>> the local IP address of a PC? I know I can use Request.UserHostAddress
[quoted text clipped - 4 lines]
> There is no reliable way to do this... For one thing, IP addresses are so
> easy to spoof these days...

That's what I suspect.

>> If not then does anyone have any other ideas for detecting whether two
>> sessions with the same Request.UserHostAddress are from the same PC or
[quoted text clipped - 3 lines]
> IE, FireFox, Opera, Netscape and Safari installed (like I do on my test
> machine)...?

I had a brief play with cookies, but didn't have much joy in getting values
back. Could have been a mistake in my code or simply that cookies are
blocked so often ...

Thank you for the idea.
Signature

Brian Cryer
www.cryer.co.uk/brian

Reply to this Message
Brian Cryer - 25 Oct 2007 16:26 GMT
>>> So, with that in mind I was wondering whether it was possible to obtain
>>> the local IP address of a PC? I know I can use Request.UserHostAddress
[quoted text clipped - 18 lines]
> values back. Could have been a mistake in my code or simply that cookies
> are blocked so often ...

My cookie implementation was wrong. My mistake.

So it looks like the cookie approach will give me what I need. I'd still
like a way to identify the PC (by IP address or name) for reporting purposes
(say to the user even) but that isn't so pressing.

Thanks.
Signature

Brian Cryer
www.cryer.co.uk/brian

Reply to this Message
Peter Bromberg [C# MVP] - 25 Oct 2007 14:31 GMT
Maybe what you really need to do is make people log in, and store their
credentials in such a way that if they log in a second time with the same
credentials, you'll be able to detect that's a duplicate login. Then you
needn't worry about IP addresses.
-- Peter
Recursion: see Recursion
site:  http://www.eggheadcafe.com
unBlog:  http://petesbloggerama.blogspot.com
BlogMetaFinder:    http://www.blogmetafinder.com

> What I'm looking for is a way to tell if two sessions are from the same
> physical PC or from different PCs (within the same organisation say). This
[quoted text clipped - 12 lines]
>
> TIA.
Reply to this Message
Brian Cryer - 25 Oct 2007 15:43 GMT
> Maybe what you really need to do is make people log in, and store their
> credentials in such a way that if they log in a second time with the same
[quoted text clipped - 5 lines]
> unBlog:  http://petesbloggerama.blogspot.com
> BlogMetaFinder:    http://www.blogmetafinder.com

Detecting multiple logins by the same account is easy, but isn't what I'm
after. What I would like to be able to is to distinguish between multiple
sessions (logged in) from one pc and those which are from two or more pcs.
The rational being not to stop someone from having multiple browser windows
open on their pc, but to stop or at least detect if the same account is
logged in from two or more different pcs (in the same office). I hope you
can see what I'm aiming for.

I know there are issues like has the browser been closed without logging
off, but I can see workarounds for issues like those. Alexey has given a
work around that works for telling apart pcs behind a proxy, but I'm stuck
on how to tell two pcs apart which are behind the same router. Any ideas
appreciated.
Signature

Brian Cryer
www.cryer.co.uk/brian

Reply to this Message

Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.