C# ASP .NET (VS2005) - how to obtain caller's IP address

J

j.a. harriman

Hi,
Can someone point me to an MSDN or other location where I can obtain the
caller's IP Address?

I'd like to put this in the "WebMethod" portion of the program.

The intent is not so much for security, as it is for me to identify
customers, and do not want to rely on them putting an "identity" in the
message to the service.

Thanks. Jeff
 
J

John Saunders

j.a. harriman said:
Hi,
Can someone point me to an MSDN or other location where I can obtain the
caller's IP Address?

I'd like to put this in the "WebMethod" portion of the program.

The intent is not so much for security, as it is for me to identify
customers, and do not want to rely on them putting an "identity" in the
message to the service.

If your customer is behind any sort of proxy or firewall, you'll get the
address of the proxy or firewall, and not the client machine. You can't rely
in the IP address for anything.

John
 
J

j.a. harriman

Other than having them insert something in the request, do you have any other
thoughts on this that I might be able to look at?
Thanks.
 
J

John Saunders

j.a. harriman said:
Other than having them insert something in the request, do you have any
other
thoughts on this that I might be able to look at?

It depends on what you're trying to do. For instance, how certain do you
need to be that the request is from one of your customers? Is this some form
of authentication?

You might consider having the customer include some data signed via XML
Digital Signature. This data would be signed in such a way that if you are
able to verify the signature, it will imply that only your customer could
have signed it. .NET 2.0 includes the new SignedXml class in the
System.Security.Cryptography.Xml namespace. It makes it much easier to
generate and verify digital signatures.

Basically, the network isn't going to do this job for you. Speaking at a
somewhat network-theoretical level, your desire to identify your customer is
pretty much an Application-layer function. That means that it's something
between your Application and the customer's Application. You can't depend on
something from the Network layer to do this for you. The Network layer has
the right to do anything it wants with Network-layer data like the IP
Address.

So, if _you_ want to be certain who _your_ customer is, then _you_ have to
do it.

John
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,479
Members
44,899
Latest member
RodneyMcAu

Latest Threads

Top