Obtain real IP address of client

B

Brian Cryer

What I'm looking for is a way to tell if two sessions are from the same
physical PC or from different PCs (within the same organisation say). This
is with the view to possibly enforcing license restrictions, i.e. limiting
the number of pcs that user account can connect from (say to 1 perhaps 2)
but not the number of open sessions that user can have.

So, with that in mind I was wondering whether it was possible to obtain the
local IP address of a PC? I know I can use Request.UserHostAddress but if
someone is behind a router (or proxy) then it just returns the external
public IP address. Is it possible to obtain the internal (real) IP address
of a visitor as well as their public IP address?

If not then does anyone have any other ideas for detecting whether two
sessions with the same Request.UserHostAddress are from the same PC or not?

TIA.
 
G

Guest

What I'm looking for is a way to tell if two sessions are from the same
physical PC or from different PCs (within the same organisation say). This
is with the view to possibly enforcing license restrictions, i.e. limiting
the number of pcs that user account can connect from (say to 1 perhaps 2)
but not the number of open sessions that user can have.

So, with that in mind I was wondering whether it was possible to obtain the
local IP address of a PC? I know I can use Request.UserHostAddress but if
someone is behind a router (or proxy) then it just returns the external
public IP address. Is it possible to obtain the internal (real) IP address
of a visitor as well as their public IP address?

If not then does anyone have any other ideas for detecting whether two
sessions with the same Request.UserHostAddress are from the same PC or not?

TIA.

first test HTTP_X_FORWARDED_FOR and if it's not available, use
REMOTE_ADDR, or Request.UserHostAddress

string ip = Request.ServerVariables("HTTP_X_FORWARDED_FOR");
if(ip != "") {
ip=Request.ServerVariables("REMOTE_ADDR");
}
 
M

Mark Rae [MVP]

So, with that in mind I was wondering whether it was possible to obtain
the local IP address of a PC? I know I can use Request.UserHostAddress but
if someone is behind a router (or proxy) then it just returns the external
public IP address. Is it possible to obtain the internal (real) IP address
of a visitor as well as their public IP address?

There is no reliable way to do this... For one thing, IP addresses are so
easy to spoof these days...
If not then does anyone have any other ideas for detecting whether two
sessions with the same Request.UserHostAddress are from the same PC or
not?

You could look at cookies, I suppose, but what if the workstation has e.g.
IE, FireFox, Opera, Netscape and Safari installed (like I do on my test
machine)...?
 
B

Brian Cryer

Anon User said:
first test HTTP_X_FORWARDED_FOR and if it's not available, use
REMOTE_ADDR, or Request.UserHostAddress

string ip = Request.ServerVariables("HTTP_X_FORWARDED_FOR");
if(ip != "") {
ip=Request.ServerVariables("REMOTE_ADDR");
}

Thanks Alexey. This is the best I've seen. I wasn't aware of
HTTP_X_FORWARDED_FOR, useful to know about thanks.

This does the job if the person is going via a proxy, but not if they are
behind a router. If they are behind a router I still only see the public IP
address (although at least I now see the public IP address before it hits a
proxy). Its a big step in the right direction. Thanks.
 
B

Brian Cryer

Mark Rae said:
There is no reliable way to do this... For one thing, IP addresses are so
easy to spoof these days...

That's what I suspect.
You could look at cookies, I suppose, but what if the workstation has e.g.
IE, FireFox, Opera, Netscape and Safari installed (like I do on my test
machine)...?

I had a brief play with cookies, but didn't have much joy in getting values
back. Could have been a mistake in my code or simply that cookies are
blocked so often ...

Thank you for the idea.
 
B

Brian Cryer

Peter Bromberg said:
Maybe what you really need to do is make people log in, and store their
credentials in such a way that if they log in a second time with the same
credentials, you'll be able to detect that's a duplicate login. Then you
needn't worry about IP addresses.
-- Peter
Recursion: see Recursion
site: http://www.eggheadcafe.com
unBlog: http://petesbloggerama.blogspot.com
BlogMetaFinder: http://www.blogmetafinder.com

Detecting multiple logins by the same account is easy, but isn't what I'm
after. What I would like to be able to is to distinguish between multiple
sessions (logged in) from one pc and those which are from two or more pcs.
The rational being not to stop someone from having multiple browser windows
open on their pc, but to stop or at least detect if the same account is
logged in from two or more different pcs (in the same office). I hope you
can see what I'm aiming for.

I know there are issues like has the browser been closed without logging
off, but I can see workarounds for issues like those. Alexey has given a
work around that works for telling apart pcs behind a proxy, but I'm stuck
on how to tell two pcs apart which are behind the same router. Any ideas
appreciated.
 
B

Brian Cryer

Brian Cryer said:
That's what I suspect.


I had a brief play with cookies, but didn't have much joy in getting
values back. Could have been a mistake in my code or simply that cookies
are blocked so often ...

My cookie implementation was wrong. My mistake.

So it looks like the cookie approach will give me what I need. I'd still
like a way to identify the PC (by IP address or name) for reporting purposes
(say to the user even) but that isn't so pressing.

Thanks.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,483
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top