I am trying to Authenticate a web service by validating the IP address of the caller. The web service is meant to be internal to the network.
and in trying to do so the HttpContext.Current.Request.UserHostAddress has a weird value like "::1"
See debug point screenshot below.
Questions :
Why does this not work and give the proper ip of the client?
Is there a better way to authenticate the Web Service for an internal client?
Thanks in advance.
Why does this not work and give the proper ip of the client?
It is indeed working and you are seeing "::1" because it's a reserved loopback address for ipv6 AKA localhost or 127.0.0.1 in ipv4
IPv6
The loopback address, 0000:0000:0000:0000:0000:0000:0000:0001, may be
abbreviated to ::1 by using both rules.
Is there a better way to authenticate the Web Service for an internal client?
You have to know the difference between Authentication & Authorization, i suggest you create a new question with more details on the authentication methods that you are using in your web service
Related
I'm working on a project that will include Windows tablets as a Terminals and they will be under VPN. Setting up the tablets will not be our job, we only need to provide some endpoints for them and we'll need to authenticate the API calls from them with their FQDN. The project is .net5 Web API.
Previously the requirement was that we will use the IP address of the terminals for authenticating them and I can easily use this code for getting that:
var remoteIpAddress = HttpContext.Connection.RemoteIpAddress?.ToString();
However the request was changed and we will need to use FQDN for authentication.
The problem is that I can not get FQDN from HTTP Context as I can take the IP address.
Is there any way to get this parameter from the device?
Hope my question is clear!
I have created a WCF Service and have implemented all necessary work for SSL implementation.
From IIS to Web.config
I am able to accessing Service with following URL successfully on browser from my own PC.
https://mycomputername/wcfService.svc
but How can I access it using my IP-Address e.g:
https://192.x.x.x/wcfService.svc
Actually I have to access the web service from another PC with in my network.
The SSL certificate will be associated with a domain name, not with an IP address.
So you will have to customize how to accept the SSL certificate. If you have a .NET client, you can use ServicePointManager.ServerCertificateValidationCallback and return true to accept any certificate.
Related: How to ignore the certificate check when ssl
I need to authenticate a username and password input against a Remote Desktop Services Gateway before connecting the user using the normal windows RDP client because I need to override the default UI behavior of the RDP client in event of invalid credentials and I cannot use LDAP or another service as it has to work from outside the network where only the RDS gateway is available.
I haven't been able to find much in the way of documentation for the RDS Gateway API exccept for this: http://msdn.microsoft.com/en-us/library/ee672219(v=vs.85).aspx but there are no examples or much of anything.
Has anyone had any experience doing something similar?
Well, one option would be to write your own RDG client: see the Terminal Services Gateway Protocol Reference and the authentication handshake section. It doesn't actually sound too difficult to do, since the handshake is implemented entirely with basic HTTP requests.
I created 3 projects WebSite, WebApi and CoreAuthWebApi. They all interact with each other.
Here is the request flow:
WebSite --> WebApi --> CoreAuthWebApi
CoreAuthWebApi --> WebApi --> WebSite
What is the best way for CoreAuthWebApi to get the WebSite Client IP without IP spoofing?
What is the best way for CoreAuthWebApi to get the WebSite Client IP without IP spoofing?
If the call is made on behalf of the web site, the API has no way of knowing the IP of the user agent unless you pass it as parameter. Remember the client of the API in this case is the IP of the server where the website is hosted.
Since the website knows the IP of the user agent it can pass it to the API as parameter.
I have a C# web service on our website and I only want to be able to call it locally where its hosted - restricting access from the outside world. Whats the easiest way to do this without a login form? We cannot restrict the web service directory per ip (because I don't believe its static)
Alternatively, you could also host them on a separate website, which you only bind to localhost (127.0.0.1)
PS: You should really get a static IP for your webserver. Or at least reserve an IP address for the server's mac address in your DHCP server configuration.
You can setup windows authentication on the web services and require the authentication be a local account to that machine. You'll have to modify your code calling it by providing network credentials, but that will prevent people from the outside calling it.
This article should explain how to do it.