I have a website and i need to deploy it in a single country for example Lebanon. In other words, any request that comes to the website from any other country should not be responded to.
I think I may use the IP address of the request and know from which country it was generated.
How can I do this in C#.
I think I may use the IP address of the request and know from which country it was generated
No, you dont. Illusion.
you can not know which country a request comes frmo, only where the IP address is registere, pretty much. More information is avaialble parsing the reverse dns SOMETIMES if you are smart at this.
This ignores little issuesl ike large international providers that may use a central pool of addresses, like VPN providers etc. Or satellite phone providers (which may be used out of a country but not be resident there).
At the end this will be of RELATIVELY limtied use, depending what your exact busienss case is it may be totally useless.
How can I do this in C#.
Programming.
Get a GeoIP database (look up the term in google, a provider will show up, otherwise try it in combination with "maxmind"). THen query the IP against the database. Decide how to handle "maybe" scenarios like international businesses. Example... IBM has address space. They use it for all their oprations. How you want to deal with this?
One thing you can do to encourage local indexing and participation is deploy your website with a Lebanon country code suffix.
www.example.co.lb
Here's a list of country suffix domains.
Related
I am writing some code to retrieve IPs from a domain that comes from a querystring. To achieve this, I have used
Dns.GetHostAddresses(uri);
Which return type is a array of System.Net.IPAddress[]
But I want to write a comment in the code to explain to the developer why a domain such as google for example, may (OK google will) return more than 1 IP address.
Does anyone have a definition or can direct me to a website that has material on this?
Thanks
Its used as a kind of 'load balancer' for DNS queries.
See here for a good discussion:
Is it possible that one domain name has multiple corresponding IP addresses?
We are looking to create a website that displays information to all new visitors to a site, i.e. welcome, please read our help guide, etc.
The big problem is that our website is not allowed to use long-lasting cookies (i.e. over 20 minutes). Does anybody know of any way we can determine whether a user has visited the site before or not. As another restriction, we can not add anyform of registration to the system.
The application is being created in ASP.Net 3.5.
Thanks for the help
The EFF has a tool/site that you can visit that shows how with the plugins, OS details, browser details, etc. you can determine a visit fairly uniquely. It could give some insight on details to store in a database to determine if the user had been there before:
https://panopticlick.eff.org/
You could attempt to use an IP address, but with NAT'ing and most ISPs handing out dynamic IP addresses anyways, you'll never really know if the user visiting is one who's been there before or not with any certainty.
If you have no way of storing information on the client side, this is impossible except for saving IPs and comparing those, which isn't really accurate either.
Does anybody know of any way we can determine whether a user has visited the site before or not.
No, you can't. Since you can't use cookies all you've got is what the client's sending by default: IP address, user agent information. With the current IPv4 depletion and the popularity of NAT devices the IP is anything but useful.
About the only way is to capture the IP address of web browser and use that as a unique ID - assuming that it is indeed unique.
You can't rely on the IP since it can be shared by many user, or change for one user.
If you can't store a cookie on the client side, it is not possible.
You can also ask him: "Did you ever visited this site in the past?", but I doubt this is good practice :D
Store a boolean value like "AlreadyVisited" in the Session. So everytime the user visits the page for the first time, he will see your welcome message.
After displaying, set the boolean to false (you need to store it in the session)
I know this has been posted before, but never really answered, I'm using the DotNetOpenAuth to try and do GoogleID login, and every time I do details = OResponse.GetExtension<ClaimsResponse>(); I always, always, always get back null, I don't get whats the point of the GoogleID if I can't get back any information, I would think at the very least I would get an email address, so I could associate it other login information in my databse. I just don't understand could really use some help, Im probably just looking at openID in the wrong way.
I'm using ASP.NET and looking to use openID/Facebook as my sole means of logging in users, I really don't want to mess with membership roles, or extra junk that ASP.NET likes to add.
Yes, this has been asked and answered many times. Google does support AX. But it ignores any attributes marked as "optional". So if you want the email address, you have to say that email address is a required attribute.
The ClaimsResponse extension you're checking for isn't AX -- it's Simple Registration. But if you have AXFetchAsSregTransform behavior turned on (highly recommended) then it allows you to just use ClaimsRequest and ClaimsResponse exclusively, and DotNetOpenAuth will automatically translate to and from AX behind-the-scenes for you.
Alternatively, you can use FetchReqest and FetchResponse to speak AX directly to Google.
But (and I can't hammer this hard enough), do not use the email address as the user's unique identifier!!! Instead, use the IAuthenticationResponse.ClaimedIdentifier string as the unique identifier. Email address should generally be considered just a helpful hint that can be used to prefill a registration form. You shouldn't even trust that the email address you get is really under the user's control (that's one reason why it shouldn't be considered their unique id) since the Provider can lie to you. Google and Yahoo are two providers that promise (if you choose to trust them) that the email addresses have been verified, so you can skip the email validation step for users from them if you wish.
It doesn't appear that Google's OpenID server supports AX or sreg.
I have a webservice that a developer can use to create a user account, apart of the create user account form, it requires an input of the user's "Postal Address"
The Postal address has "Country State Id"
Normally, I would provide a list for everything else, but when it comes to country state list it contains thousands and thousands of states/regions and its too much to list in a API specification document.
So my question is,
1) do you create a web service for the developer to retrieve the country state id?
or
2) provide the developer with a database file, with the list of country state id?
I'm thinking #2 would be best.
You might just be able to delegate this to a third-party webservice from your own. There is info on that option here. This one looks like you can get the required data for free, as a DB or webservice: http://www.geonames.org/export/
There are paid options as well as free, YMMV I am sure.
I would like to identify if an email address comes from a public provider or is from an established business. I consider public email addresses to be things such as:
Open email service providers, such as
gmail, hotmail and yahoo.
Anonymization services, such as mailinator or dispostable.
I'm aware that there is no foolproof way to do this, and obviously any list based solution would require constant updates.
Is there a public listing or .NET library that can do this for me?
Are there really that many free webmail providers out there? I would go with a 'blacklisting' style solution.
For example, flag everything in this wikipedia list as free (heck I would think covering gmail/hotmail/yahoo/aol would cover a huge % of users anyway). Then if you get more than 2 (or higher number if your site has high throughput) registrations from the same email domain, it notifies the admin to check the domain to see if it needs to be added to the 'blacklist'.
I would imagine there are much more reliable ways to detect business customers though. For example in Australia you could just ask for an ABN and then check that it's valid. Are you willing to punish small business who don't have email providing and just use a generic #gmail account?
Here is a link to SpamAssasin's freemail list: http://svn.apache.org/repos/asf/spamassassin/trunk/rules/20_freemail_domains.cf.
I suppose, checking against this list is a good start.
You might want to talk to the Better-Business-Bureau ( http://www.bbb.org ) and see if they provide some kind of a feed or API. I had a quick look at their site and couldn't see anything obvious, but it would be this kind of organisation I would head to first if I wanted to find out domain names belonging to established businesses. They do have a form on their site to search by email address ( http://www.bbb.org/us/Find-Business-Reviews/ )
Consider using HubSpot blocked domains list. It is not a guarantee that it is 100% accurate or complete.
They also provide a CSV file that you can download and parse programmatically. Link to CSV file is in the linked page.
I am guessing the ultimate goal is to clean your database from unwanted contacts that will increase the monthly bill. What you can do is the following:
Create a webhook that is triggered whenever a new contact is added.
In that webhook (which can be written in any language), check if the contact is in a blacklist (which is gmail/etc...).
Remove the contact if it is in a blacklist using an API call (you will need to first get the contact ID, which can be easily retrieved using API).