Is there any way, on a windows domain, to get hostname or IP address given the domain username? C# APIs would be great.
example: string GetUserIP(string username);
The short answer is that you can't find the information because the IP address is assigned to a computer and not a user. Now you might be able to find out the IP address of the computer a user logged into. The first step would be to talk with the domain administrator. Find out if they are logging the information. They may also be able to point you to how to search the log (that is with a huge assumption that the domain admin will cooperate which is NOT guaranteed).
Now having said that if others are connecting to your application it is relatively easy to get the IP address from where they are connecting. You simply exam the connection property in the connection after it has been established.
I ended up creating a client-side application that runs on logon (by adding the correct registry key. See Here) You could also implement this as part of a logon script. This connected to the remote service and reported the username. The server application then maintained a dictionary of logged-on users and IPs.
Related
I want to implement a Windows Service that will by default block/allow all network connections and whitelist/blacklist specific domain names (like google.com).
I looked at Windows Filtering Platform but it does not seem I can filter on domain names, only on exact IPs. The problem is that IPs corresponding to domain names might change over the time and there might be multiple for one domain name.
How can I do this filtering on domain names ?
Note that if you only filter by DNS name, your filter can easily be circumvented by using an IP address. So filtering by IP address will be more robust.
You can do reverse IP lookups to get associated domain names. You'll probably want to implement a reverse IP address lookup cache. You would flush entries in the cache when they've exceeded their DNS TTL.
If you want to stick solely with domain names (and depending on where you want to do the filtering) you could hook winsock.dll. See this on SO. Your winsock hook would filter gethostbyname() and other APIs that resolve DNS names.
Before your browser connects to to the host identified by the domain name it issues a DNS query for that domain name. You can create a network filter driver to intercept DNS response packets and even modify them. An example, if the specific domain name is blacklisted then you can modify DNS response and change the IP address to the IP of the host with HTTP-server which shows the message like "Web-site is blocked".
Another possible approach is playing around HTTP GET request. You can detect the forbidden URL in the packet and drop the session or optionally forge and inject a redirect packet. There is a sample code named wwwcensor which demonstrates how this can be done.
More complex approach is implementing redirector + http proxy, redirector built on packet filter driver can transparently redirect outgoing connections to local http proxy which in turn can decide what to do with the particular session. The sample source code LAN HTTP Monitor demonstrates how this can be implemented. Although this sample is supposed to run on the gateway (an example, on Windows host with ICS enabled) and redirect connections from the LAN to the Internet, but it can be easily modified to redirect local connections.
DISCLOSURE: I authored the sample code mentioned in this post.
There's a similar question ( Can I temporarily override DNS resolution within a .NET application? ) but I just can't figure it out with the meager response there.
Background info
I have a server set up in my home network, an old computer. Our router has the right ports forwarded, the server runs server software for things like http, svn, games, etc. I've got a domain name registered that always points to our external IP address. For all intents and purposes, I've got a typical webserver set up. My friends can game on my server by connecting via the domain name, I can push and pull svn projects, etc.
The only problem is that I also need to use my server when I'm connected to my home network (the same network as the server). Using the domain name results in Windows resolving it to our own IP address, and my router is too retarded to realize it just needs to forward it back into our network to the server as per the usual. I've done some looking around, configuring, telnetting and DNS overriding, but I have it on good authority that our ISP apparently crippled the DNS override feature of their routers to prevent this exact scenario. Apparently they don't like internal loopbacks.
I now basically have to keep 2 configs for each of my server's services: one config that specifies the domain name for when I'm abroad, and a second that specifies the server's internal IP for when I'm at home. It's frustrating because it just isn't always possible.
I want to instantiate a global DNS resolution request/response listener that will do the following: if the requested domain name matches a given string, override the IP in the response with one of my choice.
I've looked things up like easyhook, dllimport, msdn pages, etc, but I still can't figure out where to actually start, which classes I need to get access to, and so on. I basically have no pre-existing code for this particular problem.
I have Visual Studio, years of relatively simple programming experience and a good understanding of unfamiliar code and everything else, just no idea how to start or what to look for.
Many thanks for anything that can get me going.
Couple of pointers, DNS is as you mentioned some server somewhere that knows how to resolve a Domain name to an IP ADDRESS. There are two types of responses 1) Definitive for the domain and 2) Not Definitive for the Domain. Obviously any Definitive response will win.
DNS does not run at TCP/IP layer it runs one layer below using UDP (port 53). As a result DNS is tied into the TCP/IP stack whereby the stack first looks locally to a local host table and sees is the name is there, if it cannot find it the stack will send out the DNS request prior to the session start or SYN packet flying. In order for this to happen, the DNS servers must resolve the address.
I do not fully understand your issue because most Windows servers only have 1 IP Address and one associated Domain name. Unless of course they are using DHCP which just means the server uses multiple address on boot up and DNS server receive updates to what those new address are.
Public vs. Private IP addresses are the responsibility of a router. The router is configured to do NAT (Network Address Translation). This allows a private server to have unroutable addresses like 10.10.1.100 etc. But the router will answer ARPs for the public address making the public network think the router is the public address. So one of your solutions could be to convert your server to a private address and use a "real" router that can perform NAT. Port forwarding is not really routing rather it's a way to "trick" packets destined for one port number to be forwarded to another port dedicated for that application.
My suggestion is to either follow the suggestions above or add the Domain names you want to the local Host table on the server. This will get you what you want. A better solution is to configure your own server to be a DNS server definitive for your domain, that way you get to control everything.
I ended up solving this with (as a few have suggested) the hosts file after all.
I first used ManagedWifi to set a network connection monitor. It detects changes to my connection status and reports the network name.
Then I wrote a console app that stays open (using Hidden Start allows me to hide the window) and safely modifies the hosts file, then flushes the DNS cache. This seems to work in pretty much realtime. :)
We've got an Asp.Net / IIS6 web application which sits on two servers in separate data centers on our intranet in an active-passive failover configuration. Lets call these servers MyAppSpringfield and MyAppShelbyville.
Now we've got a DNS name set up called 'MyApp', so that the users can simply access the application through http://myapp, and they don't need to know which server they're actually using.
Each month we swap the active and passive nodes around by changing the DNS entry, to keep in good practice for when the day comes that the active node dies for some reason.
Now we need to set up SSL for access to the application, but i've heard that HTTPS certificates are linked to a certain IP address or a certain application common name, so i'm worried this won't be possible, since the IP address that 'MyApp' points to will change every month.
Can anyone tell me if this is possible to set up SSL on those servers, in such a way that either IP will be fine with the cert and the users can simply access it via https://myapp ?
Thanks a lot
I don't think you have a problem. I'm no SSL expert, but I believe it is tied to the domain name, rather than the IP. I've switched IPs and data centers on several sites recently with no problem as far as SSL Certs are concerned. The Cert isn't aware of the IP address when it is issued, only the domain name.
Is it possible to write C# code as below and send email using mnetwork in different country?
MSExchangeWebServiceURL = mail.something.com/ews/exchange.asmx
It's a web service URL. This works great when I run the same code from home network, my friends home network anywhere around, but when I run it from my client's location in Columbia it fails.
I have a valid user name and password on that Exchange Server. Is there any configuration that I can set to achieve this?
BTW this code below works when I run it within office network and any network within any home network. I have tried it at least with five friends network in Plano, Texas. I want this code to work running from any network in another country.
My client in Columbia can connect to the web service using a browser using the same user name and password, but when I run the code above it is not able to connect to our web service.
EDIT: Based on the comments and updated post, I would wager that the client location has a proxy server or firewall that is blocking the traffic. The client probably needs to add the relevant domain to whatever "whitelist" they have.
If it works from an internal network, then the problem is most likely not the code. You need to debug it and see what error turns up when running it outside of the network. Then check the logs on the firewall and the target exchange server to see what is happening.
One possible culprit is that the DNS name is not setup outside the office network, or that the office firewall is not setup to pass traffic (or only to pass SMTP traffic) from the internet to the server in question. Another is that Exchange Web Services is not setup properly to accept requests from the outside world. That can be tested from http://www.testexchangeconnectivity.com/.
If this isn't enough for you to get there, post more info about what errors you are seeing. "It isn't working, I want it to work" kind of reminds me of the Star Trek TNG episode about the species who kept telling Geordi to "make it go".
If you are asking if the code works (which it doesn't look like you are but it's in your post) you should ask on stackoverflow. If you are wondering why it won't work from home Its likely because the edge server is not set up to relay, and if you are at home and not vpn'd into the network that's all you have access to.
You need to break this down a bit:
What's the MSExchangeWebServiceURL? I don't need to know your real URL, but is this resolvable from your home network? i.e. is it an internal DNS host (server.mycompany.local) or is it an externally-resolvable DNS host (mail.yourcompany.com)?
If it's internal, like another poster said, you'll at least need to VPN in (or replace that with the external URL).
I'm not a big C# guy, but I'm guessing it's looking for your Exchange Server hostname or FQDN, and since the type is "SMTP" it wants to establish a TCP session with your mail server. You can likely test this out by opening up your command prompt and trying to telnet <MSExchangeWebServiceURL> 25. When that works, my guess is your code will work too.
I have web service on server! This service is calling from the clients applications!
Now how i can get user name and computer name of clients that using this service, for example if application from Clint1 calling this service i want to get computer name and user name of Clint1?
Many thanks!
You can't reliably, really.
The server variable REMOTE_HOST may provide you with it, but in most cases it will be an IP address and it could well be a proxy's IP address. Also - it is something that can be easily spoofed.
Same goes for username (REMOTE_USER), unless you use some WS-Security mechanism to authenticate the user calling your webservice.
The client will have to be passing this information to the service.
As Wim said, you can't get this information reliably. For a guaranteed Windows network you can retrieve the current authenticated user (to the machine) using the server variable:
System.Web.HttpContext.Current.Request.ServerVariables("LOGON_USER")
The REMOTE_HOST variable is supposed to return the machine name, but in most cases (as he said) it will only be an IP address.
Even on a LAN, this is not an advisable security practice. This information can still be spoofed locally providing internal users the capability to masquerade as other users. If it's simply being used for identification (rather than authentication or authorization) it would probably be "good enough". If you maintained a small datatable (or the networking team) that identified each pc to its expected IP address, this information would achieve what you want.