I have web service on server! This service is calling from the clients applications!
Now how i can get user name and computer name of clients that using this service, for example if application from Clint1 calling this service i want to get computer name and user name of Clint1?
Many thanks!
You can't reliably, really.
The server variable REMOTE_HOST may provide you with it, but in most cases it will be an IP address and it could well be a proxy's IP address. Also - it is something that can be easily spoofed.
Same goes for username (REMOTE_USER), unless you use some WS-Security mechanism to authenticate the user calling your webservice.
The client will have to be passing this information to the service.
As Wim said, you can't get this information reliably. For a guaranteed Windows network you can retrieve the current authenticated user (to the machine) using the server variable:
System.Web.HttpContext.Current.Request.ServerVariables("LOGON_USER")
The REMOTE_HOST variable is supposed to return the machine name, but in most cases (as he said) it will only be an IP address.
Even on a LAN, this is not an advisable security practice. This information can still be spoofed locally providing internal users the capability to masquerade as other users. If it's simply being used for identification (rather than authentication or authorization) it would probably be "good enough". If you maintained a small datatable (or the networking team) that identified each pc to its expected IP address, this information would achieve what you want.
Related
I want to implement a Windows Service that will by default block/allow all network connections and whitelist/blacklist specific domain names (like google.com).
I looked at Windows Filtering Platform but it does not seem I can filter on domain names, only on exact IPs. The problem is that IPs corresponding to domain names might change over the time and there might be multiple for one domain name.
How can I do this filtering on domain names ?
Note that if you only filter by DNS name, your filter can easily be circumvented by using an IP address. So filtering by IP address will be more robust.
You can do reverse IP lookups to get associated domain names. You'll probably want to implement a reverse IP address lookup cache. You would flush entries in the cache when they've exceeded their DNS TTL.
If you want to stick solely with domain names (and depending on where you want to do the filtering) you could hook winsock.dll. See this on SO. Your winsock hook would filter gethostbyname() and other APIs that resolve DNS names.
Before your browser connects to to the host identified by the domain name it issues a DNS query for that domain name. You can create a network filter driver to intercept DNS response packets and even modify them. An example, if the specific domain name is blacklisted then you can modify DNS response and change the IP address to the IP of the host with HTTP-server which shows the message like "Web-site is blocked".
Another possible approach is playing around HTTP GET request. You can detect the forbidden URL in the packet and drop the session or optionally forge and inject a redirect packet. There is a sample code named wwwcensor which demonstrates how this can be done.
More complex approach is implementing redirector + http proxy, redirector built on packet filter driver can transparently redirect outgoing connections to local http proxy which in turn can decide what to do with the particular session. The sample source code LAN HTTP Monitor demonstrates how this can be implemented. Although this sample is supposed to run on the gateway (an example, on Windows host with ICS enabled) and redirect connections from the LAN to the Internet, but it can be easily modified to redirect local connections.
DISCLOSURE: I authored the sample code mentioned in this post.
Is it possible that store IP and/or MAC address of client system in Cookie in ASP.NET
It is possible to store anything relatively small (<100K) in cookies, obtaining information is whole other story.
After you obtained IP / MAC (hard to do on web page, and "really useful IP" is pretty much non-existent thing) you may need to encode value to put in cookies.
Obtaining MAC - not possible via normal JavaScript. Trusted site/trusted control may be able to obtain one MAC addresses in JavaScript.
Obtaining IP - externally visible IP is available on your server as header, you can also find existing service that will give you such IP. Note that it most cases it is different from IP of local machine visible locally.
The IP address of the user is stored in Request.UserHostAddress.
We've got an Asp.Net / IIS6 web application which sits on two servers in separate data centers on our intranet in an active-passive failover configuration. Lets call these servers MyAppSpringfield and MyAppShelbyville.
Now we've got a DNS name set up called 'MyApp', so that the users can simply access the application through http://myapp, and they don't need to know which server they're actually using.
Each month we swap the active and passive nodes around by changing the DNS entry, to keep in good practice for when the day comes that the active node dies for some reason.
Now we need to set up SSL for access to the application, but i've heard that HTTPS certificates are linked to a certain IP address or a certain application common name, so i'm worried this won't be possible, since the IP address that 'MyApp' points to will change every month.
Can anyone tell me if this is possible to set up SSL on those servers, in such a way that either IP will be fine with the cert and the users can simply access it via https://myapp ?
Thanks a lot
I don't think you have a problem. I'm no SSL expert, but I believe it is tied to the domain name, rather than the IP. I've switched IPs and data centers on several sites recently with no problem as far as SSL Certs are concerned. The Cert isn't aware of the IP address when it is issued, only the domain name.
Is there any way, on a windows domain, to get hostname or IP address given the domain username? C# APIs would be great.
example: string GetUserIP(string username);
The short answer is that you can't find the information because the IP address is assigned to a computer and not a user. Now you might be able to find out the IP address of the computer a user logged into. The first step would be to talk with the domain administrator. Find out if they are logging the information. They may also be able to point you to how to search the log (that is with a huge assumption that the domain admin will cooperate which is NOT guaranteed).
Now having said that if others are connecting to your application it is relatively easy to get the IP address from where they are connecting. You simply exam the connection property in the connection after it has been established.
I ended up creating a client-side application that runs on logon (by adding the correct registry key. See Here) You could also implement this as part of a logon script. This connected to the remote service and reported the username. The server application then maintained a dictionary of logged-on users and IPs.
Is it possible to write C# code as below and send email using mnetwork in different country?
MSExchangeWebServiceURL = mail.something.com/ews/exchange.asmx
It's a web service URL. This works great when I run the same code from home network, my friends home network anywhere around, but when I run it from my client's location in Columbia it fails.
I have a valid user name and password on that Exchange Server. Is there any configuration that I can set to achieve this?
BTW this code below works when I run it within office network and any network within any home network. I have tried it at least with five friends network in Plano, Texas. I want this code to work running from any network in another country.
My client in Columbia can connect to the web service using a browser using the same user name and password, but when I run the code above it is not able to connect to our web service.
EDIT: Based on the comments and updated post, I would wager that the client location has a proxy server or firewall that is blocking the traffic. The client probably needs to add the relevant domain to whatever "whitelist" they have.
If it works from an internal network, then the problem is most likely not the code. You need to debug it and see what error turns up when running it outside of the network. Then check the logs on the firewall and the target exchange server to see what is happening.
One possible culprit is that the DNS name is not setup outside the office network, or that the office firewall is not setup to pass traffic (or only to pass SMTP traffic) from the internet to the server in question. Another is that Exchange Web Services is not setup properly to accept requests from the outside world. That can be tested from http://www.testexchangeconnectivity.com/.
If this isn't enough for you to get there, post more info about what errors you are seeing. "It isn't working, I want it to work" kind of reminds me of the Star Trek TNG episode about the species who kept telling Geordi to "make it go".
If you are asking if the code works (which it doesn't look like you are but it's in your post) you should ask on stackoverflow. If you are wondering why it won't work from home Its likely because the edge server is not set up to relay, and if you are at home and not vpn'd into the network that's all you have access to.
You need to break this down a bit:
What's the MSExchangeWebServiceURL? I don't need to know your real URL, but is this resolvable from your home network? i.e. is it an internal DNS host (server.mycompany.local) or is it an externally-resolvable DNS host (mail.yourcompany.com)?
If it's internal, like another poster said, you'll at least need to VPN in (or replace that with the external URL).
I'm not a big C# guy, but I'm guessing it's looking for your Exchange Server hostname or FQDN, and since the type is "SMTP" it wants to establish a TCP session with your mail server. You can likely test this out by opening up your command prompt and trying to telnet <MSExchangeWebServiceURL> 25. When that works, my guess is your code will work too.