HttpContext.Current.Request.UserHostAddress issue

hi all

This problem is odd. in a web service, I try to get the client's IP address
from the HttpContext object, but it seems to fail to get the proper IP, now
in this development environment, we are working on the client site, I don't
really have a clear understanding of their network layout, but it is
possible that their are using a proxy server to do all Http requset thus the
IP in the context is the proxy server IP, any inside?


Kevin

Kevin Yu

yes..very possible/likely...ASP.Net can only show what's available in the
HTTPHeaders....so proxies/routers can certainly effect this and many other
fields..

Karl

--
MY ASP.Net tutorials
http://www.openmymind.net/ - New and Improved (yes, the popup is
annoying)
http://www.openmymind.net/faq.aspx - unofficial newsgroup FAQ (more to
come!)
"Kevin Yu" <> wrote in message
news:...
> hi all
>
> This problem is odd. in a web service, I try to get the client's IP
address
> from the HttpContext object, but it seems to fail to get the proper IP,
now
> in this development environment, we are working on the client site, I
don't
> really have a clear understanding of their network layout, but it is
> possible that their are using a proxy server to do all Http requset thus
the
> IP in the context is the proxy server IP, any inside?
>
>
> Kevin
>
>

Karl Seguin

what happened is all web app use a sign on portal which authenticate user
then redirect them to the appropriate application and the login portal is
hosted on the web farm, I guess that's what cause the problem.

I guess there is no way I can get the proper IP in this kind of setup.



"Karl Seguin" <karl REMOVE @ REMOVE openmymind REMOVEMETOO . ANDME net>
wrote in message news:...
> yes..very possible/likely...ASP.Net can only show what's available in the
> HTTPHeaders....so proxies/routers can certainly effect this and many other
> fields..
>
> Karl
>
> --
> MY ASP.Net tutorials
> http://www.openmymind.net/ - New and Improved (yes, the popup is
> annoying)
> http://www.openmymind.net/faq.aspx - unofficial newsgroup FAQ (more to
> come!)
> "Kevin Yu" <> wrote in message
> news:...
> > hi all
> >
> > This problem is odd. in a web service, I try to get the client's IP
> address
> > from the HttpContext object, but it seems to fail to get the proper IP,
> now
> > in this development environment, we are working on the client site, I
> don't
> > really have a clear understanding of their network layout, but it is
> > possible that their are using a proxy server to do all Http requset thus
> the
> > IP in the context is the proxy server IP, any inside?
> >
> >
> > Kevin
> >
> >
>
>

Kevin Yu

"Kevin Yu" <> wrote in message
news:...
>
> I guess there is no way I can get the proper IP in this kind of setup.
>

Absolutely not ! This also will make life a little bit harder for hackers.
They can still get to the real meat, but it will be harder.

John

WJ

"WJ" <> wrote in message
news:...
>
> "Kevin Yu" <> wrote in message
> news:...
> >
> > I guess there is no way I can get the proper IP in this kind of setup.
> >
>
> Absolutely not ! This also will make life a little bit harder for hackers.
> They can still get to the real meat, but it will be harder.

How in .NET? I mean the HttpContext doesn't even contain the source IP (I
guess it's the proxy IP)





>
> John
>
>

Kevin Yu

"Kevin Yu" <> wrote in message
news:...
> How in .NET? I mean the HttpContext doesn't even contain the source IP (I
> guess it's the proxy IP)
>

Asp.net will return the Proxy IP, not the original IP. If your server
exposes directly to outside without middle man then yes, you can see my true
IP. Otherwise, the packet is intercepted at the DMZ and all you see is your
company agent. I am not a network expert, but I think, they may be able to
arrange some kinds of special exception for your application ? You may ask
your network technician to see if this can be done.

John

WJ

WJ wrote:

>
> "Kevin Yu" <> wrote in message
> news:...
> > How in .NET? I mean the HttpContext doesn't even contain the source
> > IP (I guess it's the proxy IP)
> >
>
> Asp.net will return the Proxy IP, not the original IP. If your server
> exposes directly to outside without middle man then yes, you can see
> my true IP. Otherwise, the packet is intercepted at the DMZ and all
> you see is your company agent. I am not a network expert, but I
> think, they may be able to arrange some kinds of special exception
> for your application ? You may ask your network technician to see if
> this can be done.

Don't forget that proxies may a X-Forwarded-For or similar header
contains the original IP.

Cheers,
--
http://www.joergjooss.de
mailto:news-

Joerg Jooss

"WJ" <> wrote in message
news:...
>
> "Kevin Yu" <> wrote in message
> news:...
> > How in .NET? I mean the HttpContext doesn't even contain the source IP
(I
> > guess it's the proxy IP)
> >
>
> Asp.net will return the Proxy IP, not the original IP. If your server
> exposes directly to outside without middle man then yes, you can see my
true
> IP. Otherwise, the packet is intercepted at the DMZ and all you see is
your
> company agent.

so that's what happen, I checked the network environment documentation. they
do have a
DMZ setup here. so I guess it's almost impossible to get correct source IP
then. it's their
security measure, we as developer need to follow the rules/regulations.


I am not a network expert, but I think, they may be able to
> arrange some kinds of special exception for your application ? You may ask
> your network technician to see if this can be done.
>

I don't think it's up to the network technician to decide that, it's all
politic here.



> John
>
>

Kevin Yu