I need to get the computer name and id of a client when it uses my SSO web .net core application.
My first solution was to this for the machine name:
var machName = Environment.MachineName;
And this for the machine id:
foreach (NetworkInterface nic in NetworkInterface.GetAllNetworkInterfaces())
{
// consider ethernet interfaces
if(nic.NetworkInterfaceType == NetworkInterfaceType.Ethernet && nic.OperationalStatus == OperationalStatus.Up)
{
return Ok(nic.GetPhysicalAddress().ToString());
}
}
Then is dawned on me that these are getting the name and id from the server, as in my computer.
I am currently debugging the request info including the header info, but I can't see anything in the header that correlates to the name and id. I am able to get the request IP and user agent from the HttpContext which is something i need, but not the name and id.
As far as I know, it's impossible actually to get client machine name and host name is not client machine name.
The client will send request to the server, so we could only get the parameter through request.
The request contains below things:
Request IP address (TCP/IP)
HTTP headers
That's all. IP address is an IP which is given by your Internet provider, and host name is name of some provider machine which Internet traffic passes through.
From request IP you cannot get real client machine name in general. In HTTP headers browsers also don't pass machine name.
Related
I am a newbie in integrating APIs and so I am encountering some issues that need help.I have been working with Clash of Clans API for some weeks. I want to make a website where users can make request and get data from the server. **To use the API, a JSON Web Token is required and it needs to be passed as part of every request. The token is bound to rate limitations and specified IP addresses. **
What I have been doing is, create a token with my IP address, get the token and make request using it. Now, I want to take this a step forward but I have no idea how to take request from users around the world.
I thought of taking keyword from the user and making request from the server but don't know the step forward. Or maybe I should make requests using my server's address from my PC? Which I don't know how. I will appreciate it if someone could explain to me with this in layman's language and if possible through a reference. Thank you in advance.
There are many ways to design for Clash of Clans API architecture.
I just to make a simple design base on quick review of Clash of Clans limitation.
API_KEY can add IP address only when create API_KEY.
It means can't update (add) user IP address after create API_KEY.
Step 0 : Create API_KEY
Clash of Clans server only allow specified IPs and API_KEY for REST API call.
You need to know your server IP v4 address(production purpose) and your IP address(debugging purpose)
your IP address get from google search
After create key, you (developer), develop(or debugging) your API.
This is created API KEY in CC server
This example, using Postman check API.
Step 1 : User login
With his User ID and password. it will save into your server with hashed value.
(It means not save password, save hashed data). it can verify but if leak to hacker much more safe.
Use request API call(or service) to your server
Step 2 : Your server forward API to CC server
Server verify user is valid
If valid user, server forward API call into Clash of Clans(CC) server by CC API with API_KEY(Bearer Token)
Step 3 : CC server check correct API call
CC server verify by compare called API_KEY/IP address with saved API_KEY/IP address
Step 4 : CC server return API response to your server
Your server received the server API call
Step 5 : Your server return to user
User received her request a service
This API list
You can test it from your home.
This is example API call via CC server's documentation
i have many asp.net core applications that connected to IdentityServer for the authentication. Before i run these application on the IIS every thing worked as it should. Before running on IIS, every application had its own port on same domain: eg: www.myserver.com:500x.
By moving them to the IIS server, we made those port invisible, so the user just sees the domain without any ports. To identity the requests, we gave every application an alias. The iis forwards the requests to the application, the alias belongs to. Example as following:
www.myserver.com/app1/index --> gets forwarded to application 1 with port 5001.
www.myserver.com/app2/index --> gets forwarded to application 2 with port 5002 and so on.
this idea worked fine, but not with the log out. when i log out from a client i call this functions from the client:
public async Task<IActionResult> OnGet()
{
logger.LogDebug("Current Client will be loged out for a user");
await HttpContext.SignOutAsync("oidc");
await HttpContext.SignOutAsync("Cookies", );
return SignOut("Cookies", "oidc");
}
But this deletes the authentication coockies just for the current Client and for the IdentityServer. The coockies at the other clients are not getting cleaned anymore with this code.
I'm not using the Iframe to make the PostLogout procedure. Any idea where should i search for the problem?
is it possible to delete all coockies for same domain at the logout call? is it the correct way to solve it?
Is there an out of the box policy to extract the incoming ip address? I could not find one.
Do I need to write code to do that? If so, how do I go about it? What are the other alternatives?
You can extract IP address in any policies using policy expressions. The expression would be context.Request.IpAddress
You can definitely use policy expressions.
But an easier approach might be the below:
If your goal is to capture the origin IP address (and not Azure's) on your backend (for logging purposes, etc.), then:
Whenever Azure API Management Studio forwards requests to your backend, it includes the header X-Forwarded-For
E.g.
{[X-Forwarded-For, 123.45.67.891, 13.75.131.25:1795]}
The first IP Address is the one you want.
The second IP Address is actually Azure's.
E.g. First, A mobile app makes a request to Azure API Mgmt --> Second, Azure API Mgmt forwards the request to your back end --> Lastly, you capture client's the IP (i.e. the mobile device's IP) from X-Forwarded-For.
How you capture the IP from the headers on your backend is up to you and what technology you're using (e.g. ASP.net core, node.js, etc.).
Here's a snippet of code where I'm capturing the IP
private LogMetadata BuildRequestMetadata(HttpRequestMessage request, Task<string> requestBody)
{
var headers = request.Headers.ToDictionary(d => d.Key, d => d.Value.Join(", "));
// If header X-Forwarded-For is included,
// it means the request is coming from Azure API MGMT studio.
// Example header value: {[X-Forwarded-For, 123.45.67.891 (Mobile Device), 13.75.131.25:1795 (Azure API Mgmt)]}
var clientIp =
headers.ContainsKey("X-Forwarded-For")
? headers["X-Forwarded-For"].Split(',')[0]
: request.GetOwinContext().Request.RemoteIpAddress;
}
I am trying to find the url the client used to get to the server, (on the server side). I have tried the following:
Uri url = OperationContext.Current.Channel.RemoteAddress.Uri;
Uri url = OperationContext.Current.Channel.Local.Uri;
Uri url = OperationContext.Current.EndpointDispatcher.EndpointAddress.Uri;
but none of these seemed to work correctly. They all return the server name, (with the fully qualifed domain. such as myserver.mydomain.local. Even if I used used myserver/myservice.svc it would get the full name.
At this point I don't have a service and domain available to test going to mywebsite.com/myservice.svc to see if it has the machine name or not.
The result I want to get (from the server would be):
http://mywebsite.com/myservice.svc
rather than
http://myserver.mydomain.local/myservice.svc
which is what seems to be happening at the moment.
If you have access to the HttpContext you can use HttpContext.Current.Request.Url.ToString().
OperationContext.Current.IncomingMessageHeaders.To
Should give the Uri that client used to connect to the server.
I am trying to connect to Office Communication Server using the Unified Communications Managed API. I have tried my user and a fresh user enabled for OCS. Both account can successfully log into the Office Communicator client, but fail using the API. When creating the network credential, if I pass in the username in the form domain\username, I get this error:
SupportedAuthenticationProtocols=Ntlm, Kerberos
Realm=SIP Communications Service
FailureReason=InvalidCredentials
ErrorCode=-2146893044
Microsoft.Rtc.Signaling.AuthenticationException: The log on was denied. Check that the proper credentials are being used and the account is active. ---> Microsoft.Rtc.Internal.Sip.AuthException: NegotiateSecurityAssociation failed, error: - 2146893044
If I leave off the domain in the username I this error:
ResponseCode=404 ResponseText=Not Found
DiagnosticInformation=ErrorCode=4005,Source=OCS.mydomain.com,Reason=Destination URI either not enabled for SIP or does not exist
Turns out this was an oversight on my part. Our AD domain and communicator domain are different, I had assumed they were the same.
The network credential is domain\username, and the sip address should have been sip:username#companyname.com, I was using sip:username#domain.com.
Two things to note:
Username should not contain the domain. There should be a separate Domain property of NetworkCredential that you should be using.
You also need to pass in the user URI as well - for example:
//Initialize and register the endpoint, using the credentials of the user the application will be acting as.
UserEndpointSettings userEndpointSettings = new UserEndpointSettings(_userURI, _userServer);
userEndpointSettings.Credential = _credential;
_userEndpoint = new UserEndpoint(_collabPlatform, userEndpointSettings);
_userEndpoint.BeginEstablish(EndEndpointEstablish, _userEndpoint);