0

I have a Web API developed in asp.net. Now I want to log the MAC Address of any incoming request to API. is this possible in c# and how?

Any help would be very much appreciated?

Thank you

user3363268
  • 3
  • 1
  • 5

1 Answers1

1

There is no solution with HTTP protocol. Using ASP.NET you can't get MAC address or other hardware identifiers. You can get IP but many machines will share the same IP if they are behind NAT. The same issue with combination of IP+browser+version.

Depends on your requirements, you may

  • rely on cookies as soon as cookies won't be deleted
  • create authentication mechanism and send session id for each request
  • use HTTPS or the OAuth protocol

Some other ideas: Designing a Secure REST (Web) API without OAuth

user2316116
  • 6,726
  • 1
  • 21
  • 35
  • thank you, my actual problem here is I am trying secure the api from relay attacks by blocking the MAC address.. can you suggest me possible ways of achieving this – user3363268 May 01 '14 at 15:38
  • Block by IP. There is a lot of solutions for this: e.g. [HttpModule](http://madskristensen.net/post/block-dos-attacks-easily-in-aspnet), [global.asax-solution](http://blogs.msdn.com/b/friis/archive/2014/04/25/easily-detect-and-block-malicious-http-requests-targeting-iis-asp-net-using-blackips.aspx) – user2316116 May 01 '14 at 16:01
  • they can be using multiple IPs at the same time. – user3363268 May 01 '14 at 16:07
  • Take a look at [this post](http://blog.maartenballiauw.be/post/2013/05/28/Throttling-ASPNET-Web-API-calls.aspx) which explains how to use [WebApiContrib ThrottlingHandler](https://github.com/WebApiContrib/WebAPIContrib/) which, for example, can limit anonymous API clients to a maximum of X requests per hour. – user2316116 May 01 '14 at 16:55