1

I have a WEB API that has a backend in C# (using DDD) and a frontend that uses it in Angular hosted in different servers. I want to get my client's IP when they log in (for audit purposes), when I try to run my code through postman it works but when making the request through the frontend, it always return the frontend server IP.

I have tried using IpPublicKnowledge which is a Nuget package that gets the IP using a webpage.

I have tried different ways that get the IP from the HttpContext but they also return Frontend server IP, not the client's IO.

Uwe Keim
  • 39,551
  • 56
  • 175
  • 291
Serl
  • 240
  • 1
  • 14
  • 1
    Learn how the `HTTP_X_FORWARDED_FOR` header is composed when your requests go through the proxy layers. Then, write a code that decomposes the list and takes not the very last (your frontend server) but the very first (actual client IP). – Wiktor Zychla Jun 08 '18 at 13:38
  • 1
    In other words, this looks like duplicate of https://stackoverflow.com/questions/753645/how-do-i-get-the-correct-ip-from-http-x-forwarded-for-if-it-contains-multiple-ip. Is it? – Wiktor Zychla Jun 08 '18 at 13:39
  • Your web API gets the IP of the application which calls the Web API. So if your web application calls web API then it will get Web Application's IP. If you want the IP of the end user then you should be getting that IP in web application and then forward it to the Web API. – Chetan Jun 08 '18 at 13:39
  • @WiktorZychla I looked at the other questions and it points out that I can get the client's IP using HTTP_X_FORWARDED_FOR but that isn't necessarily the client's ip, it could be the company gateway and some proxies wipe that data out. So it isn't as accurate as I would like – Serl Jun 08 '18 at 14:20
  • @ChetanRanpariya I understand, but this API will be used by other applications (mobile) and I wanted to keep the responsibility for getting the IP in the backend only. – Serl Jun 08 '18 at 14:23
  • @IsadoraLima: in case of multiple gateways, the `HTTP_X_FORWARDED_FOR` contains a **complete list** of addresses (unless of course a misconfigured proxy decides to break the convention). We use it for years and it's quite reliable. – Wiktor Zychla Jun 09 '18 at 11:44

1 Answers1

0

I am answering this in case anyone wants to know, I tried to get the IP through HTTP_X_FORWARDED_FOR but it wasn't reliable enough. So what solved it was to create a php server that got the ip from the client and have the frontend application use it and send it to the backend. @Chetan Ranpariya also said this and it ended up being my last resort.

Serl
  • 240
  • 1
  • 14