0

I am using a login form where i want to get user/client ip address or user machine name. Now there are multiple solution provided on multiple platforms including stackoverflow and i have tried almost everything. i have tried **HTTP_X_FORWARDED_FOR ** , **REMOTE_ADDR ** etc, but they return me server or public ip and not ip of the client. these things works good on local machine but when deploy on production environment these return the server/public ip and not client ip.

How can i get client's ip address??

MFI
  • 1
  • So, what option did you use from these: https://stackoverflow.com/questions/735350/how-to-get-a-users-client-ip-address-in-asp-net?rq=2 and what was the IP address you got instead of the expected one? Did you expect the IP of the client PC in their local network? Was the client pc connecting over a NAT-ed network? Over a proxy? Over VPN? Over Tor? We don't know where your server is or your client, let alone how their networks connects, it is impossible to answer this question without that context info. – rene Apr 07 '23 at 08:07
  • i have tried almost every solution mentioned in this. but all i get is either server ip or public ip of client. means whatever i get is shared between multiple users. like public ip is share with many.. and server ip is shared with all the users trying to access the page. i want to get unique ip of client/user to handle them individually. @rene – MFI Apr 07 '23 at 09:45
  • Basically you can't then. If your clients are behind a NATed device you can not obtain their local ip address. Nor would it be useful to know. – rene Apr 07 '23 at 10:15
  • @rene. okay so on a login page if a user is trying to login but giving wrong credentials then i want to block that user after 7 attempts. i am trying to get this done by getting the ip address of user/client and store it in a table in db and created a column of login counter which increases every time the user ads the wrong inputs. my implementation works fine on local machine but does not work on environment . Can you suggest me how can i modify this code structure to get what i want? – MFI Apr 07 '23 at 10:30
  • Use a cookie / anti forgery token / user agent / browser fingerprint and their IP. Also: you can still throttle login attempts from the same address: on every failed login from the same IP postpone your 401 result by an increasing number of seconds. Succesfull logins get right in. – rene Apr 07 '23 at 12:08
  • i tried with cookie by generating a random string for user and it worked but this is not recommended as cookies are not allowed by some users also it is not safe to use cookies. – MFI Apr 07 '23 at 14:13
  • "it is not safe to use cookies". Citation needed. – rene Apr 07 '23 at 14:18
  • anyway: https://security.stackexchange.com/questions/74211/what-is-the-difference-between-login-throttling-and-temporary-account-lockout?rq=1 – rene Apr 07 '23 at 14:21

1 Answers1

-1

Have you tried this method? This once worked for me.

string ipAddress = HttpContext.Current.Request.ServerVariables["HTTP_X_FORWARDED_FOR"];

if (!string.IsNullOrEmpty(ipAddress)) 
{
    string[] addresses = ipAddress.Split(',');
    if (addresses.Length != 0) 
       {
         ipAddress = addresses[0];
       }
} 
else 
{
    ipAddress = HttpContext.Current.Request.ServerVariables["REMOTE_ADDR"];
}

// remove any whitespace
ipAddress = ipAddress.Trim();

To get the client's private IP address, you can use the Dns.GetHostEntry() method to resolve the IP address of the client's machine.

string ipAddress = string.Empty;
IPAddress[] ipAddresses = Dns.GetHostEntry(HttpContext.Current.Request.UserHostAddress).AddressList;

foreach (IPAddress addr in ipAddresses) {
    if (addr.AddressFamily == AddressFamily.InterNetwork) {
        ipAddress = addr.ToString();
        break;
    }
}

Give it a thumbs up if this helps you.

Lahiru Sandaruwan
  • 121
  • 1
  • 17
  • yes i tried this but this returns me the public ip of the client. means people with same internet provider will have same ip. so thats why its useless for me. – MFI Apr 07 '23 at 14:12