Obtain real IP address of client

  • Thread starter Thread starter Brian Cryer
  • Start date Start date
B

Brian Cryer

What I'm looking for is a way to tell if two sessions are from the same
physical PC or from different PCs (within the same organisation say). This
is with the view to possibly enforcing license restrictions, i.e. limiting
the number of pcs that user account can connect from (say to 1 perhaps 2)
but not the number of open sessions that user can have.

So, with that in mind I was wondering whether it was possible to obtain the
local IP address of a PC? I know I can use Request.UserHostAddress but if
someone is behind a router (or proxy) then it just returns the external
public IP address. Is it possible to obtain the internal (real) IP address
of a visitor as well as their public IP address?

If not then does anyone have any other ideas for detecting whether two
sessions with the same Request.UserHostAddress are from the same PC or not?

TIA.
 
What I'm looking for is a way to tell if two sessions are from the same
physical PC or from different PCs (within the same organisation say). This
is with the view to possibly enforcing license restrictions, i.e. limiting
the number of pcs that user account can connect from (say to 1 perhaps 2)
but not the number of open sessions that user can have.

So, with that in mind I was wondering whether it was possible to obtain the
local IP address of a PC? I know I can use Request.UserHostAddress but if
someone is behind a router (or proxy) then it just returns the external
public IP address. Is it possible to obtain the internal (real) IP address
of a visitor as well as their public IP address?

If not then does anyone have any other ideas for detecting whether two
sessions with the same Request.UserHostAddress are from the same PC or not?

TIA.
Click to expand...

first test HTTP_X_FORWARDED_FOR and if it's not available, use
REMOTE_ADDR, or Request.UserHostAddress

string ip = Request.ServerVariables("HTTP_X_FORWARDED_FOR");
if(ip != "") {
ip=Request.ServerVariables("REMOTE_ADDR");
}
 
So, with that in mind I was wondering whether it was possible to obtain
the local IP address of a PC? I know I can use Request.UserHostAddress but
if someone is behind a router (or proxy) then it just returns the external
public IP address. Is it possible to obtain the internal (real) IP address
of a visitor as well as their public IP address?
Click to expand...

There is no reliable way to do this... For one thing, IP addresses are so
easy to spoof these days...
If not then does anyone have any other ideas for detecting whether two
sessions with the same Request.UserHostAddress are from the same PC or
not?
Click to expand...

You could look at cookies, I suppose, but what if the workstation has e.g.
IE, FireFox, Opera, Netscape and Safari installed (like I do on my test
machine)...?
 
Alexey Smirnov said:
first test HTTP_X_FORWARDED_FOR and if it's not available, use
REMOTE_ADDR, or Request.UserHostAddress

string ip = Request.ServerVariables("HTTP_X_FORWARDED_FOR");
if(ip != "") {
ip=Request.ServerVariables("REMOTE_ADDR");
}
Click to expand...

Thanks Alexey. This is the best I've seen. I wasn't aware of
HTTP_X_FORWARDED_FOR, useful to know about thanks.

This does the job if the person is going via a proxy, but not if they are
behind a router. If they are behind a router I still only see the public IP
address (although at least I now see the public IP address before it hits a
proxy). Its a big step in the right direction. Thanks.
 
Mark Rae said:
There is no reliable way to do this... For one thing, IP addresses are so
easy to spoof these days...
Click to expand...

That's what I suspect.
You could look at cookies, I suppose, but what if the workstation has e.g.
IE, FireFox, Opera, Netscape and Safari installed (like I do on my test
machine)...?
Click to expand...

I had a brief play with cookies, but didn't have much joy in getting values
back. Could have been a mistake in my code or simply that cookies are
blocked so often ...

Thank you for the idea.
 
Peter Bromberg said:
Maybe what you really need to do is make people log in, and store their
credentials in such a way that if they log in a second time with the same
credentials, you'll be able to detect that's a duplicate login. Then you
needn't worry about IP addresses.
-- Peter
Recursion: see Recursion
site: http://www.eggheadcafe.com
unBlog: http://petesbloggerama.blogspot.com
BlogMetaFinder: http://www.blogmetafinder.com
Click to expand...

Detecting multiple logins by the same account is easy, but isn't what I'm
after. What I would like to be able to is to distinguish between multiple
sessions (logged in) from one pc and those which are from two or more pcs.
The rational being not to stop someone from having multiple browser windows
open on their pc, but to stop or at least detect if the same account is
logged in from two or more different pcs (in the same office). I hope you
can see what I'm aiming for.

I know there are issues like has the browser been closed without logging
off, but I can see workarounds for issues like those. Alexey has given a
work around that works for telling apart pcs behind a proxy, but I'm stuck
on how to tell two pcs apart which are behind the same router. Any ideas
appreciated.
 
Brian Cryer said:
That's what I suspect.


I had a brief play with cookies, but didn't have much joy in getting
values back. Could have been a mistake in my code or simply that cookies
are blocked so often ...
Click to expand...

My cookie implementation was wrong. My mistake.

So it looks like the cookie approach will give me what I need. I'd still
like a way to identify the PC (by IP address or name) for reporting purposes
(say to the user even) but that isn't so pressing.

Thanks.
 
Back
Top