Click here to Skip to main content
15,305,508 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more: , +
Dear Friends,

I am working on WEB API and giving for some organization. They will use the WEB API urn link in their application and they will host in their server.

1. I want to validate their server address or IP while they are accessing.
2. I Don't want some one use the created link so I need to restrict and it should use only to that organization.

Please share your inputs and code for implementing this.

NOTE : I don't want client IP for validation.

What I have tried:

string ip = HttpContext.Current.Request.ServerVariables["HTTP_X_FORWARDED_FOR"];
string clientip = "";
if (!string.IsNullOrEmpty(ip))
{
clientip = ip.Split(',')[0];
}
clientip = HttpContext.Current.Request.ServerVariables["REMOTE_ADDR"];
Posted
Updated 1-Aug-21 23:55pm

Split IP's by spaces & not commas. Did you try running it in debug mode to see what's in the header? Also, it's better to read it directly from headers & not server variables. X_FORWARDED_FOR is a standard header, which you can even find at Wikipedia. Wikipedia recommends a way to validate the header. Don't do it, unless your proxy is configured to pass that validation.
   
Don't use IP addresses for authentication. They are fairly easy to spoof. Use an API key or some other form of authentication instead.

You can add rules to your firewall or server to restrict access by IP as an additional security measure. But you will only be able to use the IP address that your server sees. If the users are not on the same internal network as the server, then that will be the public IP address(es) of their network.
   

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900