I have a client application that I install in my customer's offices. It's a hybird application, which means that some of our customers require us to install it inside their own network, without internet access. There are also some customers, that use our cloud solution (we also have version of an application in cloud - Azure). Our server is ASP.NET application and client applications vary by platform - we have web apps, Windows desktop apps, as well as Android apps.
So the problem is, that because of this heterogenous nature of the application, we need to rebuild our applications for each customer with different IP address of a server we have in their network. Apart from that we would also like to be able to use the same app for our "cloud" server, which can be reached also by static IP address or DNS name.
What my constraints are:
Usually I don't have access to the internet from inside those networks
IP Address of the server depends on customers' network, it varies among customers
I cannot create one application with one IP or DNS address of my server, because server IP depends on my customers
I don't have DNS server, my customerss are very small companies that usually also don't have DNS server, only home-grade routers, nor do I want to setup my private DNS servers inside those networks, because I don't have access to customers' routers.
Usually I don't have access to customers' routers
How we do this today:
We rebuild the application and change IP for each customer every time we need to do install/update
How can I avoid those problems? What are the usual ways the industry solves this?
Thank you in advance for help.
Related
The long and the short of this is that we use a 3rd party to retrieve addresses from the PAF database (and similar for non-UK addresses). They need the client IP address to deduce what sort of addresses (ie: British/Irish/Canadian/Amoeboid-Zingat'ularian) to default the search to.
We pass this traffic through a relay written as an MVC controller [HttpPost] action, and inject the authentication on the server, for security reasons.
For our customers that have our software hosted on Azure, this is easy, as the traffic between MVC controller action and the 3rd party's javascript will pass through an internet-facing firewall, and the IP gained using Request.ServerVariables["REMOTE_USER"] will be good enough.
BUT what if they have our software installed on premise? Then, isnt it possible that the IP this method gives me is one that only means anything to the local network?
If I could detect the difference, I could decide whether or not to send the IP: and therefore get the 3rd party to decide.
If the case is them installing your software on their servers would it not be easier to record what the location is at installation time or on application start.
No need then to read on each and every call. http://bot.whatismyipaddress.com/ called once and stored in app memory would suffice.
I am also assuming that the clients of this installed software will be in the same location. Almost certainly if they have local ip addresses.
I require to create a site in ASP.NET MVC C # that allows me to limit access to a computer registered user, what is the best way, get the MAC address? How?
It is not possible to get the client Mac address, since there is no direct link between the client and the web site. The Mac address is found on the client's ethernet physical layer, and you do not have direct access to their hardware configuration. I think the best you can get is get the client IP address by:
String clientIpAddress = Request.UserHostAddress;
but even that is "iffy" since it is behind the client's ISP's gateway and the actual computer would probably be connected behind a router or firewall.
If the client is a registered user, you would probably want to restrict access based on their login record that you define.
MAC Address is only available at a much lower level in the networking stack. A MAC address is used at the Data Link Layer in the OSI networking model. It is only available for direct connections (meaning, your PC knows the MAC of your router and your router knows the MAC of your PC and of your ISP's router). When we communicate over the Internet, we're communicating with IP addresses which are at a much higher level in the OSI stack. When you connect to say Google.com, the direct connection to Google doesn't happen from your PC to Google.com. There are potentially dozens of hops in between. The MAC address Google sees is the MAC address of the router that actually makes the physical connection to their server, not yours. That way it can send a message back to that MAC. That MAC then forwards to the MAC of the next closest hop, all the way back until it finally has your ISP talking to the MAC of your modem, which talks to the MAC of your router, then to the MAC of your PC.
Even if it was possible over the Internet (which it definitely isn't) it's a terrible idea. Every router I've seen in the last 20 years has a feature called MAC spoofing. You can set your MAC address to anything you want which makes it a poor security mechanism. If you want to restrict access to your website, either use usernames and passwords or certificates. You could use IP addresses as someone else suggested, but depending on your use case, remember most users on the Internet have dynamic IP addresses so you can't be guaranteed they'll always have the same IP every time they connect to your server.
Please actually read my post before placing it on hold!!
Let me start by saying I've been searching for a solution all afternoon and so far I have seen plenty of examples for WCF but none that would do what I need.
I have developed an application in c# that will be installed on customer servers and accesses a sql server on the customer's local network. The application also has the ability to control network relays on the customer's local network and records the status of these in sql. I am trying to figure out a way to have the customer's server establish a connection to our datacenter and be able to issue commands back to the customer's server (retrieve datasets from sql, control the network relays, etc). I have found plenty of ways to have a client call classes on a server but have so far been unsuccessful in finding the reverse. One consideration was writing a web service as part of the application on the customer's server but need a way to establish this connection for customers with dynamic IP addresses and without having to publish through firewalls, etc.
Have you considered using
VPN - Virtual private network
or
Configuring a Port Forwarding redirect on the ADSL modem, and using a solution like www.noip.com ?
If I understand correctly you want to get information from the customer's database, which is behind a firewall and has no known static ip, in addition there might be several hundred customers so a dedicated VPN to the customer is not viable.
First of all: you should not contact the customer database directly. Databases are not designed for this scenario and would probably be left open to attack if exposed directly to the internet.
So you need a service on top of the database. There are two main options you can use for this service:
Polling service
The service is actually a client calling some web service on your network and asking for instructions.
Benefits: easy to implement and deploy.
Downsides: With polling there is always the cost-benefit of scalability/bandwidth use vs. speed of service. There are also some considerations in selecting the time to poll to prevent all the client polling at the same time.
The service is a tcp-server
This can be a usual web service (or RESTfull service) or some other service. The only difference is that it needs to advertise itself. For that you need to have a known directory server. When the service starts it then connects to the directory service and tells it the port it can be contacted on (the directory knows the ip from the connection). It will then need to periodically contact the directory to let it know it is still alive and so any change in IP is detected.
A client on your network would now query the directory to find the address of the client and connect directly to it to issue commands.
Benefit: Scalable and bandwidth efficient.
Downside: More difficult to implement. Requires firewall traversal solutions (UPNP or firewall exceptions).
I am developing a LAN-based database application. It involves a central "server" app to house the database, along with many "client" applications that access it.
The "server" will be a simple C#-based HTTP server that responds to GET and POST requests. However, since it is designed to be able to run from any laptop on the network, I am wondering how to establish the connection between clients and the server without knowing the IP address.
I suppose I could ping every IP address from 192.168.0.0 to 192.168.0.255, and then test those that responded to see if any are my server. But I would only do that if there is no better way. Any suggestions?
Many of these types of discovery services run by putting out some kind of beacon on either the subnet broadcast address (for 192.168.0.0/24 it would be 192.168.0.255) or by putting out a beacon on a multicast address.
Multicast is particularly interesting because in a properly configured network, it allows hosts to find the service even across subnets. Routers and switches won't generally forward broadcast packets across subnet boundaries, but multicast packets will.
The beacon would have information in it such as the port the service is running on, what type of service it is, whatever is needed to start using the service.
To head you in the right direction, what you should do is have the database server running on a specified port. Then send out a broadcast to that port from the client (the system needing to connect to the database). When the database server receives this, it will be able to respond to the sender, allowing a handshake to occur.
Of course, you will need to validate the database server's authenticity (to make it secure, unless you aren't worried about that). This can be as simple as having the client display 4 numbers which then need to be typed into the database, so that the database can send the 4 numbers back to the client proving it is the right computer (how the iTunes remote works), or you can use certificates (but that is too complex a topic for me to cover correctly).
After that the two computers will know each others IPs, and you're set!
I am trying to test my asp.net project website for public access, so far I have done:
Uploaded to IIS 7 and binded to my localhost (192.168.....) Ok works well.
Obtained a free domain from 000webhost.com/
I tried to change the binding in IIS to the free domain mytestsite#herobo.com but apparently it's showing the webhost default page instead.
Is is possible to remain hosting all web project files in my IIS but use the free domain name so that the public can access?
I believe you need to change this on the hosting site. They should have a webpage you can use to edit your DNS records. This might be it (View Account Details)
192.168 is a private ip address. No one on the internet will be able to see you. Your ISP likely provides you with a public IP address that can support certain server tasks but many ISP's block port 80 so that home users can't start hosting web servers. That means you may need to host your site on a non-standard port.
So, in order for other people to browse to your domain and have that domain's services be handled by your local machine, you'll need to have your domain's A record (in the DNS settings for the domain) pointing to your public IP address. If your ISP assigns you a dynamic IP address, this will require updating your domain name's A record each time you are assigned a new public IP address. This can cause a period of "unavailability" as the changes to the DNS records take time to propagate.
There are services such as DynDNS that can make this rather automatic.
Then there is the issue of configuring your router (assuming it's a NAT based router), which is likely going to need to be configured to forward requests for web services (for port 80 or whatever port you end up using if you need to work around your ISP's restrictions) so that requests from the internet are forwarded to your machine. Your router likely has "port forwarding" and "dynamic dns" features built in, but it'll be manufacturer specific.