If I have a generic public asp.net website, I want to know who is visting my website (I know how to get that), but more importantly, I want to know what company the user is from (is this a microsoft employee viewing my website, or a Coca Cola employee viewing my site or is this person using a home computer to view my site). How can I determine the computers domain name? Hope this is making sense.
Update: At most companies, I have seen the company name included as the "Full Computer Name" or the Domain value in "Computer name, domain and workgroup settings". Thats what I am looking to access.
You cannot do this with any absolute certainty - it suffers from a similar issue to getting their computer name, although you may have some success.
What you can try, is to do a reverse lookup on the IP address and take the domain part of the address (see previous link for code sample).
However, especially for smaller companies, this may just resolve to an ISP's domain, or perhaps not resolve at all. For home users it will almost certainly just be the ISP.
The other thing you could try, is to do a WHOIS on the IP address. This may give you an indication of the company; again, for smaller companies this is more likely to just be an ISP.
You can use Request.ServerVariables("remote_addr") to find the ip address that is being passed to you from the client and then use it to find out where it's coming from. A word of warning though, ip addresses can be spoofed, plus you may just be getting the address of a proxy server, so these things aren't exact.
After you get the ip address you'll need to do a whois lookup to find out who it's from. You may want to look here to find a whois api.
Also you may just consider running some sort of web log analysis through webtrends or some other analysis tool to get the same information in batch form. Because all of this information is more than likely being stored in your web server logs.
You cannot access computer name / domain name credentials without the user actually logging on to your public website with those credentials. If that were the case, you could access the remotely logged-on user using:
Request.ServerVariables["REMOTE_USER"]
The only way to get close to what you are asking is to use third party software. Maxmind.com is just one company that has a Geo location service. You can see that they offer an organisation field in their IP-to-City lookup.
If a user accesses your website from within a corporate network, Maxmind should have that data as part of their database, which you can then use.
Remember that the organisation refers to the IP address (netblock) owner. Therefore, should the user access your website from home, or from a mobile device, or anywhere outside the corporate network (or Maxmind has incorrect or incomplete data), then the data would be missing, misleading or flat wrong. The organisation needs to be big enough to own and register its own IP address block.
This info may also be available in Google Analytics.
Related
I want to put restriction like certain Regions, Cities and Countries should not be able to access my website. I came across some concept like GeoFencing, but I guess that can only be implemented on Windows Phones Or Windows 10. I came across few free APIs that would return me my client's location details.
I am working with Visual Studio 2015.
I also came across HTML5 GoeLocation, it is will ask user for permission to allow website to know his/her location; which is not good enough for me.
I want to know, what are other better choices or solutions we can look into?
Also, since I am using IIS server for deployment, can I use .htaccess in my case?
I have came across this IPSecurity configuration at server level. Is this a viable option? Has anyone tried it?
TIA
There are things you can try to do to find out the location of the user.
As you already found you can request their location from their browser, but that requires asking their permission, and it can be unreliable.
The location can be manually set, and in the case of desktop computers it's unlikely the computer has a GPS attached to provide a good location.
Another option is to look up thier IP in a geoip database: GeoIP2 City Database Demo
There does appear to be a GeoIP module for IIS 7+, but I haven't tried it personally: IIS7 Geoblock Module
But, these methods are unreliable and can give indeterminate, or even flat out wrong results.
The user can decline to provide their browser location, or the user can set their browser location to be the other side of the world.
And what IP is the user using? What about if they use a VPN? Now you have the geolocation for the VPNs IP.
The real answer is that you can't reliably find out where the end user is.
.htaccess
.htaccess is one of the ways Apache allows configuring security.
IIS uses different configuration methods.
Both IIS and Apache require 3rd party modules to restrict access based on geolocation, it's not something provided as standard.
My domain is WWW.Bank.com which is configured to Bank folder.
I want to access same folder by demo.Bank.com/user.Bank.com/anything.Bank.com i.e I don't want to create new sub folder in my root.
If I give URL like demo.Bank.com then internal pages should be demo.Bank.com/folder 1/home.asp x likewise..
Please help. If anyone have any dummy code then please share.
This goes beyond ASP.NET in the core of the DNS.
You need to have control of the DNS zone of your 'bank.com' domain. If your DNS provider has a web-service for adding, deleting and updating DNS A and CNAME records, you could do that, but that's very unusual thing to do. Then again, you need to bind each domain name in the IIS website if you do not have a dedicated IP for such purposes.
Blogging websites are a good example for this, they usually host blogs on blogname.blogsite.com, such as alice.blogsite.com or bob.blogsite.com and as they usually have huge amount of different blogs, they resort to a single DNS record to take care of all of them.
That's called wildcard DNS and is what you need. Add one DNS record called *.yourdomain.com and point it to a dedicated IP address. That will work for any subdomain name combination, even the ones you don't want and where no content will exist (you're still going to be able to handle 404's). Then, on the server, add that IP address as a secondary network address. In the IIS bind your website to that IP address without Host Header (domain name) constraint, so it would receive all requests for that IP, regardless of domain name.
Finally, in your ASP.net code fetch Request.Url.Host and you're going to get your subdomain as it was typed by the user.
(You can also go with a single IP address, but then no other websites must exist on the server.)
I want people to be able to vote on my site, but I don't like sites that forces registration to do this. So my question is, is the any way to vote up/down, save the votes in a database, and make sure a person can only vote once? Without using cookies, I feel like its too easy to just clear cookies and vote again.
Email "captcha" is always nice - in order to vote, user has to provide email address, you send a link to that email and calculate the vote only if user clicked on that link. One unique email can have only one vote.
You could store their ip address in the database. But that would mean that people sharing one Internet connection would not be able to vote once one person has voted. Also people with dynamic IP address could vote multiple times.
So there is nothing that would work really well apart from making them register. But you could simplify the logging in process with e.g. Facbook SDK for JavaScript (https://developers.facebook.com/docs/facebook-login/login-flow-for-web/v2.0). There are many others you can use in parallel (Facebook, Google, etc.). This way they would not have to manually register on your site. The down-side is that you require them to have a Facebook account. Some people also prefer not to tie their Facebook account to 3rd party sites (e.g. me).
You can collect details indirectly such as Operating System, IP address, Browser, Pligins which are installed, All Version Numbers in that session and produce a Hash.
By this, you can accompolish a reasonable vote ONCE on website without authentication.
Your options are as follows:
Read their IP address
Cookies
User Agent
However, the best bet is by far a login solution.
the only way without cookies is that you stores values in database by their IP adress for their identification.
but it will also not work perfectly, because
1)user can use proxy.
2)people who shared a same internet connection have the same ip adress.
Your options could be:
1- Save IP (note that IP is changed on DHCP, dialup connections and proxies)
2- OpenID as you see in stackoverflow.com (note that user can use multiple id on yahoo, facebook, ...)
3- send a link to email address (note that user may be use multiple email)
4- use cookies (note that user can delete cookies)
I have a registration page that sends a Welcome SMS for every registered user where the username is the user's mobile number.
In the welcome SMS there is an activation code to complete the registration process.
I also uses a Captcha control to prevent people from using bots.
The problem is, Some bad users are using the registration page to send SMS's to random mobile numbers which makes me loses the SMS credit.
Getting the MAC address of a website visitor is impossible, If it was possible, I will solve the problem by adding the anonymous bad visitors to a black list data table after say 3 different unverified mobile numbers.
My Question is: Is there any technique to identify a visitor in ASP.NET Or IIS.
Your question is answered in How can I Identify unique users on my website even IP is changed or browser data has been cleared? and How do I uniquely identify computers visiting my web site?. It can be done by combining the IP address and 'browser fingerprint'.
While this may be enough, I suspect that the malicious users will do anything possible to be not detected by these techniques. They can use a proxy server, a botnet, or other anonymizers like Tor to change IP address for every request, and they can craft their requests to fake random browsers.
To ultimately overcome this issue, you can for example make a Verified bit for each user, where you'll only send them an SMS after you have verified their account.
I need to organise my companies websites so that depending on the location of a user they get redirected to a country specific version of the site e.g.
US Users get redirected to a US
specific page
UK users get redirected
to a UK specific page.
I've seen this done plenty of times but am not sure how its implemented. I'm thinking some sort of IP address lookup?
Basically I want to know how to achieve this and if there are any .NET/C#/JavaScript utilities that could assist.
Yes, this is normally done via IP lookups - this is called GeoIP, or Geo Locating.
Here is a related question - asking for good providers that are cost effective.
Check http://www.hostip.info/
The have an IP lookup service.
You could also use the accept-locale request header... but it can be misleading.