I need to organise my companies websites so that depending on the location of a user they get redirected to a country specific version of the site e.g.
US Users get redirected to a US
specific page
UK users get redirected
to a UK specific page.
I've seen this done plenty of times but am not sure how its implemented. I'm thinking some sort of IP address lookup?
Basically I want to know how to achieve this and if there are any .NET/C#/JavaScript utilities that could assist.
Yes, this is normally done via IP lookups - this is called GeoIP, or Geo Locating.
Here is a related question - asking for good providers that are cost effective.
Check http://www.hostip.info/
The have an IP lookup service.
You could also use the accept-locale request header... but it can be misleading.
Related
I want people to be able to vote on my site, but I don't like sites that forces registration to do this. So my question is, is the any way to vote up/down, save the votes in a database, and make sure a person can only vote once? Without using cookies, I feel like its too easy to just clear cookies and vote again.
Email "captcha" is always nice - in order to vote, user has to provide email address, you send a link to that email and calculate the vote only if user clicked on that link. One unique email can have only one vote.
You could store their ip address in the database. But that would mean that people sharing one Internet connection would not be able to vote once one person has voted. Also people with dynamic IP address could vote multiple times.
So there is nothing that would work really well apart from making them register. But you could simplify the logging in process with e.g. Facbook SDK for JavaScript (https://developers.facebook.com/docs/facebook-login/login-flow-for-web/v2.0). There are many others you can use in parallel (Facebook, Google, etc.). This way they would not have to manually register on your site. The down-side is that you require them to have a Facebook account. Some people also prefer not to tie their Facebook account to 3rd party sites (e.g. me).
You can collect details indirectly such as Operating System, IP address, Browser, Pligins which are installed, All Version Numbers in that session and produce a Hash.
By this, you can accompolish a reasonable vote ONCE on website without authentication.
Your options are as follows:
Read their IP address
Cookies
User Agent
However, the best bet is by far a login solution.
the only way without cookies is that you stores values in database by their IP adress for their identification.
but it will also not work perfectly, because
1)user can use proxy.
2)people who shared a same internet connection have the same ip adress.
Your options could be:
1- Save IP (note that IP is changed on DHCP, dialup connections and proxies)
2- OpenID as you see in stackoverflow.com (note that user can use multiple id on yahoo, facebook, ...)
3- send a link to email address (note that user may be use multiple email)
4- use cookies (note that user can delete cookies)
I have a registration page that sends a Welcome SMS for every registered user where the username is the user's mobile number.
In the welcome SMS there is an activation code to complete the registration process.
I also uses a Captcha control to prevent people from using bots.
The problem is, Some bad users are using the registration page to send SMS's to random mobile numbers which makes me loses the SMS credit.
Getting the MAC address of a website visitor is impossible, If it was possible, I will solve the problem by adding the anonymous bad visitors to a black list data table after say 3 different unverified mobile numbers.
My Question is: Is there any technique to identify a visitor in ASP.NET Or IIS.
Your question is answered in How can I Identify unique users on my website even IP is changed or browser data has been cleared? and How do I uniquely identify computers visiting my web site?. It can be done by combining the IP address and 'browser fingerprint'.
While this may be enough, I suspect that the malicious users will do anything possible to be not detected by these techniques. They can use a proxy server, a botnet, or other anonymizers like Tor to change IP address for every request, and they can craft their requests to fake random browsers.
To ultimately overcome this issue, you can for example make a Verified bit for each user, where you'll only send them an SMS after you have verified their account.
If I have a generic public asp.net website, I want to know who is visting my website (I know how to get that), but more importantly, I want to know what company the user is from (is this a microsoft employee viewing my website, or a Coca Cola employee viewing my site or is this person using a home computer to view my site). How can I determine the computers domain name? Hope this is making sense.
Update: At most companies, I have seen the company name included as the "Full Computer Name" or the Domain value in "Computer name, domain and workgroup settings". Thats what I am looking to access.
You cannot do this with any absolute certainty - it suffers from a similar issue to getting their computer name, although you may have some success.
What you can try, is to do a reverse lookup on the IP address and take the domain part of the address (see previous link for code sample).
However, especially for smaller companies, this may just resolve to an ISP's domain, or perhaps not resolve at all. For home users it will almost certainly just be the ISP.
The other thing you could try, is to do a WHOIS on the IP address. This may give you an indication of the company; again, for smaller companies this is more likely to just be an ISP.
You can use Request.ServerVariables("remote_addr") to find the ip address that is being passed to you from the client and then use it to find out where it's coming from. A word of warning though, ip addresses can be spoofed, plus you may just be getting the address of a proxy server, so these things aren't exact.
After you get the ip address you'll need to do a whois lookup to find out who it's from. You may want to look here to find a whois api.
Also you may just consider running some sort of web log analysis through webtrends or some other analysis tool to get the same information in batch form. Because all of this information is more than likely being stored in your web server logs.
You cannot access computer name / domain name credentials without the user actually logging on to your public website with those credentials. If that were the case, you could access the remotely logged-on user using:
Request.ServerVariables["REMOTE_USER"]
The only way to get close to what you are asking is to use third party software. Maxmind.com is just one company that has a Geo location service. You can see that they offer an organisation field in their IP-to-City lookup.
If a user accesses your website from within a corporate network, Maxmind should have that data as part of their database, which you can then use.
Remember that the organisation refers to the IP address (netblock) owner. Therefore, should the user access your website from home, or from a mobile device, or anywhere outside the corporate network (or Maxmind has incorrect or incomplete data), then the data would be missing, misleading or flat wrong. The organisation needs to be big enough to own and register its own IP address block.
This info may also be available in Google Analytics.
I want to build a page for end users to visit (in our MPLS Network) and it show the following information in regards to them:
Computer Name
OS
Disk Space
Memory
IP Address
Active Directory User Name
Password Expiration Time (As defined by Global Policy)
Maybe a few other things such as Trend Micro Office current version vs. their version, # of MS Updates needed (we utilize WSUS), and a few other things in the future.
My question is how would I pull this information from the user when they visit the page? What is the proper function for this? Anyone have examples they wish to share for me to learn by if possible?
You won't be able to show all of this using C#. C# is a server side language and therefore, only has access to that information relative to the server it's being hosted on. You might be able to access this information from a java applet that runs on the page in the user's browser, but I'm not sure. There are usually security restrictions involved.
If you allow your web page to gather all this information about your users, what's to stop some other web page from doing the same?
So it's in an intranet only? You could use the client computers IP address (as reported by the Request.UserHostAddress) and then query your domain controller for the information (via the DomainController class and the collections/methods it exposes).
Most of the information you're after will be available via the Domain Controller, and some of the others can be retrieved by using remote performance counters (for example, you could query for free disk space using the LogicalDisk\% Free Space counter).
You cannot do this without writing a browser plug-in or a java applet.
The information is not available through javascript, and it's not in the headers sent by the browser. This is by design, for security reasons.
Edit This answer only applies to public pages; I see from subsequent comments that it will be intranet-only.
You might want to look at XAML Browser Applications (XBAP). It's similar in a way to Silverlight except you get the advantages of the full .Net framework. To be able to access some local resources you would need to use the trust mode as explained below.
WPF XAML Browser Applications Overview
Creating a Full Trust .xbap Application
I'm trying to make a ASP.NET (C#) poll that will ask a user a Yes/No question and log that vote to the database. To prevent spam I would like to be able to make sure users can only vote once. I've thought about logging the users IP address. If this is the answer can someone give me a tutorial that shows how this can be accomplished. If this is not the answer then give me your suggestions.
Edit: I'm not asking users to register as this is not my website.
You can only garuantee that each user has one vote if you can authenticate the user. So you'll need an authentication mechanism, that will allow you to prevent the user from registering multiple accounts.
I can only see this work in an environment where the user has invested something into his account, like a subscriber for an online newspaper or a reputation system as on StackOverflow.
You can't limit a single vote to one IP address. An IP Address does not equal a single user. An IP address represents one or more users.
If you have a registered users list, send them an email containing a unique link which is generated containing a guid (for example), record the GUID in a database and match on voting.
If you are talking about generally publicly accessible and secure, then IP address on its own is not sufficient (google electronic electoral voting for the many issues involved with secure public voting).
Have you thought about using one of the free voting services?
Condorcet Internet Voting Service
IP addresses won't work for the millions of people who are working behind a proxy as well.
Cookies are a partial solution, but voting robots could just not send the cookie.
Logged in sessions are the only way to prevent double-voting fraud but since you explicitly ask for a way to log the IP address, you can get at that through:
HttpContext.Current.Request.UserHostAddress;
or
HttpContext.Current.Request.ServerVariables["REMOTE_ADDR"];
Should be easy enough to save to DB and check if IP already exists on each poll.
Have a registration that requires email confirmation of registration and make sure the email address is a unique column in the DB among your users. Then tie the vote to the email address. It won't completely prevent a sock puppet who has multiple email addresses but it will at least make it not worth the effort for most.
A combination of IP and useragent can give you a reasonable solution.
I agree that one single IP address does not correspond to a single user but I think that is the safest way of maintaining one vote per person. I usually use cookies to keep track who has voted. Of course, this is a easy hack where you can just delete the cookies and then vote again. If the vote is just some random stuff then I don't really care. If the correct votes really matter for your application then use IP address.