I am writing a traditional ASMX webservice using C# with .Net 2.0 for deployment on IIS.
The webservice will be deployed in a shared hosting environment where each client has their own copy of the application sitting in a separate virtual directory (I know, I know - it's a legacy app). There will be an individual copy of the Webservice sitting in each virtual directory.
As the Webservice could potentially do some powerful things, I would like to optionally limit access to it to certain IP addresses. Doing this in the firewall isn't a very good option as it is only the webservice that should be limited and not the rest of the website - and it is on a per-virtual-directory level.
Can I programmatically read the IP address of the requestor and compare it to a list so I can reject calls from other addressess? Are there any major pitfalls to this?
Thanks
Yes you can do it easily.
[WebMethod]
public bool IsAlive()
{
string callingAddress = HttpContext.Current.Request.UserHostAddress;
return (callingAddress == allowedAddress);
}
The only pitfalls are the maintenance of the list of IP addresses.
It's also worth noting that you can configure IP address access control on a per web application basis from within IIS. I have used both approaches at different times and it really just comes down to how you want to maintain the list of authorised IP addresses.
only pitfalls are the maintenance of the list of IP addresses.
It's also worth noting that you can configure IP address access control on a per web application basis from within IIS. I have used both approaches at different times and it really just comes down to how you want to maintain the list of authorised IP addresses.
Related
I have a client application that I install in my customer's offices. It's a hybird application, which means that some of our customers require us to install it inside their own network, without internet access. There are also some customers, that use our cloud solution (we also have version of an application in cloud - Azure). Our server is ASP.NET application and client applications vary by platform - we have web apps, Windows desktop apps, as well as Android apps.
So the problem is, that because of this heterogenous nature of the application, we need to rebuild our applications for each customer with different IP address of a server we have in their network. Apart from that we would also like to be able to use the same app for our "cloud" server, which can be reached also by static IP address or DNS name.
What my constraints are:
Usually I don't have access to the internet from inside those networks
IP Address of the server depends on customers' network, it varies among customers
I cannot create one application with one IP or DNS address of my server, because server IP depends on my customers
I don't have DNS server, my customerss are very small companies that usually also don't have DNS server, only home-grade routers, nor do I want to setup my private DNS servers inside those networks, because I don't have access to customers' routers.
Usually I don't have access to customers' routers
How we do this today:
We rebuild the application and change IP for each customer every time we need to do install/update
How can I avoid those problems? What are the usual ways the industry solves this?
Thank you in advance for help.
I'm a bit out of my depth and haven't found the answer I need from Google, so could do with some advice.
I have a website that currently has some functionality build in.
I now find myself needing to create a second website containing the same functionality.
In order to do this the proper way, I want to create a webservice and access it from both sites. I've created a new solution and the webservice so far.
On my development machine, I can browse to the webservice.
The question is when I move this webservice to the live server, will it need it's own IP address, domain, or both? Or can it reside on the local server and be accessed in the same way as I would on my development machine?
The webservice does not need to be accessed from outside the server.
I'm a little unclear and its not easy to test in a live environment.
All help appreciated.
A web service works in exactly the same way as a website, only instead of returning HTML, it returns JSON/XML or similar. You'll need to host it on a web server, but if you only need it to be locally accessible, you can set the web server up to bind to localhost (127.0.0.1 in IP4) either on the default port (80) if nothing is already using it or on a different port (eg.12380 where it would be addressed as http://localhost:12380).
Most web servers can bind to anything that comes in on a specific IP address that isn't otherwise allocated or they can recognise which site to serve based on the host name that has been requested. nb. the host name isn't sent automatically by (TCP/)IP - the browser, or in this case web service client will sent an HTTP request header to let the server know which site to serve.
If you have sufficient control over the server, you can also create an entry in the hosts file to use in place of a domain name (eg. webservice maps to 127.0.0.1) and then set up your web server to bind to that.
Okay so this is probably a very confusing title for this question I am sure. Hopefully I can clear up that title with the actual question.
I am putting together a website for employees to connect to that is internet facing but I want them to be able to log into the site using their Active Directory login as well as access data that will be behind a firewall that is not accessible to our internet facing sites. Someone made mention to me that I could have the site communicate with a server behind the firewall and have that server make the requests back and forth. (Sort of a check point)
So now that the back story to this is out there, I am not really looking for how to configure the server's or the network itself but rather how would one make an API call to an Intranet server from an Internet server? They will be on the same network but one behind the firewall and the other in front of the firewall.
Would you make the call directing to the server name or IP address or what? This may be too premature of a question to be asking since I still don't have the servers setup but none-the-less it is a concern I am having and need to figure out.
This site is going to be all done in ASP.NET MVC 4
The best way to accomplish this type of a setup is via firewall and/or domain configuration.
Most recently I have seen this implemented by first creating a one way trust relationship between the external and internal domains, this will serve to allow the external application to resolve the address of the internal server by name.
Theoretically you could also accomplish this by using port forwarding on the firewall; in this configuration the external application will use the address of the firewall and the firewall will take care of sending the request to the correct server.
Once this confiugration is in place your external application should be able to communicate directly with your internal servers without any special code.
Is it possible to detect whether a website has a dedicated or shared ip address from it's url using C# (Windows Forms application) ? I want to implement a functionality in my application to let write a web address in a TextBox than i click on the Test button. and then show ( Success ) MessageBox if the site has a Dedicated ip address or show a ( Failure ) MessageBox otherwise.
How can i detect whether a website has a Shared or Dedicated IP Address using C#.NET?
You can try, but you'll never have a good result. The best I think you could do is to check the PTR records of the IP, and then check if there are associated A records from different websites. This would still suck however, since a website could have two seemingly different domains that pertain to the same organization (googlemail.com/gmail.com for example).
Also, this assumes the existence of PTR records, multiple ones. I don't think I've seen such a setup supported by most VPS/sharing hosting.
Well, the way I would do it is:
Send HTTP GET to the URL and save the result.
Resolve the URL to an IP.
Send HTTP GET to the IP and save the result.
Compare the two results. (You can do sample checks between the two result)
If the results are the same, then this is dedicated hosting, if the result is different then this is a shared hosting.
Limitations for this method that I can think of now:
Will take you time to figure our a proper comparing method for the
two results.
If shared hosting is configured to default route to the site which you are checking.
Functions to resolve URLs, and do web requests for different programming languages are scattered across the Internet.
From a technical standpoint, there's no such thing as a "shared" or "dedicated" IP address; the protocol makes no distinction. Those are terms used to describe how an IP is used.
As such, there's no programmatic method to answer "is this shared or dedicated?" Some of the other answers to this question suggest some ways to guess whether a particular domain is on a shared IP, but those methods are at best guesses.
If you really want to go down this road, you could crawl the web and store resolved IPs for every domain. (Simple, right?) Then you could query your massive database for all the domains hosted on a given IP. (There are tools that seem to do this already, although only the first one was able to identify the multiple domains I have hosted on my server.)
Of course, this is all for naught with VPS (or things like Amazon EC2) where the server hardware itself is shared, but every customer (domain) gets one or more dedicated IPs. From the outside, there's no way to know how such servers are set up.
TL;DR: This can't be done in a reliable manner.
I am trying to test my asp.net project website for public access, so far I have done:
Uploaded to IIS 7 and binded to my localhost (192.168.....) Ok works well.
Obtained a free domain from 000webhost.com/
I tried to change the binding in IIS to the free domain mytestsite#herobo.com but apparently it's showing the webhost default page instead.
Is is possible to remain hosting all web project files in my IIS but use the free domain name so that the public can access?
I believe you need to change this on the hosting site. They should have a webpage you can use to edit your DNS records. This might be it (View Account Details)
192.168 is a private ip address. No one on the internet will be able to see you. Your ISP likely provides you with a public IP address that can support certain server tasks but many ISP's block port 80 so that home users can't start hosting web servers. That means you may need to host your site on a non-standard port.
So, in order for other people to browse to your domain and have that domain's services be handled by your local machine, you'll need to have your domain's A record (in the DNS settings for the domain) pointing to your public IP address. If your ISP assigns you a dynamic IP address, this will require updating your domain name's A record each time you are assigned a new public IP address. This can cause a period of "unavailability" as the changes to the DNS records take time to propagate.
There are services such as DynDNS that can make this rather automatic.
Then there is the issue of configuring your router (assuming it's a NAT based router), which is likely going to need to be configured to forward requests for web services (for port 80 or whatever port you end up using if you need to work around your ISP's restrictions) so that requests from the internet are forwarded to your machine. Your router likely has "port forwarding" and "dynamic dns" features built in, but it'll be manufacturer specific.