c# - Obtain IP Address of the User of an IFrame -


i hosting several iframes on 3rd party web site. 3rd party site middle man allow user access web site internal use company.

what verify user's ip address against range of valid ip's 3rd party (middle man) web site. if falls in range allow user access iframe, if not - access denied!

anyways, there ton of examples online request.userhostaddress, brings ip address.

my question is: how user's ip address whom accessing iframe assure request coming 3rd party site?

so far have tried servervariables , userhostaddress. both return ::1. running site hosts iframes locally , accessing through 3rd party site hosted on server.

update

i have gotten around updating everyone. trying code not viable solution. but, believe there solution through authenticating ip address iis. in code without implementing hacky solution able obtain user's ip address.

however, using iis can verify 3rd party's address. post demonstrates how it. post not fit case, show how authenticate ip ranges.

direct different ip's different pages on iis7

if successful specify solution problem.

i think have wrong idea of should happening.

as understand situation this:

you have site has iframes have content site b in them. when go site b directly ip address computer. expecting when go site ip address site b receives of site a. incorrect.

when view site download page contain iframe html tell content put in frame having src="url" type syntax. @ point browser (ie on computer) request content site b , in doing site b receive ip of computer again.

one thing want referrer header (https://en.wikipedia.org/wiki/http_referer). way request page told access page. example if click link on page c page d page d may receive referer header saying page c referred it. important part of may send it. considered security risk (especially between domains) may not sent in cases or may stripped security tools , importantly can faked not suitable security purposes.

in general not easy determine when serving page being embedded in specific page's iframe.

the way can think of offhand when generating iframe , src target embed kind of cryptographically signed token in site b can trust has been put there site a. token of course have have kind of expiry , similar things prevent malicious user getting unfettered access once have token , way prevent replay attacks, etc.

in general best bet use security on site b (eg username , password) , if unintended gets see don't have password details don't anywhere.


Comments

Popular posts from this blog

c++ - Creating new partition disk winapi -

Android Prevent Bluetooth Pairing Dialog -

VBA function to include CDATA -