c# - Obtain IP Address of the User of an IFrame -

-

i hosting several iframes on 3rd party web site. 3rd party site middle man allow user access web site internal use company.

what verify user's ip address against range of valid ip's 3rd party (middle man) web site. if falls in range allow user access iframe, if not - access denied!

anyways, there ton of examples online request.userhostaddress, brings ip address.

my question is: how user's ip address whom accessing iframe assure request coming 3rd party site?

so far have tried servervariables , userhostaddress. both return ::1. running site hosts iframes locally , accessing through 3rd party site hosted on server.

update

i have gotten around updating everyone. trying code not viable solution. but, believe there solution through authenticating ip address iis. in code without implementing hacky solution able obtain user's ip address.

however, using iis can verify 3rd party's address. post demonstrates how it. post not fit case, show how authenticate ip ranges.

direct different ip's different pages on iis7

if successful specify solution problem.

i think have wrong idea of should happening.

as understand situation this:

you have site has iframes have content site b in them. when go site b directly ip address computer. expecting when go site ip address site b receives of site a. incorrect.

when view site download page contain iframe html tell content put in frame having src="url" type syntax. @ point browser (ie on computer) request content site b , in doing site b receive ip of computer again.

one thing want referrer header (https://en.wikipedia.org/wiki/http_referer). way request page told access page. example if click link on page c page d page d may receive referer header saying page c referred it. important part of may send it. considered security risk (especially between domains) may not sent in cases or may stripped security tools , importantly can faked not suitable security purposes.

in general not easy determine when serving page being embedded in specific page's iframe.

the way can think of offhand when generating iframe , src target embed kind of cryptographically signed token in site b can trust has been put there site a. token of course have have kind of expiry , similar things prevent malicious user getting unfettered access once have token , way prevent replay attacks, etc.

in general best bet use security on site b (eg username , password) , if unintended gets see don't have password details don't anywhere.


Comments

Post a Comment

Popular posts from this blog

c++ - Creating new partition disk winapi -

-
i'am trying create new partition , mount volume new, thought createfile let me this, code : lpctstr lpfilename=l"\\\\.\\device\\harddisk0\\partition3"; handle handl=createfile( lpfilename, generic_read | generic_write, file_share_read | file_share_write, null, create_always, file_attribute_normal, null ); if (handl==invalid_handle_value) { qdebug()<<"handl invalid"<<" error"<<getlasterror();} bool success = definedosdevice(ddd_raw_target_path,l"i:",l"\\device\\harddisk0\\partition3"); if(!success) qdebug()<<" definedosdevice failed "<<getlasterror(); bflag = getvolumenameforvolumemountpoint( l"i:\\", // input volume mount point or directory /** u in dir
Read more

Android Prevent Bluetooth Pairing Dialog -

-
i'm developing internal application uses bluetooth printing. want bluetooth pairing occur without user input. have managed working trapping android.bluetooth.device.action.pairing_request broadcast. in broadcast receiver call setpin method, , pairing works ok, bluetoothpairingdialog displayed second or two, disappears - see link below. https://github.com/android/platform_packages_apps_settings/blob/master/src/com/android/settings/bluetooth/bluetoothpairingdialog.java since broadcast non-ordered, can't call abortbroadcast() , , wondering if there other way prevent pairing dialog appearing. can hook window manager in way? i haven't been able come way without modifying sdk. if you're oem, it's easy (i'm on 4.3): in packages/apps/settings/androidmanifest.xml, comment intent filter pairing dialog: <activity android:name=".bluetooth.bluetoothpairingdialog" android:label="@string/bluetooth_pairing_request"
Read more

php - joomla get content in onBeforeCompileHead function -

-
i'm developing joomla system plugin. need add javascript , css files if [myshortcode] shortcode found in content. how can content in onbeforecompilehead function function onbeforecompilehead() { $document = jfactory::getdocument(); //add scripts if shortcode found ... $document->addstylesheet($cssfile, 'text/css', null, array()); the $content = jresponse::getbody(); not work. thanks try this, for style sheet, $document = jfactory::getdocument(); $document->addstylesheet('http://domain.com/templates/css/style.css'); for javascript file $document = jfactory::getdocument(); $document->addscript('full url'); also can this, $document = jfactory::getdocument(); // add javascript $document->addscriptdeclaration(' window.event("domready", function() { alert("an inline javascript declaration"); }); '); // add styles $style = 'body {'
Read more