|
How to get the Client Machine IP Address if Using Proxy and also not. I Tried the following code, but all the code is returning 127.0.0.1.
1) TextBox1.Text = HttpContext.Current.Request.ServerVariables["HTTP_X_FORWARDED_FOR"];
2) if (Context.Request.ServerVariables["HTTP_VIA"] != null) // using proxy
{
TextBox1.Text = Context.Request.ServerVariables["HTTP_X_FORWARDED_FOR"].ToString(); // Return real client IP.
}
else// not using proxy or can't get the Client IP
{
TextBox1.Text = Context.Request.ServerVariables["REMOTE_ADDR"].ToString();
}
3) TextBox1.Text = HttpContext.Current.Request.ServerVariables["REMOTE_HOST"];
4) TextBox1.Text = HttpContext.Current.Request.UserHostAddress.ToString();
|
|
|
|
|
Hi dear,
just try this
using System.Net;
and code :
String strHostName, IPadd;
strHostName = Dns.GetHostName();
IPAddress[] addr = Dns.GetHostAddresses(strHostName);
IPadd = addr[0].ToString();
|
|
|
|
|
This is showing the private IP of the Machine, not the actual IP.
|
|
|
|
|
I think you are running this with http://localhost/...
if upload in some live server
System.Web.HttpContext.Current.Request.UserHostAddress should work...
--------------------
logiclabz
|
|
|
|
|
OK. Now am running locally. i will try ...
|
|
|
|
|
Hi to all,
I have a issue regarding the use of sessions.
I am working on a shopping cart project. In my project I am sessions a lot in transfering data from one page to another. Sometimes even the username and passwords. I also used session for carrying the cart data from one page to another.
So I want to know, Is there anything like the session can be hacked or they are not safe?
If yes then please suggest me a method to make the sessions secure by encrypting or something like that.
Waiting for the response....
Thanks in advance.
cheers,
sneha
|
|
|
|
|
Hmmm... well first of all, session object will hit your application performance. Secondly it on server side so it's already secure as such as server. However if transfering this information from one system to another then u need to encrypt it first.
Feel free to ask.
Cheers!
Regards
Anil Pal
|
|
|
|
|
Hi Anil Pal,
Thanks for replying. You mean to say that it is already secured. Is there any chance that when the username and passwords are passed from one page to another through session, they can be leaked or something like that.
cheers,
sneha
|
|
|
|
|
Hi thats correct, they are secure. Bcz session is on server side.
So u can use session to hold the Username and password.
Regards
Anil Pal
|
|
|
|
|
Hi,
I got it.Thanks for your assistance.
Looking forward for your suggestions in future.
cheers,
sneha
|
|
|
|
|
sneha Choudhary wrote: . Is there any chance that when the username and passwords
Wondering why you are keeping password in session? Are you storing the password as plain text in DB?
|
|
|
|
|
Hi,
N a v a n e e t h wrote: Are you storing the password as plain text in DB?
Yes It is stored as clear text. What should I do. Should I encrypt it.
Please suggest me..
cheers,
sneha
|
|
|
|
|
sneha Choudhary wrote: Should I encrypt it
Hash it. Passwords stored as plain text is not secure. Better method is to hash the password and store the computed hash in database. When user enters password for authentication, has it and compare the hash with the value stored in DB. System.Security.Cryptography[^] got many classes to work with. Check SHA[^] implementation.
|
|
|
|
|
Hi,
Thanks a lot. I will definitely do like that. My heartiest thanks to you.
cheers,
sneha
|
|
|
|
|
N a v a n e e t h wrote: Hash it. Passwords stored as plain text is not secure. Better method is to hash the password and store the computed hash in database. When user enters password for authentication, has it and compare the hash with the value stored in DB. System.Security.Cryptography[^] got many classes to work with. Check SHA[^] implementation.
Hi,
As you suggested I did it but login is not working. I did like this.
protected void Button1_Click(object sender, EventArgs e)
{
string pwd = Txtpassword.Text.Trim();
string hashpwd = FormsAuthentication.HashPasswordForStoringInConfigFile(pwd, "SHA1");
SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["newcon"].ConnectionString);
SqlCommand cmd = new SqlCommand();
cmd.Connection = con;
cmd.CommandText = "Select userid,username,password,first_name from USERS where username=@username and password=@password";
cmd.Parameters.Add("@username", SqlDbType.NVarChar, 50).Value = Txtusername.Text.Trim();
cmd.Parameters.Add("@password", SqlDbType.NVarChar, 50).Value = hashpwd;
try
{
cmd.Connection.Open();
SqlDataReader rdr = cmd.ExecuteReader();
while(rdr.Read())
{
uid = (rdr["userid"]).ToString();
fname = (rdr["first_name"]).ToString();
uname = (rdr["username"]).ToString();
Session["uname"] = uname;
Session["userid"] = uid;
if (uname != null)
{
Session["Logged"] = "Yes";
Session["User"] = fname;
Label6.Text = (Session["URL"]).ToString();
Response.Redirect(Label6.Text);
}
else
{
}
}
}
catch (SqlException se)
{
Lblmsg.Text = se.Message;
}
catch (Exception ee)
{
Lblmsg.Text = ee.Message;
}
finally
{
cmd.Connection.Close();
}
}
PLease assist me..
cheers,
sneha
|
|
|
|
|
Is your server is local for application or remote. You can use sql encryption for encrypt the password while saving and decrypt same key of sql. (If server is local).
The way u r doing, i think is not good. Where is your key for encryption and decryption?
Regards
Anil Pal
|
|
|
|
|
anilpal wrote: Is your server is local for application or remote.
Hi Anil Pal,
My server is local.I am little bit confused in that. Can I ask you few things.
1.When I used this hashed technique with a setting in web.config like
<sessionstate mode="InProc" cookieless="AutoDetect" regenerateexpiredsessionid="true" timeout="30">
It is working fine. But when I changed the cookieless="UseUri" It is not working.why?
2. Can you please tell me the pros and cons of using Sql encryption techniques and hased technique.
cheers,
sneha
|
|
|
|
|
Hi Senha,
Please have look for encryption and decryption from code behind:
http://www.codeproject.com/script/Forums/View.aspx?fid=12076&msg=2941892
have posted for querystring but u can use same for yr need.
Tommarrow i'll let know the pros and cons abt code and sql encryption.
Now i have to go home.
Regards
Anil Pal
|
|
|
|
|
Sorry above link is working ,pls go through below code
Follow the below steps: I am posting with small exmaple
A.Code in sender page of uery string
1.string strID = "A0123456789";
2. Response.Redirect("../Search/DocumentSearch.aspx?ID=" + Encrypt(strID));
3.public string Encrypt(string strValue)
{
string encryptedResult = String.Empty;
string passPhrase = "Pas5pr@se";
string saltValue = "s@1tValue";
string hashAlgorithm = "SHA1";
int passwordIterations = 2;
string initVector = "@1B2c3D4e5F6g7H8";
int keySize = 256;
byte[] initVectorBytes;
initVectorBytes = Encoding.ASCII.GetBytes(initVector);
byte[] saltValueBytes;
saltValueBytes = Encoding.ASCII.GetBytes(saltValue);
byte[] plainTextBytes;
plainTextBytes = Encoding.UTF8.GetBytes(strValue);
PasswordDeriveBytes password;
password = new PasswordDeriveBytes(passPhrase, saltValueBytes, hashAlgorithm, passwordIterations);
byte[] keyBytes;
keyBytes = password.GetBytes((keySize / 8));
RijndaelManaged symmetricKey;
symmetricKey = new RijndaelManaged();
symmetricKey.Mode = CipherMode.CBC;
ICryptoTransform encryptor;
encryptor = symmetricKey.CreateEncryptor(keyBytes, initVectorBytes);
MemoryStream memoryStream;
memoryStream = new MemoryStream();
CryptoStream cryptoStream;
cryptoStream = new CryptoStream(memoryStream, encryptor, CryptoStreamMode.Write);
cryptoStream.Write(plainTextBytes, 0, plainTextBytes.Length);
cryptoStream.FlushFinalBlock();
byte[] cipherTextBytes;
cipherTextBytes = memoryStream.ToArray();
memoryStream.Close();
cryptoStream.Close();
string cipherText;
cipherText = Convert.ToBase64String(cipherTextBytes);
return cipherText;
}
B. Code in receiver page of querystring
1.string strID = Request.QueryString["ID"].ToString();
string plainValue= Decrypt(strID);
2. public string Decrypt(string encryptedResult)
{
string passPhrase = "Pas5pr@se";
string saltValue = "s@1tValue";
string hashAlgorithm = "SHA1";
int passwordIterations = 2;
string initVector = "@1B2c3D4e5F6g7H8";
int keySize = 256;
byte[] initVectorBytes;
initVectorBytes = Encoding.ASCII.GetBytes(initVector);
byte[] saltValueBytes;
saltValueBytes = Encoding.ASCII.GetBytes(saltValue);
byte[] cipherTextBytes = new byte[encryptedResult.Length] ;
cipherTextBytes = Convert.FromBase64String(encryptedResult);
PasswordDeriveBytes password;
password = new PasswordDeriveBytes(passPhrase, saltValueBytes, hashAlgorithm, passwordIterations);
byte[] keyBytes;
keyBytes = password.GetBytes((keySize / 8));
RijndaelManaged symmetricKey;
symmetricKey = new RijndaelManaged();
symmetricKey.Mode = CipherMode.CBC;
ICryptoTransform decryptor;
decryptor = symmetricKey.CreateDecryptor(keyBytes, initVectorBytes);
MemoryStream memoryStream;
memoryStream = new MemoryStream(cipherTextBytes);
CryptoStream cryptoStream;
cryptoStream = new CryptoStream(memoryStream, decryptor, CryptoStreamMode.Read);
byte[] plainTextBytes= new byte [encryptedResult.Length ] ;
//object plainTextBytes;
int decryptedByteCount;
decryptedByteCount = cryptoStream.Read(plainTextBytes, 0, plainTextBytes.Length);
memoryStream.Close();
cryptoStream.Close();
string plainText;
plainText = Encoding.UTF8.GetString(plainTextBytes, 0, decryptedByteCount);
return plainText;
}
Cheers!
Regards
Anil Pal
|
|
|
|
|
Hi Anil Pal,
anilpal wrote: Tommarrow i'll let know the pros and cons abt code and sql encryption.
Now i have to go home.
Please tell me the benefits of using sql encryption over hashing the passwords in the database.
Actually in hashing there is no need of using the key in code.It is done automatically.
cheers,
sneha
|
|
|
|
|
N a v a n e e t h wrote: Better method is to hash the password and store the computed hash in database.
Hi,
I hashed the passwords in the database.If I have this setting in web.config:
<sessionstate mode="InProc" cookieless="UseCookies" regenerateexpiredsessionid="true" timeout="30">
then only it is working. Whenever I change the cookieless="UseUri" it is not working.Please assist me.
cheers,
sneha
|
|
|
|
|
Hi all,
Can any one help me out How to run asp pages in .net application.. when i click a click in my aspx page it should redirect to .asp page..In my case what happening is when i click on the link in aspx page it is not giving any error message but IE progress bar dragging continuously and not opening the .asp page..
Please help me out..
Thanks in advance.
fttyhtrhyfytrytrysetyetytesystryrty
|
|
|
|
|
Hey, You simple need to create virtual directory for those ASP pages and then simply redirect on that.
Feel free to ask
Cheers!
Regards
Anil Pal
|
|
|
|
|
Hi anil,
i already created Virtual directory for this application.My asp.net pages are running properly, but only asp pages are not opening...
fttyhtrhyfytrytrysetyetytesystryrty
|
|
|
|
|
Hmm.. its seem that may be yr asp pages have problem. Can u try to excute asp pages from browser and test whether they are working fine or not.
Regards
Anil Pal
|
|
|
|