There can be number of ways security and auditing can be implemented in any application. It can be done at Application Level, or at Application Server level or at Database Server Level. And I think best practice is to take advantage of all 3 based on user requirement, as we all know that having little “extra” security always generates burden on system as a whole. Actually it really depends on user requirement, for example some simple quote request form will not have that security features as any bank transaction form will have. (you got the point, right ??)

One way to track user is by IP address. IP stands for Internet Protocol which is basically used to relay (send/receive) information (in form of packets) to network (or internet). It lives at Internet Layer in Protocol Stack. And when any machine is connected in network (here I will use network and internet terms interchangeably for sake of simplicity) it is assigned a unique IP address based on which that machine can be identified. For example 74.125.226.144 will take us to www.Google.com which is more human readable name which is actually an address of a computer that is running Google search engine. (in reality they never use static IP for security, I think it is some sort of proxy server that route requests to main server, this technology has changed very much since the invention of internet) … oki, back to main topic. In short if we get IP address of user, we can always identify user from that because in enterprise network usually each machine is assigned to that person only.

At my current project we are required to track changes of some parts done by what user. Also authenticate user based on their IP address. Actually it is pretty easy to get IP address of client who is accessing current application. To demonstrate that I am writing following few lines.

<div>
       <asp:Label ID="Label1" runat="server" Text="Current User IP is :"></asp:Label>
        <asp:Label ID="Label2" runat="server" Text=""></asp:Label>
    </div>
<div>
    <asp:Label ID="Label3" runat="server" Text="Current User IP is: "></asp:Label>
    <asp:Label ID="Label4" runat="server"></asp:Label>
    </div>
// Method 1
// May not work if behind FireWall or using Proxy
            Label4.Text = Request.UserHostName.ToString();

// Method 2
// More preferred method
string strIpAddress = Request.ServerVariables["HTTP_X_FORWARDED_FOR"];
            if (strIpAddress == null)
            {
                Label2.Text = Request.ServerVariables["REMOTE_ADDR"];
            }

Both of the methods will show current user IP address, but the 1st method may not work if you are behind proxy server or firewall (which will be general case). But second method will do the trick if first didn’t work well.

IP 127.0.0.1 is IP of Localhost since I am using running this test app locally. (ASP.NET Development Server to be precise)

 

Once you have IP you can use it any way you want. To log, to block are few to mention.

This is it for now.

It’s Just A Thought …fingerscrossed

Gaurang Sign

Random Posts:


Similar Posts: