stackoom
  简体   繁体   中英

Get unique identifier of client in Asp.Net WebApi Core 2.0?

 原文  2017-11-30 08:06:41       c#/ asp.net-core/ asp.net-core-webapi

Question

I'm looking for an unique identifier of clients in WebApi Core 2.0
I tested HttpContext.Connection.Id , it's the same for all browsers! 

[HttpGet]
public IActionResult GetConnectionId()
{
    return Ok(new
    {
        ConnectionId = HttpContext.Connection.Id
    });
}

Also I test it with a virtual machine, it was the same for all clients
How to get unique identifier of clients in Asp.Net WebApi Core 2?

1 answers

solution1
 4 ACCPTED  2017-11-30 14:06:22

There is no such thing as a "unique identifier for a client". HTTP is stateless. The HTTP protocol is actually designed in such a way on purpose . Any client should be able to communicate with any server, regardless of past communication. This enables concepts like load-balancing, failover, etc.

Things like sessions, cookies, etc., have been layered on top of the HTTP protocol to enable a form of state, but rather than being a true feature of the protocol, they are a cooperative effort between servers and clients. Both the client and server must participate in the process to enable state to be achieved. Cookies, in particular, are what enables companies like Google, Facebook, et al., to track a user from site to site. However, as you've correctly indicated, cookies are incompatible with REST-based APIs.

Therefore, your only option is authentication. By forcing the client to authenticate, you can then know exactly the identity of the client and track that client's activities. Nothing else will suffice. There is no way to access client details such as a MAC address, because you can only access what the client chooses to share, and that is not one of those things. Even if it was, it could be manipulated. IP addresses once were somewhat identifying, but in this age of WAPs, proxies, VPNs and such, a single IP could be used by any number of unique clients. Also, again, the IP address can be spoofed as well, so even if you could identify a client by IP, it wouldn't ensure that you were truly dealing with that client.

There's various forms of authentication you can choose from. JWT (JavaScript Web Tokens) are popular nowadays, but you can just as easily use client authentication, certificate authentication, OAuth, OpenID, etc. The main point is to simply force the client to authenticate, in some form. Only then can you identity the client.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Get Unique identifier from client ASP.Net c# Alternative to Microsoft.AspNet.WebApi.Client in ASP.NET Core 2.0 class library Asp.Net Core 2.0 Webapi simple authentication Sample to implement CQRS pattern in asp.net core 2.0 webapi How to Host and Deploy ASP.Net core 2.0 webapi on azure? Asp.Net WebApi Core 2.0 Identity With JWTBearer Without cookies Get AuthenticationInfo in ASP.NET Core 2.0 ASP.NET Core WebApi How to get int value from ASP.NET Core WebAPI? How to conditional get values on Context ASP.NET Core WebAPI
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM