[英]X-Forwarded-For: How can I get the client's IP address in ASP.Net MVC?
[英]How can I get the client's IP address in ASP.NET MVC?
我对 ASP.NET MVC 堆栈完全陌生,我想知道简单的 Page 对象和 Request ServerVariables 对象发生了什么?
基本上,我想拉出客户端 PC 的 IP 地址,但我无法理解当前的 MVC 结构如何改变了这一切。
据我所知, 大多数变量对象已被 HttpRequest 变体取代。
有人愿意分享一些资源吗? 在 ASP.NET MVC 世界中真的有很多东西要学习。 :)
例如,我有一个带有当前函数的静态类。 如何使用 ASP.NET MVC 获得相同的结果?
public static int getCountry(Page page)
{
return getCountryFromIP(getIPAddress(page));
}
public static string getIPAddress(Page page)
{
string szRemoteAddr = page.Request.ServerVariables["REMOTE_ADDR"];
string szXForwardedFor = page.Request.ServerVariables["X_FORWARDED_FOR"];
string szIP = "";
if (szXForwardedFor == null)
{
szIP = szRemoteAddr;
}
else
{
szIP = szXForwardedFor;
if (szIP.IndexOf(",") > 0)
{
string [] arIPs = szIP.Split(',');
foreach (string item in arIPs)
{
if (!isPrivateIP(item))
{
return item;
}
}
}
}
return szIP;
}
以及如何从控制器页面调用此函数?
简单的答案是使用HttpRequest.UserHostAddress 属性。
示例:从控制器中:
using System;
using System.Web.Mvc;
namespace Mvc.Controllers
{
public class HomeController : ClientController
{
public ActionResult Index()
{
string ip = Request.UserHostAddress;
...
}
}
}
示例:从助手类中:
using System.Web;
namespace Mvc.Helpers
{
public static class HelperClass
{
public static string GetIPHelper()
{
string ip = HttpContext.Current.Request.UserHostAddress;
..
}
}
}
但是,如果请求已由一个或多个代理服务器传递,则HttpRequest.UserHostAddress 属性返回的 IP 地址将是中继请求的最后一个代理服务器的 IP 地址。
代理服务器可以使用事实上的标准,将客户端的 IP 地址放在X-Forwarded-For HTTP 标头中。 除了不能保证请求具有 X-Forwarded-For 标头之外,也不能保证 X-Forwarded-For 没有被SPOOFED 。
原答案
Request.UserHostAddress
上面的代码提供了客户端的 IP 地址,而无需求助于查找集合。 Request 属性在控制器(或视图)中可用。 因此,您可以传递一个 Request 对象来获得相同的结果,而不是将 Page 类传递给您的函数:
public static string getIPAddress(HttpRequestBase request)
{
string szRemoteAddr = request.UserHostAddress;
string szXForwardedFor = request.ServerVariables["X_FORWARDED_FOR"];
string szIP = "";
if (szXForwardedFor == null)
{
szIP = szRemoteAddr;
}
else
{
szIP = szXForwardedFor;
if (szIP.IndexOf(",") > 0)
{
string [] arIPs = szIP.Split(',');
foreach (string item in arIPs)
{
if (!isPrivateIP(item))
{
return item;
}
}
}
}
return szIP;
}
Request.ServerVariables["REMOTE_ADDR"]
应该可以工作 - 直接在视图中或控制器操作方法主体中(请求是 MVC 中控制器类的属性,而不是页面)。
它正在工作……但您必须在真实的 IIS 上发布,而不是在虚拟的 IIS 上发布。
这里的很多代码都非常有帮助,但我出于我的目的对其进行了清理并添加了一些测试。 这是我的结果:
using System;
using System.Linq;
using System.Net;
using System.Web;
public class RequestHelpers
{
public static string GetClientIpAddress(HttpRequestBase request)
{
try
{
var userHostAddress = request.UserHostAddress;
// Attempt to parse. If it fails, we catch below and return "0.0.0.0"
// Could use TryParse instead, but I wanted to catch all exceptions
IPAddress.Parse(userHostAddress);
var xForwardedFor = request.ServerVariables["X_FORWARDED_FOR"];
if (string.IsNullOrEmpty(xForwardedFor))
return userHostAddress;
// Get a list of public ip addresses in the X_FORWARDED_FOR variable
var publicForwardingIps = xForwardedFor.Split(',').Where(ip => !IsPrivateIpAddress(ip)).ToList();
// If we found any, return the last one, otherwise return the user host address
return publicForwardingIps.Any() ? publicForwardingIps.Last() : userHostAddress;
}
catch (Exception)
{
// Always return all zeroes for any failure (my calling code expects it)
return "0.0.0.0";
}
}
private static bool IsPrivateIpAddress(string ipAddress)
{
// http://en.wikipedia.org/wiki/Private_network
// Private IP Addresses are:
// 24-bit block: 10.0.0.0 through 10.255.255.255
// 20-bit block: 172.16.0.0 through 172.31.255.255
// 16-bit block: 192.168.0.0 through 192.168.255.255
// Link-local addresses: 169.254.0.0 through 169.254.255.255 (http://en.wikipedia.org/wiki/Link-local_address)
var ip = IPAddress.Parse(ipAddress);
var octets = ip.GetAddressBytes();
var is24BitBlock = octets[0] == 10;
if (is24BitBlock) return true; // Return to prevent further processing
var is20BitBlock = octets[0] == 172 && octets[1] >= 16 && octets[1] <= 31;
if (is20BitBlock) return true; // Return to prevent further processing
var is16BitBlock = octets[0] == 192 && octets[1] == 168;
if (is16BitBlock) return true; // Return to prevent further processing
var isLinkLocalAddress = octets[0] == 169 && octets[1] == 254;
return isLinkLocalAddress;
}
}
这里有一些针对该代码的 NUnit 测试(我使用 Rhino Mocks 来模拟 HttpRequestBase,即下面的 M<HttpRequestBase> 调用):
using System.Web;
using NUnit.Framework;
using Rhino.Mocks;
using Should;
[TestFixture]
public class HelpersTests : TestBase
{
HttpRequestBase _httpRequest;
private const string XForwardedFor = "X_FORWARDED_FOR";
private const string MalformedIpAddress = "MALFORMED";
private const string DefaultIpAddress = "0.0.0.0";
private const string GoogleIpAddress = "74.125.224.224";
private const string MicrosoftIpAddress = "65.55.58.201";
private const string Private24Bit = "10.0.0.0";
private const string Private20Bit = "172.16.0.0";
private const string Private16Bit = "192.168.0.0";
private const string PrivateLinkLocal = "169.254.0.0";
[SetUp]
public void Setup()
{
_httpRequest = M<HttpRequestBase>();
}
[TearDown]
public void Teardown()
{
_httpRequest = null;
}
[Test]
public void PublicIpAndNullXForwardedFor_Returns_CorrectIp()
{
// Arrange
_httpRequest.Stub(x => x.UserHostAddress).Return(GoogleIpAddress);
_httpRequest.Stub(x => x.ServerVariables[XForwardedFor]).Return(null);
// Act
var ip = RequestHelpers.GetClientIpAddress(_httpRequest);
// Assert
ip.ShouldEqual(GoogleIpAddress);
}
[Test]
public void PublicIpAndEmptyXForwardedFor_Returns_CorrectIp()
{
// Arrange
_httpRequest.Stub(x => x.UserHostAddress).Return(GoogleIpAddress);
_httpRequest.Stub(x => x.ServerVariables[XForwardedFor]).Return(string.Empty);
// Act
var ip = RequestHelpers.GetClientIpAddress(_httpRequest);
// Assert
ip.ShouldEqual(GoogleIpAddress);
}
[Test]
public void MalformedUserHostAddress_Returns_DefaultIpAddress()
{
// Arrange
_httpRequest.Stub(x => x.UserHostAddress).Return(MalformedIpAddress);
_httpRequest.Stub(x => x.ServerVariables[XForwardedFor]).Return(null);
// Act
var ip = RequestHelpers.GetClientIpAddress(_httpRequest);
// Assert
ip.ShouldEqual(DefaultIpAddress);
}
[Test]
public void MalformedXForwardedFor_Returns_DefaultIpAddress()
{
// Arrange
_httpRequest.Stub(x => x.UserHostAddress).Return(GoogleIpAddress);
_httpRequest.Stub(x => x.ServerVariables[XForwardedFor]).Return(MalformedIpAddress);
// Act
var ip = RequestHelpers.GetClientIpAddress(_httpRequest);
// Assert
ip.ShouldEqual(DefaultIpAddress);
}
[Test]
public void SingleValidPublicXForwardedFor_Returns_XForwardedFor()
{
// Arrange
_httpRequest.Stub(x => x.UserHostAddress).Return(GoogleIpAddress);
_httpRequest.Stub(x => x.ServerVariables[XForwardedFor]).Return(MicrosoftIpAddress);
// Act
var ip = RequestHelpers.GetClientIpAddress(_httpRequest);
// Assert
ip.ShouldEqual(MicrosoftIpAddress);
}
[Test]
public void MultipleValidPublicXForwardedFor_Returns_LastXForwardedFor()
{
// Arrange
_httpRequest.Stub(x => x.UserHostAddress).Return(GoogleIpAddress);
_httpRequest.Stub(x => x.ServerVariables[XForwardedFor]).Return(GoogleIpAddress + "," + MicrosoftIpAddress);
// Act
var ip = RequestHelpers.GetClientIpAddress(_httpRequest);
// Assert
ip.ShouldEqual(MicrosoftIpAddress);
}
[Test]
public void SinglePrivateXForwardedFor_Returns_UserHostAddress()
{
// Arrange
_httpRequest.Stub(x => x.UserHostAddress).Return(GoogleIpAddress);
_httpRequest.Stub(x => x.ServerVariables[XForwardedFor]).Return(Private24Bit);
// Act
var ip = RequestHelpers.GetClientIpAddress(_httpRequest);
// Assert
ip.ShouldEqual(GoogleIpAddress);
}
[Test]
public void MultiplePrivateXForwardedFor_Returns_UserHostAddress()
{
// Arrange
_httpRequest.Stub(x => x.UserHostAddress).Return(GoogleIpAddress);
const string privateIpList = Private24Bit + "," + Private20Bit + "," + Private16Bit + "," + PrivateLinkLocal;
_httpRequest.Stub(x => x.ServerVariables[XForwardedFor]).Return(privateIpList);
// Act
var ip = RequestHelpers.GetClientIpAddress(_httpRequest);
// Assert
ip.ShouldEqual(GoogleIpAddress);
}
[Test]
public void MultiplePublicXForwardedForWithPrivateLast_Returns_LastPublic()
{
// Arrange
_httpRequest.Stub(x => x.UserHostAddress).Return(GoogleIpAddress);
const string privateIpList = Private24Bit + "," + Private20Bit + "," + MicrosoftIpAddress + "," + PrivateLinkLocal;
_httpRequest.Stub(x => x.ServerVariables[XForwardedFor]).Return(privateIpList);
// Act
var ip = RequestHelpers.GetClientIpAddress(_httpRequest);
// Assert
ip.ShouldEqual(MicrosoftIpAddress);
}
}
我在使用上述方法时遇到问题,我需要控制器的 IP 地址。 我最后使用了以下内容:
System.Web.HttpContext.Current.Request.UserHostAddress
在课堂上,您可能会这样称呼它:
public static string GetIPAddress(HttpRequestBase request)
{
string ip;
try
{
ip = request.ServerVariables["HTTP_X_FORWARDED_FOR"];
if (!string.IsNullOrEmpty(ip))
{
if (ip.IndexOf(",") > 0)
{
string[] ipRange = ip.Split(',');
int le = ipRange.Length - 1;
ip = ipRange[le];
}
} else
{
ip = request.UserHostAddress;
}
} catch { ip = null; }
return ip;
}
我在剃须刀应用程序中使用了它,效果很好。
我如何解释位于Amazon AWS Elastic Load Balancer (ELB) 后面的站点:
public class GetPublicIp {
/// <summary>
/// account for possbility of ELB sheilding the public IP address
/// </summary>
/// <returns></returns>
public static string Execute() {
try {
Console.WriteLine(string.Join("|", new List<object> {
HttpContext.Current.Request.UserHostAddress,
HttpContext.Current.Request.Headers["X-Forwarded-For"],
HttpContext.Current.Request.Headers["REMOTE_ADDR"]
})
);
var ip = HttpContext.Current.Request.UserHostAddress;
if (HttpContext.Current.Request.Headers["X-Forwarded-For"] != null) {
ip = HttpContext.Current.Request.Headers["X-Forwarded-For"];
Console.WriteLine(ip + "|X-Forwarded-For");
}
else if (HttpContext.Current.Request.Headers["REMOTE_ADDR"] != null) {
ip = HttpContext.Current.Request.Headers["REMOTE_ADDR"];
Console.WriteLine(ip + "|REMOTE_ADDR");
}
return ip;
}
catch (Exception ex) {
Console.Error.WriteLine(ex.Message);
}
return null;
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.