Capture clients IP address when they call my API
I am making an authentication API. I would like to log the IP address my client as part of my session system. I need a method of capturing the clients IP address that isn't passed in by the client. I've tried HttpContext, but that seems to be passed in by the client who i cant trust.
51 Replies
Are you using ASP.NET?
i think so? first c# api ive developed
HttpContext.Connection.RemoteIpAddress iirc
Yeah, something like that
You can trust that info btw
The client shouldn't be able to fake that
Just be careful about whether the IP is classified as PII in your jurisdiction or not
Also, it won't work when using a proxy like Cloudflare, all requests will just have CF's IP
You'd have to read the actual IP from
X-Forwarded-For headerPII = Personally Identifiable Informationi was testing out the API (using the swagger API) and the request header has a place where i could pass in any IP i wanted. Is that jus a swagger thing?
What is the name of that header?
request body? or POST?
Those are different things
You can send headers as a part of an HTTP request/response
POST is an HTTP verb. Other HTTP verbs: GET, POST, PUT, DELETE, PATCH, OPTIONS
when I have HttpContext as a paramiter of my login endpoint i see all the elements of the HttpContext here and it allows me to edit them:
No IP tho, right?
Wait
Uh.. don't put the context as a parameter
let me add the HttpContext back and i will show you
You can access it directly
It's within the scope