Capture clients IP address when they call my API
I am making an authentication API. I would like to log the IP address my client as part of my session system. I need a method of capturing the clients IP address that isn't passed in by the client. I've tried HttpContext, but that seems to be passed in by the client who i cant trust.
51 Replies
Are you using ASP.NET?
i think so? first c# api ive developed
HttpContext.Connection.RemoteIpAddress iirc
Yeah, something like that
You can trust that info btw
The client shouldn't be able to fake that
Just be careful about whether the IP is classified as PII in your jurisdiction or not
Also, it won't work when using a proxy like Cloudflare, all requests will just have CF's IP
You'd have to read the actual IP from
X-Forwarded-For headerPII = Personally Identifiable Informationi was testing out the API (using the swagger API) and the request header has a place where i could pass in any IP i wanted. Is that jus a swagger thing?
What is the name of that header?
request body? or POST?
Those are different things
You can send headers as a part of an HTTP request/response
POST is an HTTP verb. Other HTTP verbs: GET, POST, PUT, DELETE, PATCH, OPTIONS
when I have HttpContext as a paramiter of my login endpoint i see all the elements of the HttpContext here and it allows me to edit them:
No IP tho, right?
Wait
Uh.. don't put the context as a parameter
let me add the HttpContext back and i will show you
You can access it directly
It's within the scope
What type.of API is it? Controller or minimal API?
Bro
:pepelaff:
Let me emphasize: do NOT request HttpContext as a parameter
.
Unless it's with the
[FromServices] attribute or w/eok, than how do i get it. do i just access it directly?
Minimal API or controllers?
The answer will depend on your answer
i dont know the diferance :/
Look at your code
Or show us your code
Show us an API endpoint
The code for one
Minimal APIs then
That's minimal
So the context should be decorated with [FromServices] and be the first thing you request
And it needs to be in the handler signaturee
Not on your request object
whats my context?
the Login record?
No that is your request object
Don't put http context in your request object, put it in your endpoint handler signature
I'm on phone ATM so can't show you
like this?
ye
epic!
Yes, the service i am building deals with alot of that, so its somthing we are concerned with.
hm. i think i am missing somthing abour decorations...
Ah, you have another
[FromServices] on the method I see
That's not where it goes, remove it
the error persists
You can probably safely remove the attribute
Err
That attribute is placed on your method... Not on the parameter
Remove it from the method
Keep it on the parameter
ah like this:
Yes
Yes
As the error says, this attribute is only valid on props and params
that would do it. missread 'on' as 'as'
ok. new error. says i have to register a servace for HttpContext
which makes since.. but i dont know what service or how.
Huh
Try... removing the
[FromServices]...?
Just a wild guessalso.. dont it have to be before the payload object?
maybe that has changed
¯\_(ツ)_/¯
(I don't use minimal APIs directly these days :D)
Neither do I
GPT suggested adding
builder.Services.AddHttpContextAccessor();, then using IHttpContexAccessor to get the context and it looks like thats working cuz now i am getting a SQL error
Thanks for your help!