Sending Local IP address of connection associated with HttpWebrequest (C#)

Question

I am developing an application which has one web server and one C# client which posts XML to the web server. The web server needs to know the local IP address of client. I tried methods to retrieve the IP address at the server side, but these methods don't give the IP address of the client when there are proxy servers or NAT in between. So I need to find the local IP of the connection at the client application and send it with the request.

The problem is in HttpWebRequest. I don't see any method by which I can get the local IP address of the connection made while sending HTTP request.

CLARIFICATION:
The client in my case is not browser-based. It is a C# application. My server has specific rules based on local IP, that was are used to connect to the server while sending the HTTP request. In my case, local IPs are fixed. There could be multiple IPs on a local machine -- that's why I want the local IP associated with the Socket used to send the request. This can be solved if I use TcpClient in C# and implement the HTTP protocol on top of it, but I want to avoid that. So, is there any way I can get the socket associated with HttpWebRequest before posting the request?

Answer 1

There's no guaranteed way of doing this. Javascript and server-side code can only see the public address, not the local one. There is a method for getting it using Java (mentioned here), but it relies on both Javascript and Java being available, and the user's browser supporting that particular call.

Given that many local IPs are assigned as needed (my home PC's is assigned using DHCP, my work PC's changes occasonally too), do you think knowing the local IP would actually be any use?

Answer 2

It is not possible to get the local IPAddress of the connection that HttpWebRequest is going to use. However, you could use Dns or System.Net.NetworkInformation class to get all the local IPaddresses, and send them as a custom header with your request. On the server side you could parse this header, and see if any of the IP's match the one that you are expecting.

However, as Damien has indicated above, this solution is not foolproof, people could spoof the IPaddress to the one the server is expecting. Maybe you need to take a step back and think what security you are trying to achive by this? And see if you could accomplish your goals by a different method - for eg: user Authentication using a supported method like Basic(over HTTPS), Digest, NTLM, Kerberos, Negotiate, or use SSL with client certs?

Answer 3

Maybe you should move from HttpWebRequest to SOAP requests/responses if XML is what you send over the line. Implement ASPX web service or WFC webservice. HttpWebRequest are always seen to the server as they are coming from the last IP that issued them so that would be NAT or proxy.

However, I too find it odd enough that you need to know local machine IP on the server side.