31 Replies Latest reply on Jan 31, 2007 11:50 AM by tclaremont

    Internal IP+ person name

    emmim44 Level 1
      hi guys.
      Does anyone know how to get a person IP along with the associated person's name from internal network. ?

      Any help will be appreciated...
        • 1. Re: Internal IP+ person name
          Dan Bracuk Level 5
          Check your cgi variables for the ip address. I don't think there is a reliable way to get the user name though.
          • 2. Re: Internal IP+ person name
            emmim44 Level 1
            yes I know how to get the IP but I need to know who own's IP..
            • 3. Re: Internal IP+ person name
              Level 7
              You maybe able to run some of the ipconfig dos commands with the
              <cfexecute...> tag.
              • 4. Re: Internal IP+ person name
                emmim44 Level 1
                like what ?
                netstat
                • 5. Re: Internal IP+ person name
                  Level 7
                  like what ?
                  netstat

                  Something like that. I've never actually done this, but I once played
                  around with what one can sniff out with the netstat and\or ipconfig
                  utilities. Theoretically Most that one can run straight from the
                  command line one can run with the <cfexecute ...> tag. How well this
                  would work in real life I can not say.
                  • 6. Internal IP+ person name
                    tclaremont Level 2
                    I am going to assume that you want to know the name and IP address of people visiting your site, as opposed to just querying the network to determine who owns an IP address. IP addresses are assigned to computers, not to individuals.

                    I do this all the time on my intranet.

                    <CFSET VisitorName = #lcase(removeChars(cgi.auth_user, 1, 10))#>

                    The reason for the removechars is because I know that cgi.auth_user returns both the domain name and the username.
                    I remove the first 10 characters from the strng because I know that my domain name and the slash = 10 characters. Thus my end result is the username of the logged in user.

                    I use the above line of code in my application page. This prevents people from impersonating another user via the URL.
                    • 7. Re: Internal IP+ person name
                      emmim44 Level 1
                      I will try
                      • 8. Re: Internal IP+ person name
                        emmim44 Level 1
                        it(cgi.auth_user) outputs nothing..
                        • 9. Re: Internal IP+ person name
                          mvierow Level 1
                          Are you using any form of authentication on the server, or is the site anonymously accessible? Using the getAuthUser() function will return the username if the user was authenticated using basic or integrated auth, or if cflogin was used at any time.

                          If you are not authenticating at all, you could try managing your own list of names by comparing the IP address to a table of names and their associated IP's. Then in your onSessionStart() function you can pull their name if it existed, or prompt them for it. It's far from secure and would only really work if you have manually assigned IP addresses or DHCP leases with an ample timeout, but if you aren't using authentication then I would guess security is the last of your worries.
                          • 10. Re: Internal IP+ person name
                            emmim44 Level 1
                            I just want to get my network user name using coldfusion ...I am using windows xp...I login to my machine within our interval nt...
                            • 11. Re: Internal IP+ person name
                              mvierow Level 1
                              Well then you have to ask for it. Allowing a user to connect to your site annoymously is not asking for it. You'll need to disable that in order to force login credentials, which will either display a un/pw prompt (for basic auth or NTLM in any browser other than IE, or in IE when the site is not in the "Intranet Zone"), or automatically auth if using NTLM and the user and server are both in the same domain or a trust exists between the two. This might be a little to intrusive if you've run an annoymous site for however long. It's up to you to weigh your options. Bottom line, you need to force the user to provide this information in one way or another if you plan on querying the server for it, which is what you are doing by using the CGI scope or the getAuthUser() function.

                              You may also find solace in a client side component that would provide this information, but this will likely either cost you money, or have some kind of "Unsigned component" warning.

                              • 12. Re: Internal IP+ person name
                                emmim44 Level 1
                                Assume user enter his user name then where I will matching the 2 entries?
                                • 13. Re: Internal IP+ person name
                                  tclaremont Level 2
                                  My users are never asked for a username or password. They are authenticated behind the scenes against the domain. You don't need to maintain a list of usernames and IP addresses.

                                  Turn on Integrated Windows Authentication and turn off annonymous access.
                                  • 14. Re: Internal IP+ person name
                                    emmim44 Level 1
                                    I cannot turn off annonymous access on every user within the internal nt....I need a solution...
                                    • 15. Re: Internal IP+ person name
                                      tclaremont Level 2
                                      Why can't you turn off annonymous access?

                                      You don't really allow users on your network that have not been authenticated, do you?
                                      • 16. Re: Internal IP+ person name
                                        emmim44 Level 1
                                        How will disable the anonymous of each user on nt..I dont get you..pls be clear..
                                        My Mx server is on windows xp machine.....
                                        • 17. Re: Internal IP+ person name
                                          Level 7
                                          How will disable the anonymous of each user on nt..I dont get you..pls
                                          be clear..My Mx server is on windows xp machine.....


                                          Not on NT, In IIS for the website/resource in question. If you set the
                                          directory security setting for the website/resource in IIS to "Windows
                                          Integrated" and disable the "Annoymous Login" setting, then the
                                          webserver will populate the cgi.auth_user value with the domain/username
                                          of any windows domain user who access this website/resource.
                                          • 18. Re: Internal IP+ person name
                                            emmim44 Level 1
                                            The mx server on windows doesnt have an installed IIS...Then what should I do ?

                                            Is it gonna create a security issue?
                                            • 19. Re: Internal IP+ person name
                                              tclaremont Level 2
                                              What are you using for your web server? Are you running somethong OTHER than Internet Information Services (IIS)?

                                              As for the security issue, it is more secure to insist on Windows Integrated Authentication because then you are at least validating username and password against the domain. If you are allowing annonymous access that would suggest a huge potential security hole.
                                              • 20. Re: Internal IP+ person name
                                                emmim44 Level 1
                                                There is no IIS installed on the server..it has just cf mx server on the machine..it is an internal nt
                                                • 21. Re: Internal IP+ person name
                                                  Level 7
                                                  There is no IIS installed on the server..it has just cf mx server on the
                                                  machine..it is an internal nt

                                                  But ColdFusion REQUIRES a web server to work! IF not IIS, are you using
                                                  the built-in web server, or something else?
                                                  • 22. Re: Internal IP+ person name
                                                    paross1 Level 2
                                                    So, are you saying that you are using a development version of ColdFusion, since you don't have a web server, or that you just don't know what it is (IIS, Apache, etc.)?

                                                    Phil
                                                    • 23. Re: Internal IP+ person name
                                                      emmim44 Level 1
                                                      I believe that it is a built-in server..it may be a development version of cf..I checked the installed services there is no IIS ...we dont use apache either..
                                                      • 24. Re: Internal IP+ person name
                                                        Level 7
                                                        I believe that it is a built-in server..it may be a development version
                                                        of cf..I checked the installed services there is no IIS ...we dont use
                                                        apache either..

                                                        That is most likely the case, that is defiantly a recommended "only for
                                                        development" configuration. Sorry, I have never used the built-in web
                                                        server, preferring to configure IIS even on my development boxes. I
                                                        don't know the capabilities of this built-in server, but I suspect it
                                                        does not cover this.

                                                        I doubt either of these will provide what you need, but maybe they can
                                                        give some ideas.

                                                        <cfexecute name="C:\WINNT\system32\netstat.exe" arguments="-a"
                                                        timeout="10" variable="foobar" /><!--- note: modify name to the path to
                                                        netstat.exe on this system --->
                                                        <cfoutput><pre>#foobar#</pre></cfoutput><hr />

                                                        <cfexecute name="C:\WINNT\system32\ipconfig.exe" arguments="/all"
                                                        timeout="10" variable="foobar" /><!--- note: modify name to the path to
                                                        ipconfig.exe on this system --->
                                                        <cfoutput><pre>#foobar#</pre></cfoutput><hr />

                                                        If you can determine some dos or shell commands that will give you the
                                                        information you need, you should be able to plug it into the above code
                                                        to get it into ColdFusion.

                                                        • 25. Re: Internal IP+ person name
                                                          emmim44 Level 1
                                                          it outputs bunch of netstat data..that is not what I need...I need a solution man..Thank u though.
                                                          • 26. Internal IP+ person name
                                                            efecto747 Level 1
                                                            --- oops, redundant post ---
                                                            • 27. Re: Internal IP+ person name
                                                              Level 7
                                                              > it outputs bunch of netstat data..that is not what I need...I need a solution man..Thank u though.

                                                              I think - as people seem to be suggesting - INSTALL IIS. You cannot do
                                                              what you want with the CF internal web server. You should not be USING the
                                                              internal CF web server in a production environment anyhow.

                                                              --
                                                              Adam
                                                              • 28. Re: Internal IP+ person name
                                                                Daverms Level 3
                                                                Try using "hostname" command through <cfexecute> tag.. That may get the thing done for you...
                                                                • 29. Re: Internal IP+ person name
                                                                  tclaremont Level 2
                                                                  I am not sure what operating system you are running, but if you are using XP home edition you will not have IIS as an option (although it can be done).

                                                                  XP Home does not ship with IIS, while XP Pro does.
                                                                  • 30. Re: Internal IP+ person name
                                                                    mvierow Level 1
                                                                    There is no command you can execute from cfexecute that will tell you the user name the person connecting to your server is logged on with if you are not requiring authentication. You could protentially find the machine name using nbtstat, nslookup, host, dig or any other number of command utilities, but none of them will go so far as to tell you the user info specifically.

                                                                    So if you aren't going to require authentication, and you aren't going to take my previous advice of a 1-time question presented to users to query their name based on IP, then you'll have to do the dirty work yourself, either by generating that list yourself in the database, as an array you build manually in your application, or by specifically naming the machine name of every computer on your network to the owners name. If naming the machines that way is an issue, you can use your computers host file to force them for your computer only, then rely on your network utils such as nslookup or host.

                                                                    There are your options. Choose wisely.
                                                                    • 31. Re: Internal IP+ person name
                                                                      tclaremont Level 2
                                                                      But the problem still remains in the case of multi-user computers. You might very well determine that a computer BELONGS to a specific user, but that does not mean that the OWNER was the one logged into the machine.

                                                                      AUTHENTICATION is the solution here. IAs has been stated, if you do not want to user authentication then you have to live with the consequences. This is not a ColdFusion problem, either. This is an administration/security issue.