问题
I'm running a web application that displays some debugging behavior if it's being run locally - quotes around resource strings, etc - and I'd like to demo the application on my laptop at a conference where I won't have internet access, so it has to be local.
The application uses HttpContext.Current.Request.IsLocal to determine if it's running locally - is there any way to fool it? I'd like to trick it into returning "False" even though I am indeed running locally.
I do have access to the source code (and realize I could just demo a build where the "IsLocal" check is commented out), but would rather not make a special build for this demo. If need be, I'll do that, but I'd rather use the existing codebase untouched.
回答1:
That would require spoofing a non-local IP address in requests to your local instance of IIS. I think you'd probably spend less time just making a demo build than trying to make that work.
回答2:
Request.IsLocal property implements the following code :
public bool IsLocal {
get {
String remoteAddress = UserHostAddress;
// if unknown, assume not local
if (String.IsNullOrEmpty(remoteAddress))
return false;
// check if localhost
if (remoteAddress == "127.0.0.1" || remoteAddress == "::1")
return true;
// compare with local address
if (remoteAddress == LocalAddress)
return true;
return false;
}
Source : Decompiled source code (Microsoft : referencesource.microsoft.com )
Hope this helps !
回答3:
I believe this is true, but cannot verify right now.
IsLocal returns True when the site is bound to the loopback address 127.0.0.1.
If you make sure in IIS that your website is bound to one of your machine's non-loopback addresses (i.e. 192.168.1.100), then IsLocal should return False.
Cassini, by definition, is always local, since it can only bind to the loopback address.
回答4:
If your server has multiple ip addresses, you'll need some extra code. The following handles multiple ip addresses, and handles CDN like cloudflare which will have the wrong ip address in the Request.UserHostAddress property.
Code:
private bool IsLocal()
{
if (Request.IsLocal)
{
return true;
}
string forwardIP = Request.ServerVariables["HTTP_X_FORWARDED_FOR"];
foreach (NetworkInterface netInterface in NetworkInterface.GetAllNetworkInterfaces())
{
IPInterfaceProperties ipProps = netInterface.GetIPProperties();
foreach (UnicastIPAddressInformation addr in ipProps.UnicastAddresses)
{
string ipString = addr.Address.ToString();
if (Request.UserHostAddress == ipString || forwardIP == ipString)
{
return true;
}
}
}
return false;
}
来源:https://stackoverflow.com/questions/680079/can-i-fool-httprequest-current-request-islocal