locked
Access calling domain name within wcf rest service RRS feed

  • Question

  • User-1799376286 posted
    Hi I have spend hours on it and would appreciate if somebody could help me out. I need to get domain name of the client within Wcf rest web service that made the service request. Below is my scenario: My Rest web service is hosted at: http://mydomain.abc.com/rest service.svc I am calling the service method from: http://www.xyz.com And I need to get the calling domain name i.e.: http://mydomain.abc.com How do I get that? Regards,
    Tuesday, June 11, 2013 1:44 PM

Answers

  • User509596457 posted

    The name of the domain that a rest client is running on is not passed with the request to the server, the closest thing is probably the user-agent or referer. However, there is no guarantee that your rest service is being called from a website. It could also be called from a desktop application.

    Perhaps you could add a required parameter to the rest methods intended to help identify the calling entity.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Tuesday, June 11, 2013 2:25 PM

All replies

  • User509596457 posted

    The name of the domain that a rest client is running on is not passed with the request to the server, the closest thing is probably the user-agent or referer. However, there is no guarantee that your rest service is being called from a website. It could also be called from a desktop application.

    Perhaps you could add a required parameter to the rest methods intended to help identify the calling entity.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Tuesday, June 11, 2013 2:25 PM
  • User-1799376286 posted
    In my scenario I can confirm that my web service would always be call from aspx page. Basically what I am trying to achieve here is to restrict web service to few domains so that the webservice doesn't response on unidentified domains.
    Tuesday, June 11, 2013 4:12 PM
  • User509596457 posted

    You want to protect it from being called from unauthorized domains but you are already certain it is only going to be called from .aspx pages. Those two logical points disagree with each other. You already claim certainty about where the requests are coming from yet your original post is looking for safeguard against unauthorized access. So which is it, you know with certainty where all requests are coming from or not?

    Seriously, just implement some authentication and ignore where the request is coming from.

    Tuesday, June 11, 2013 4:40 PM
  • User-1799376286 posted

    When i say that it would comes from aspx means the request can be made from different domains like www.ddd.com, www.fff.com while i want to respond to the calls that comes from a specifc domain ( http://www.xyz.com ) thats the reason i am trying to get the calling domain name within the wcf service so that i can restric the output.

    Tuesday, June 11, 2013 5:15 PM
  • User-519136805 posted

    Did you tried - this.Request.UserHostName ??

     

    Wednesday, June 12, 2013 6:40 AM