Catching IP from users trying to acces nonexisting urls in a MVC application

Question

I have a C# MVC application in production. At a daily basis the application is called like:

/wp/wp-admin/

/api

/Account/Login

Without doubt those calls are attempt to attack the application. Because those urls are not implemented an exception is thrown :
System.Web.HttpException (0x80004005): The controller for path '/api/xmlrpc' was not found or does not implement IController.

The exception is catched in Global.asax.cs:

 protected void Application_Error(object sender, EventArgs e)
 {
     Exception exception = Server.GetLastError();
     .....
 }

My problem is that I don't have access to the request in the Global.asax.cs file, so I can't get the IP-address.

What is the best practice to catch information about users trying to scan your MVC application for vulnerabilities?

Answer 1

Thanks to all. I used Ibubi's suggestion combined with the advice from Chris Patt.

I ended up with this solution:

public class ErrorController : Controller
{
    // GET: Error
    public ActionResult NotFound()
    {
        if (HttpContext.Session["User"] == null)
        {
            Log(HttpContext.Request.UserHostAddress);
            return View(); // an empty page
        }
        else
        {
            return RedirectToAction("NotFound","Home" ); // Information page for users
        }
    }
}

and in Glocal.asax.cs as suggested by Ibubi:

public class MvcApplication : System.Web.HttpApplication
{
   protected void Application_Error(object sender, EventArgs e)
   {
       Exception exception = Server.GetLastError();
       Server.ClearError();
       string ip = Request.ServerVariables["REMOTE_ADDR"];
       Log(ip);
   }
}

Answer 2

I think you should have access to the request object in Application_Error event at Global.asax.cs where a few particular events have not.

 protected void Application_Error(object sender, EventArgs e)
 {
    Exception exception = Server.GetLastError();
    Server.ClearError();
    string ip = Request.ServerVariables["REMOTE_ADDR"];
 }

Answer 3

Might not be the "best" practice but if you add in ELMAH, it will log the errors and should include the IP address of the incoming request. I haven't used it to discern attackers, but in my apps that have used ELMAH, it does record the IP address when the error occurs.