C# Spoof Host Name

Question

Background information

I have users stored in a table, I have the concept of "companies" stored in a separate table, and then I have an intermediate table that links users to companies in a one(user) to many(companies) relationship. The situation that I have is that a user will register or log in from a domain specific to a company. The requirement is that I need to authorize users based on the domain they're coming from.

What I'm Thinking

I believe that you can get the domain name from Request.Url and so I thought is that I would just get the name and do my authorization logic. The issue that I'm running into is that if I try to get the name via:

var hostName = Request.Url.DnsSafeHost

It always returns localhost. So to bypass this, I though that I could edit my HOSTS file to include this line:

localhost:12345 [domain I want to spoof].com

But even this still returns localhost so I am unsure if I'm even going about this correctly.

Update

As per a comment request, the operating system that I'm using is Windows 10.

David · Accepted Answer

This took quite a bit of searching, but I was ultimately able to resolve my issue. For future searches, here are some keywords that I should have used but didn't have enough knowledge beforehand to know what they were: IIS Express localhost alias.

The first thing to keep in mind is that everything that I did, I had to do as an administrator.

First, as per Mark Mucha's answer, I had to format my HOSTS file properly. In my case the alias that I wanted to use was dev.myproject which means I added the following line to my HOSTS file:

127.0.0.1 dev.myproject

I verified that this worked by bringing up a terminal (I personally use Git Bash) and submitted a ping request which responded with the following:

$ ping dev.myproject

Pinging dev.myproject [127.0.0.1] with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

The next step was to configure an IIS Express alias. To do this, I went to my IIS Express configuration file, which is found at: [solution directory]\.vs\config\applicationhost.config (keep in mind that .vs is a hidden folder) and edited the file to include a new website binding. The new binding looks like the following:

Once the website binding was setup I then modified my project's server properties by going to the project's properties (in the solution explorer, right-click on the project name, click on Properties at the very bottom, and then go to the Web tab). The project URL I left it as it was, but I checked the Override Application URL to be the alias that I wanted to use, in this case it look like:

http://dev.myproject:52841

The final step was to reserve the aliased URL for non-administrator users (because I generally don't run as an admin). In this case, I ran the following command from my terminal:

netsh http add urlacl url=http://*:52841/ user=\Everyone

Once the alias was setup in IIS Express, I was able to reach the aliased URL by launching the application (F5). This initially brought up http://localhost:52841 but in a separate tab I navigated to http://dev.myproject:52841 and it worked.

Now that everything was finished, the actual property that I needed to get was the following:

var host = Request.Url?.Host;

C# Spoof Host Name

Answers (2)

Related Questions