How to get client IP address and client hostname using Terminal Services API

The following example uses C# .NET and wraps terminal services API to list all sessions and their  IP addresses on a server

Description

Terminal Services exposes WTSEnumerateSessions function which retrieves a list of sessions on a specified terminal server.  

BOOL WTSEnumerateSessions(
  __in   HANDLE hServer,
  __in   DWORD Reserved,
  __in   DWORD Version,
  __out  PWTS_SESSION_INFO* ppSessionInfo,
  __out  DWORD* pCount
);

The sample code enumerates all sessions on a given server and then uses WTSQuerySessionInformation which
retrieves session information for the specified session on the specified terminal server

BOOL WTSQuerySessionInformation(
  __in   HANDLE hServer,
  __in   DWORD SessionId,
  __in   WTS_INFO_CLASS WTSInfoClass,
  __out  LPTSTR* ppBuffer,
  __out  DWORD* pBytesReturned
);

WTSInfoClass Specifies the type of information to retrieve from the WTS_INFO_CLASS enumeration type. One of the enumeration type happens to be WTSClientAddress which is Pointer to a WTS_CLIENT_ADDRESS structure containing the network type and network address of the client. If the session specified in the SessionId parameter is a session at the physical console, ppBuffer returns a NULL pointer.

typedef struct _WTS_CLIENT_ADDRESS {
  DWORD AddressFamily;
  BYTE Address[20];
} WTS_CLIENT_ADDRESS,
 *PWTS_CLIENT_ADDRESS;

The client network address is reported by the RDP client itself when it connects to the server. This could be different than the address that actually connected to the server. For example, suppose there is a NAT between the client and the server. The client can report its own IP address, but the IP address that actually connects to the server is the NAT address. For VPN connections, the IP address might not be discoverable by the client. If it cannot be discovered, the client can report the only IP address it has, which may be the ISP assigned address. Because the address may not be the actual network address, it should not be used as a form of client authentication.

The attached C# examples wraps above Terminal Server functions and API in .NET.

Download

cdn:Download the TSClientIP

Usage: > TSClientIP <ServerName> 

Code Snippet

C# .Net 

public static List<String> ListSessions(String ServerName)
        {
            IntPtr server = IntPtr.Zero;
            List<String> ret = new List<string>();
            server = OpenServer(ServerName);

            try
            {
                IntPtr ppSessionInfo = IntPtr.Zero;

                Int32 count = 0;
                Int32 retval = WTSEnumerateSessions(server, 0, 1, ref ppSessionInfo, ref count);
                Int32 dataSize = Marshal.SizeOf(typeof(WTS_SESSION_INFO));

                Int32 current = (int)ppSessionInfo;

                if (retval != 0)
                {

                    for (int i = 0; i < count; i++)
                    {

                        WTS_SESSION_INFO si =
                        (WTS_SESSION_INFO)Marshal.PtrToStructure((System.IntPtr)current,

                        typeof(WTS_SESSION_INFO));
                        current += dataSize;

                        #region OTsSession
                        uint returned = 0; ;
                        TsSession oTsSession = new TsSession();
                        //IP address
                        IntPtr addr = IntPtr.Zero;
                        if (WTSQuerySessionInformation(server, si.SessionID,
                             WTS_INFO_CLASS.WTSClientAddress, out addr, out returned) == true)
                        {
                            _WTS_CLIENT_ADDRESS obj = new _WTS_CLIENT_ADDRESS();
                            obj = (_WTS_CLIENT_ADDRESS)Marshal.PtrToStructure(addr, obj.GetType());
                            oTsSession.IpAddress = obj.Address[2] + "." + obj.Address[3] + "." +

                             obj.Address[4] + "." + obj.Address[5];
                        }

                        #endregion

                        ret.Add(si.SessionID + " " + si.State + " " + si.pWinStationName + "  " +
                                  oTsSession.IpAddress);

                    }

                    WTSFreeMemory(ppSessionInfo);
                }
            }
            finally
            {
                CloseServer(server);
            }

            return ret;
        }

Disclaimer

These software applications are provided to you as is with no representations, warranties or conditions of any kind. You may use and distribute it at your own risk. CITRIX DISCLAIMS ALL WARRANTIES WHATSOEVER, EXPRESS, IMPLIED, WRITTEN, ORAL OR STATUTORY, INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NONINFRINGEMENT. Without limiting the generality of the foregoing, you acknowledge and agree that (a) the software application may exhibit errors, design flaws or other problems, possibly resulting in loss of data or damage to property; (b) it may not be possible to make the software application fully functional; and (c) Citrix may, without notice or liability to you, cease to make available the current version and/or any future versions of the software application. In no event should the code be used to support of ultra-hazardous activities, including but not limited to life support or blasting activities. NEITHER CITRIX NOR ITS AFFILIATES OR AGENTS WILL BE LIABLE, UNDER BREACH OF CONTRACT OR ANY OTHER THEORY OF LIABILITY, FOR ANY DAMAGES WHATSOEVER ARISING FROM USE OF THE SOFTWARE APPLICATION, INCLUDING WITHOUT LIMITATION DIRECT, SPECIAL, INCIDENTAL, PUNITIVE, CONSEQUENTIAL OR OTHER DAMAGES, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. You agree to indemnify and defend Citrix against any and all claims arising from your use, modification or distribution of the code.