IIS allows website access restrictions by adding configuration settings in web.config file
But the error pages are not easy to configure on a per site basis. Therefore, a custom action filter attribute which restricts access to our controllers based on request ip address is much desirable since it allows to redirect to a custom error page with a theme similar to the main site theme.
The following article explains an excellent implementation of this concept.
http://randyburden.com/blog/2011/08/09/restrict-access-to-an-mvc-action-or-controller-by-ip-address-using-a-custom-action-filter/
Copying code from the above article for the sake of my future reference
using System; using System.Web; using System.Web.Mvc; using System.Configuration;namespace YourMVCApplication.Filters { /// <summary> /// Only allows authorized IP addresses access. /// </summary> public class AuthorizeIPAddressAttribute : ActionFilterAttribute { public override void OnActionExecuting(ActionExecutingContext filterContext) { //Get users IP Address string ipAddress = HttpContext.Current.Request.UserHostAddress; if (!IsIpAddressValid(ipAddress.Trim())) { //Send back a HTTP Status code of 403 Forbidden filterContext.Result = new HttpStatusCodeResult(403); } base.OnActionExecuting(filterContext); } /// <summary> /// Compares an IP address to list of valid IP addresses attempting to /// find a match /// </summary> /// <param name="ipAddress">String representation of a valid IP Address</param> /// <returns></returns> public static bool IsIpAddressValid(string ipAddress) { //Split the users IP address into it's 4 octets (Assumes IPv4) string[] incomingOctets = ipAddress.Trim().Split(new char[] { '.' }); //Get the valid IP addresses from the web.config string addresses = Convert.ToString(ConfigurationManager.AppSettings["AuthorizeIPAddresses"]); //Store each valid IP address in a string array string[] validIpAddresses = addresses.Trim().Split(new char[] { ',' }); //Iterate through each valid IP address foreach (var validIpAddress in validIpAddresses) { //Return true if valid IP address matches the users if (validIpAddress.Trim() == ipAddress) { return true; } //Split the valid IP address into it's 4 octets string[] validOctets = validIpAddress.Trim().Split(new char[] { '.' }); bool matches = true; //Iterate through each octet for (int index = 0; index < validOctets.Length; index++) { //Skip if octet is an asterisk indicating an entire //subnet range is valid if (validOctets[index] != "*") { if (validOctets[index] != incomingOctets[index]) { matches = false; break; //Break out of loop } } } if (matches) { return true; } } //Found no matches return false; } } }
No comments:
Post a Comment