DevExper

Development Experience

Monday, February 5, 2018

.net api asp.net web api filter web api ASP.NET Web API IP Filter

ASP.NET Web API IP Filter

by on in , , , ,
If you need to restrict an access to your some of the web controllers
it is safer to do with help of Asp.net web api filters.

 The web api filters allows you to do several operations at OnActionExecuting stage.
You can block some requests and return 403 if you wish so. 

 I found RANDY BURDEN'S blog he has a nice implementation of a IP Filter for MVC.
I converted this code a bit which can be used in Asp.net Web API.
using System;
using System.Configuration;
using System.Linq;
using System.Net;
using System.Net.Http;
using System.Web;
using System.Web.Http.Controllers;
using ActionFilterAttribute = System.Web.Http.Filters.ActionFilterAttribute;
namespace Api.Filters
{
/// <summary>
/// Only allows authorized IP addresses access.
/// </summary>
public class AuthorizeIPAddressAttribute : ActionFilterAttribute
{
public override void OnActionExecuting(HttpActionContext filterContext)
{
//Get users IP Address
string ipAddress = HttpContext.Current.Request.UserHostAddress;
if (ipAddress != null && !IsIpAddressValid(ipAddress.Trim()))
{
//Send back a HTTP Status code of 403 Forbidden
filterContext.Response = new HttpResponseMessage(HttpStatusCode.Forbidden);
}
base.OnActionExecuting(filterContext);
}
/// <summary>
/// Compares an IP address to list of valid IP addresses attempting to
/// find a match
/// </summary>
/// <param name="ipAddress">String representation of a valid IP Address</param>
/// <returns></returns>
public static bool IsIpAddressValid(string ipAddress)
{
//Split the users IP address into it's 4 octets (Assumes IPv4)
var incomingOctets = ipAddress.Trim().Split('.');
//Get the valid IP addresses from the web.config
var addresses =
Convert.ToString(ConfigurationManager.AppSettings["AuthorizeIPAddresses"]);
//Store each valid IP address in a string array
var validIpAddresses = addresses.Trim().Split(',');
//Iterate through each valid IP address
foreach (var validIpAddress in validIpAddresses)
{
//Return true if valid IP address matches the users
if (validIpAddress.Trim() == ipAddress)
{
return true;
}
//Split the valid IP address into it's 4 octets
var validOctets = validIpAddress.Trim().Split('.');
var matches = !validOctets.Where((t, index) => t != "*" && t != incomingOctets[index]).Any();
//Iterate through each octet
if (matches)
{
return true;
}
}
//Found no matches
return false;
}
}
}
view raw AuthorizeIPAddressAttribute.cs hosted with ❤ by GitHub
Newer Article Object to Json String C# Older Article Azure ARM Template Connection String Settings
By zaman:
Etiketler: , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)