限制ASP.NET MVC Beta版访问特定的控制器通过IP地址

本文介绍了限制ASP.NET MVC Beta版访问特定的控制器通过IP地址的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述

我有包含AdminController类一个ASP.NET MVC项目 - 给我如的HTTP URL：// MYSERVER /管理/ AddCustomer ， HTTP：// MYSERVER /管理/ ListCustomers 等

I have an ASP.NET MVC project containing an AdminController class - giving me URls like myserver/admin/AddCustomer, myserver/Admin/ListCustomers, etc.

我要配置服务器/应用程序，以便包含URI的 /管理员只能从192.168.0.0/24网络访问（即我们LAN）

I want to configure the server/app so that URIs containing /Admin are only accessible from the 192.168.0.0/24 network (i.e. our LAN)

我想限制此控制器只能从特定的IP地址进行访问。

I'd like to restrict this controller to only be accessible from certain IP addresses.

在的WebForms，/管理/是，我可以在IIS中......但MVC限制一个物理文件夹，当然，没有物理文件夹。这是可以实现的web.config中使用或属性，或者我需要拦截HTTP请求来实现这一目标？

Under WebForms, /admin/ was a physical folder that I could restrict in IIS... but with MVC, of course, there's no physical folder. Is this achievable using web.config or attributes, or do I need to intercept the HTTP request to achieve this?

推荐答案

我知道这是一个老问题，但我需要能有今天这样的功能，所以我实现了它，想着在这里张贴。

I know this is an old question, but I needed to have this functionality today so I implemented it and thought about posting it here.

从这里（ HTTP使用IPLIST类：//www.$c $ cproject / KB / IP / ipnumbers.aspx ）

filter属性FilterIPAttribute.cs：

using System; using System.Collections.Generic; using System.Linq; using System.Web; using System.Web.Http; using System.Security.Principal; using System.Configuration; namespace Miscellaneous.Attributes.Controller { /// <summary> /// Filter by IP address /// </summary> public class FilterIPAttribute : AuthorizeAttribute { #region Allowed /// <summary> /// Comma seperated string of allowable IPs. Example "10.2.5.41,192.168.0.22" /// </summary> /// <value></value> public string AllowedSingleIPs { get; set; } /// <summary> /// Comma seperated string of allowable IPs with masks. Example "10.2.0.0;255.255.0.0,10.3.0.0;255.255.0.0" /// </summary> /// <value>The masked I ps.</value> public string AllowedMaskedIPs { get; set; } /// <summary> /// Gets or sets the configuration key for allowed single IPs /// </summary> /// <value>The configuration key single I ps.</value> public string ConfigurationKeyAllowedSingleIPs { get; set; } /// <summary> /// Gets or sets the configuration key allowed mmasked IPs /// </summary> /// <value>The configuration key masked I ps.</value> public string ConfigurationKeyAllowedMaskedIPs { get; set; } /// <summary> /// List of allowed IPs /// </summary> IPList allowedIPListToCheck = new IPList(); #endregion #region Denied /// <summary> /// Comma seperated string of denied IPs. Example "10.2.5.41,192.168.0.22" /// </summary> /// <value></value> public string DeniedSingleIPs { get; set; } /// <summary> /// Comma seperated string of denied IPs with masks. Example "10.2.0.0;255.255.0.0,10.3.0.0;255.255.0.0" /// </summary> /// <value>The masked I ps.</value> public string DeniedMaskedIPs { get; set; } /// <summary> /// Gets or sets the configuration key for denied single IPs /// </summary> /// <value>The configuration key single I ps.</value> public string ConfigurationKeyDeniedSingleIPs { get; set; } /// <summary> /// Gets or sets the configuration key for denied masked IPs /// </summary> /// <value>The configuration key masked I ps.</value> public string ConfigurationKeyDeniedMaskedIPs { get; set; } /// <summary> /// List of denied IPs /// </summary> IPList deniedIPListToCheck = new IPList(); #endregion /// <summary> /// Determines whether access to the core framework is authorized. /// </summary> /// <param name="actionContext">The HTTP context, which encapsulates all HTTP-specific information about an individual HTTP request.</param> /// <returns> /// true if access is authorized; otherwise, false. /// </returns> /// <exception cref="T:System.ArgumentNullException">The <paramref name="httpContext"/> parameter is null.</exception> protected override bool IsAuthorized(HttpActionContext actionContext) { if (actionContext == null) throw new ArgumentNullException("actionContext"); string userIpAddress = ((HttpContextWrapper)actionContext.Request.Properties["MS_HttpContext"]).Request.UserHostName; try { // Check that the IP is allowed to access bool ipAllowed = CheckAllowedIPs(userIpAddress); // Check that the IP is not denied to access bool ipDenied = CheckDeniedIPs(userIpAddress); // Only allowed if allowed and not denied bool finallyAllowed = ipAllowed && !ipDenied; return finallyAllowed; } catch (Exception e) { // Log the exception, probably something wrong with the configuration } return true; // if there was an exception, then we return true } /// <summary> /// Checks the allowed IPs. /// </summary> /// <param name="userIpAddress">The user ip address.</param> /// <returns></returns> private bool CheckAllowedIPs(string userIpAddress) { // Populate the IPList with the Single IPs if (!string.IsNullOrEmpty(AllowedSingleIPs)) { SplitAndAddSingleIPs(AllowedSingleIPs, allowedIPListToCheck); } // Populate the IPList with the Masked IPs if (!string.IsNullOrEmpty(AllowedMaskedIPs)) { SplitAndAddMaskedIPs(AllowedMaskedIPs, allowedIPListToCheck); } // Check if there are more settings from the configuration (Web.config) if (!string.IsNullOrEmpty(ConfigurationKeyAllowedSingleIPs)) { string configurationAllowedAdminSingleIPs = ConfigurationManager.AppSettings[ConfigurationKeyAllowedSingleIPs]; if (!string.IsNullOrEmpty(configurationAllowedAdminSingleIPs)) { SplitAndAddSingleIPs(configurationAllowedAdminSingleIPs, allowedIPListToCheck); } } if (!string.IsNullOrEmpty(ConfigurationKeyAllowedMaskedIPs)) { string configurationAllowedAdminMaskedIPs = ConfigurationManager.AppSettings[ConfigurationKeyAllowedMaskedIPs]; if (!string.IsNullOrEmpty(configurationAllowedAdminMaskedIPs)) { SplitAndAddMaskedIPs(configurationAllowedAdminMaskedIPs, allowedIPListToCheck); } } return allowedIPListToCheck.CheckNumber(userIpAddress); } /// <summary> /// Checks the denied IPs. /// </summary> /// <param name="userIpAddress">The user ip address.</param> /// <returns></returns> private bool CheckDeniedIPs(string userIpAddress) { // Populate the IPList with the Single IPs if (!string.IsNullOrEmpty(DeniedSingleIPs)) { SplitAndAddSingleIPs(DeniedSingleIPs, deniedIPListToCheck); } // Populate the IPList with the Masked IPs if (!string.IsNullOrEmpty(DeniedMaskedIPs)) { SplitAndAddMaskedIPs(DeniedMaskedIPs, deniedIPListToCheck); } // Check if there are more settings from the configuration (Web.config) if (!string.IsNullOrEmpty(ConfigurationKeyDeniedSingleIPs)) { string configurationDeniedAdminSingleIPs = ConfigurationManager.AppSettings[ConfigurationKeyDeniedSingleIPs]; if (!string.IsNullOrEmpty(configurationDeniedAdminSingleIPs)) { SplitAndAddSingleIPs(configurationDeniedAdminSingleIPs, deniedIPListToCheck); } } if (!string.IsNullOrEmpty(ConfigurationKeyDeniedMaskedIPs)) { string configurationDeniedAdminMaskedIPs = ConfigurationManager.AppSettings[ConfigurationKeyDeniedMaskedIPs]; if (!string.IsNullOrEmpty(configurationDeniedAdminMaskedIPs)) { SplitAndAddMaskedIPs(configurationDeniedAdminMaskedIPs, deniedIPListToCheck); } } return deniedIPListToCheck.CheckNumber(userIpAddress); } /// <summary> /// Splits the incoming ip string of the format "IP,IP" example "10.2.0.0,10.3.0.0" and adds the result to the IPList /// </summary> /// <param name="ips">The ips.</param> /// <param name="list">The list.</param> private void SplitAndAddSingleIPs(string ips,IPList list) { var splitSingleIPs = ips.Split(','); foreach (string ip in splitSingleIPs) list.Add(ip); } /// <summary> /// Splits the incoming ip string of the format "IP;MASK,IP;MASK" example "10.2.0.0;255.255.0.0,10.3.0.0;255.255.0.0" and adds the result to the IPList /// </summary> /// <param name="ips">The ips.</param> /// <param name="list">The list.</param> private void SplitAndAddMaskedIPs(string ips, IPList list) { var splitMaskedIPs = ips.Split(','); foreach (string maskedIp in splitMaskedIPs) { var ipAndMask = maskedIp.Split(';'); list.Add(ipAndMask[0], ipAndMask[1]); // IP;MASK } } public override void OnAuthorization(AuthorizationContext filterContext) { base.OnAuthorization(filterContext); } } }

实例：

1。直接指定在了IPS    code

[FilterIP( AllowedSingleIPs="10.2.5.55,192.168.2.2", AllowedMaskedIPs="10.2.0.0;255.255.0.0,192.168.2.0;255.255.255.0" )] public class HomeController { // Some code here }

2。或者，从Web.config文件加载配置

[FilterIP( ConfigurationKeyAllowedSingleIPs="AllowedAdminSingleIPs", ConfigurationKeyAllowedMaskedIPs="AllowedAdminMaskedIPs", ConfigurationKeyDeniedSingleIPs="DeniedAdminSingleIPs", ConfigurationKeyDeniedMaskedIPs="DeniedAdminMaskedIPs" )] public class HomeController { // Some code here } <configuration> <appSettings> <add key="AllowedAdminSingleIPs" value="localhost,127.0.0.1"/> <!-- Example "10.2.80.21,192.168.2.2" --> <add key="AllowedAdminMaskedIPs" value="10.2.0.0;255.255.0.0"/> <!-- Example "10.2.0.0;255.255.0.0,192.168.2.0;255.255.255.0" --> <add key="DeniedAdminSingleIPs" value=""/> <!-- Example "10.2.80.21,192.168.2.2" --> <add key="DeniedAdminMaskedIPs" value=""/> <!-- Example "10.2.0.0;255.255.0.0,192.168.2.0;255.255.255.0" --> </appSettings> </configuration>