Programing

ASP.NET MVC 베타에서 IP 주소로 특정 컨트롤러에 대한 액세스 제한

lottogame 2020. 11. 28. 08:35
반응형

ASP.NET MVC 베타에서 IP 주소로 특정 컨트롤러에 대한 액세스 제한


AdminController 클래스를 포함하고 다음과 같은 URls를 제공하는 ASP.NET MVC 프로젝트가 있습니다.

http://example.com/admin/AddCustomer

http://examle.com/Admin/ListCustomers

/ Admin포함 된 URI가 192.168.0.0/24 네트워크 (예 : LAN)에서만 액세스 할 수 있도록 서버 / 앱을 구성하고 싶습니다.

이 컨트롤러를 특정 IP 주소에서만 액세스 할 수 있도록 제한하고 싶습니다.

WebForms에서 / admin /은 IIS에서 제한 할 수있는 물리적 폴더 였지만 MVC에서는 물론 물리적 폴더가 없습니다. web.config 또는 속성을 사용하여이 작업을 수행 할 수 있습니까? 아니면이를 수행하기 위해 HTTP 요청을 가로 채야합니까?


나는 이것이 오래된 질문이라는 것을 알고 있지만 오늘이 기능이 필요했기 때문에 구현하고 여기에 게시하는 것에 대해 생각했습니다.

여기에서 IPList 클래스 사용 ( http://www.codeproject.com/KB/IP/ipnumbers.aspx )

필터 속성 FilterIPAttribute.cs :

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Http;
using System.Security.Principal;
using System.Configuration;

namespace Miscellaneous.Attributes.Controller
{

    /// <summary>
    /// Filter by IP address
    /// </summary>
    public class FilterIPAttribute : AuthorizeAttribute
    {

        #region Allowed
        /// <summary>
        /// Comma seperated string of allowable IPs. Example "10.2.5.41,192.168.0.22"
        /// </summary>
        /// <value></value>
        public string AllowedSingleIPs { get; set; }

        /// <summary>
        /// Comma seperated string of allowable IPs with masks. Example "10.2.0.0;255.255.0.0,10.3.0.0;255.255.0.0"
        /// </summary>
        /// <value>The masked I ps.</value>
        public string AllowedMaskedIPs { get; set; }

        /// <summary>
        /// Gets or sets the configuration key for allowed single IPs
        /// </summary>
        /// <value>The configuration key single I ps.</value>
        public string ConfigurationKeyAllowedSingleIPs { get; set; }

        /// <summary>
        /// Gets or sets the configuration key allowed mmasked IPs
        /// </summary>
        /// <value>The configuration key masked I ps.</value>
        public string ConfigurationKeyAllowedMaskedIPs { get; set; }

        /// <summary>
        /// List of allowed IPs
        /// </summary>
        IPList allowedIPListToCheck = new IPList();
        #endregion

        #region Denied
        /// <summary>
        /// Comma seperated string of denied IPs. Example "10.2.5.41,192.168.0.22"
        /// </summary>
        /// <value></value>
        public string DeniedSingleIPs { get; set; }

        /// <summary>
        /// Comma seperated string of denied IPs with masks. Example "10.2.0.0;255.255.0.0,10.3.0.0;255.255.0.0"
        /// </summary>
        /// <value>The masked I ps.</value>
        public string DeniedMaskedIPs { get; set; }


        /// <summary>
        /// Gets or sets the configuration key for denied single IPs
        /// </summary>
        /// <value>The configuration key single I ps.</value>
        public string ConfigurationKeyDeniedSingleIPs { get; set; }

        /// <summary>
        /// Gets or sets the configuration key for denied masked IPs
        /// </summary>
        /// <value>The configuration key masked I ps.</value>
        public string ConfigurationKeyDeniedMaskedIPs { get; set; }

        /// <summary>
        /// List of denied IPs
        /// </summary>
        IPList deniedIPListToCheck = new IPList();
        #endregion


        /// <summary>
        /// Determines whether access to the core framework is authorized.
        /// </summary>
        /// <param name="actionContext">The HTTP context, which encapsulates all HTTP-specific information about an individual HTTP request.</param>
        /// <returns>
        /// true if access is authorized; otherwise, false.
        /// </returns>
        /// <exception cref="T:System.ArgumentNullException">The <paramref name="httpContext"/> parameter is null.</exception>
        protected override bool IsAuthorized(HttpActionContext actionContext)
        {
            if (actionContext == null)
                throw new ArgumentNullException("actionContext");

            string userIpAddress = ((HttpContextWrapper)actionContext.Request.Properties["MS_HttpContext"]).Request.UserHostName;

            try
            {
                // Check that the IP is allowed to access
                bool ipAllowed = CheckAllowedIPs(userIpAddress);

                // Check that the IP is not denied to access
                bool ipDenied = CheckDeniedIPs(userIpAddress);    

                // Only allowed if allowed and not denied
                bool finallyAllowed = ipAllowed && !ipDenied;

                return finallyAllowed;
            }
            catch (Exception e)
            {
                // Log the exception, probably something wrong with the configuration
            }

            return true; // if there was an exception, then we return true
        }

        /// <summary>
        /// Checks the allowed IPs.
        /// </summary>
        /// <param name="userIpAddress">The user ip address.</param>
        /// <returns></returns>
        private bool CheckAllowedIPs(string userIpAddress)
        {
            // Populate the IPList with the Single IPs
            if (!string.IsNullOrEmpty(AllowedSingleIPs))
            {
                SplitAndAddSingleIPs(AllowedSingleIPs, allowedIPListToCheck);
            }

            // Populate the IPList with the Masked IPs
            if (!string.IsNullOrEmpty(AllowedMaskedIPs))
            {
                SplitAndAddMaskedIPs(AllowedMaskedIPs, allowedIPListToCheck);
            }

            // Check if there are more settings from the configuration (Web.config)
            if (!string.IsNullOrEmpty(ConfigurationKeyAllowedSingleIPs))
            {
                string configurationAllowedAdminSingleIPs = ConfigurationManager.AppSettings[ConfigurationKeyAllowedSingleIPs];
                if (!string.IsNullOrEmpty(configurationAllowedAdminSingleIPs))
                {
                    SplitAndAddSingleIPs(configurationAllowedAdminSingleIPs, allowedIPListToCheck);
                }
            }

            if (!string.IsNullOrEmpty(ConfigurationKeyAllowedMaskedIPs))
            {
                string configurationAllowedAdminMaskedIPs = ConfigurationManager.AppSettings[ConfigurationKeyAllowedMaskedIPs];
                if (!string.IsNullOrEmpty(configurationAllowedAdminMaskedIPs))
                {
                    SplitAndAddMaskedIPs(configurationAllowedAdminMaskedIPs, allowedIPListToCheck);
                }
            }

            return allowedIPListToCheck.CheckNumber(userIpAddress);
        }

        /// <summary>
        /// Checks the denied IPs.
        /// </summary>
        /// <param name="userIpAddress">The user ip address.</param>
        /// <returns></returns>
        private bool CheckDeniedIPs(string userIpAddress)
        {
            // Populate the IPList with the Single IPs
            if (!string.IsNullOrEmpty(DeniedSingleIPs))
            {
                SplitAndAddSingleIPs(DeniedSingleIPs, deniedIPListToCheck);
            }

            // Populate the IPList with the Masked IPs
            if (!string.IsNullOrEmpty(DeniedMaskedIPs))
            {
                SplitAndAddMaskedIPs(DeniedMaskedIPs, deniedIPListToCheck);
            }

            // Check if there are more settings from the configuration (Web.config)
            if (!string.IsNullOrEmpty(ConfigurationKeyDeniedSingleIPs))
            {
                string configurationDeniedAdminSingleIPs = ConfigurationManager.AppSettings[ConfigurationKeyDeniedSingleIPs];
                if (!string.IsNullOrEmpty(configurationDeniedAdminSingleIPs))
                {
                    SplitAndAddSingleIPs(configurationDeniedAdminSingleIPs, deniedIPListToCheck);
                }
            }

            if (!string.IsNullOrEmpty(ConfigurationKeyDeniedMaskedIPs))
            {
                string configurationDeniedAdminMaskedIPs = ConfigurationManager.AppSettings[ConfigurationKeyDeniedMaskedIPs];
                if (!string.IsNullOrEmpty(configurationDeniedAdminMaskedIPs))
                {
                    SplitAndAddMaskedIPs(configurationDeniedAdminMaskedIPs, deniedIPListToCheck);
                }
            }

            return deniedIPListToCheck.CheckNumber(userIpAddress);
        }

        /// <summary>
        /// Splits the incoming ip string of the format "IP,IP" example "10.2.0.0,10.3.0.0" and adds the result to the IPList
        /// </summary>
        /// <param name="ips">The ips.</param>
        /// <param name="list">The list.</param>
        private void SplitAndAddSingleIPs(string ips,IPList list)
        {
            var splitSingleIPs = ips.Split(',');
            foreach (string ip in splitSingleIPs)
                list.Add(ip);
        }

        /// <summary>
        /// Splits the incoming ip string of the format "IP;MASK,IP;MASK" example "10.2.0.0;255.255.0.0,10.3.0.0;255.255.0.0" and adds the result to the IPList
        /// </summary>
        /// <param name="ips">The ips.</param>
        /// <param name="list">The list.</param>
        private void SplitAndAddMaskedIPs(string ips, IPList list)
        {
            var splitMaskedIPs = ips.Split(',');
            foreach (string maskedIp in splitMaskedIPs)
            {
                var ipAndMask = maskedIp.Split(';');
                list.Add(ipAndMask[0], ipAndMask[1]); // IP;MASK
            }
        }

        public override void OnAuthorization(AuthorizationContext filterContext)
        {
            base.OnAuthorization(filterContext);
        }
    }
}

사용 예 :

1. 코드에서 직접 IP 지정

    [FilterIP(
         AllowedSingleIPs="10.2.5.55,192.168.2.2",
         AllowedMaskedIPs="10.2.0.0;255.255.0.0,192.168.2.0;255.255.255.0"
    )]
    public class HomeController {
      // Some code here
    }

2. 또는 Web.config에서 구성로드

    [FilterIP(
         ConfigurationKeyAllowedSingleIPs="AllowedAdminSingleIPs",
         ConfigurationKeyAllowedMaskedIPs="AllowedAdminMaskedIPs",
         ConfigurationKeyDeniedSingleIPs="DeniedAdminSingleIPs",
         ConfigurationKeyDeniedMaskedIPs="DeniedAdminMaskedIPs"
    )]
    public class HomeController {
      // Some code here
    }


<configuration>
<appSettings>
    <add key="AllowedAdminSingleIPs" value="localhost,127.0.0.1"/> <!-- Example "10.2.80.21,192.168.2.2" -->
    <add key="AllowedAdminMaskedIPs" value="10.2.0.0;255.255.0.0"/> <!-- Example "10.2.0.0;255.255.0.0,192.168.2.0;255.255.255.0" -->
    <add key="DeniedAdminSingleIPs" value=""/>    <!-- Example "10.2.80.21,192.168.2.2" -->
    <add key="DeniedAdminMaskedIPs" value=""/>    <!-- Example "10.2.0.0;255.255.0.0,192.168.2.0;255.255.255.0" -->
</appSettings>
</configuration>

UserHostAddress제한을 수행하려면 컨트롤러의 Request 개체에서에 액세스 할 수 있어야합니다 . 이 보호가 필요한 메서드 나 컨트롤러를 간단히 장식 할 수 있도록 확장하고 주소 제한을 AuthorizeAttribute추가 하는 것이 좋습니다 IP.


IPv6 및 IP 범위를 처리 할 수있는 MVC4의이 문제에 대한 솔루션이 필요했습니다. 또한 인증을 위해 화이트리스트와 블랙리스트를 사용해야했지만 IP가 둘 다 아닌 경우 일반 인증 프로세스를 사용해야했습니다.

이것은 @sabbour와 @Richard Szalay ( 특정 IP 범위에 속하는 입력 IP를 확인하는 방법 ) 굉장한 게시물 에서 많은 것을 가져온 후 찾은 솔루션 이므로 도움이 될 수있는 사람을 위해 여기에 다시 게시합니다.

public class MagniAuthorizeAttribute : FilterAttribute, IAuthorizationFilter
{

    #region Allowed

    public bool IsPublic { get; set; }
    /// <summary>
    /// Comma seperated string of allowable IPs. Example "10.2.5.41,192.168.0.22"
    /// </summary>
    /// <value></value>        
    public string AllowedSingleIPs { get; set; }

    /// <summary>
    /// Comma seperated string of allowable IPs with masks. Example "10.2.0.0;255.255.0.0,10.3.0.0;255.255.0.0"
    /// </summary>
    /// <value>The masked I ps.</value>
    public string AllowedIPRanges { get; set; }

    /// <summary>
    /// Gets or sets the configuration key for allowed single IPs
    /// </summary>
    /// <value>The configuration key single I ps.</value>
    public string ConfigurationKeyAllowedSingleIPs { get; set; }

    /// <summary>
    /// Gets or sets the configuration key allowed mmasked IPs
    /// </summary>
    /// <value>The configuration key masked I ps.</value>
    public string ConfigurationKeyAllowedMaskedIPs { get; set; }

    #endregion

    #region Denied
    /// <summary>
    /// Comma seperated string of denied IPs. Example "10.2.5.41,192.168.0.22"
    /// </summary>
    /// <value></value>
    public string DeniedSingleIPs { get; set; }

    /// <summary>
    /// Comma seperated string of denied IPs with masks. Example "10.2.0.0;255.255.0.0,10.3.0.0;255.255.0.0"
    /// </summary>
    /// <value>The masked I ps.</value>
    public string DeniedIPRanges { get; set; }


    /// <summary>
    /// Gets or sets the configuration key for denied single IPs
    /// </summary>
    /// <value>The configuration key single I ps.</value>
    public string ConfigurationKeyDeniedSingleIPs { get; set; }

    /// <summary>
    /// Gets or sets the configuration key for denied masked IPs
    /// </summary>
    /// <value>The configuration key masked I ps.</value>
    public string ConfigurationKeyDeniedMaskedIPs { get; set; }

    #endregion


    /// <summary>
    /// Checks the allowed IPs.
    /// </summary>
    /// <param name="userIpAddress">The user ip address.</param>
    /// <returns></returns>
    private bool CheckAllowedIPs(IPAddress userIpAddress)
    {
        List<IPAddress> allowedIPsToCheck = new List<IPAddress>();
        List<IPAddressRange> allowedIPRangesToCheck = new List<IPAddressRange>();

        // Populate the IPList with the Single IPs
        if (!string.IsNullOrEmpty(AllowedSingleIPs))
        {
            SplitAndAddSingleIPs(AllowedSingleIPs, allowedIPsToCheck);
        }

        // Populate the IPList with the Masked IPs
        if (!string.IsNullOrEmpty(AllowedIPRanges))
        {
            SplitAndAddIPRanges(AllowedIPRanges, allowedIPRangesToCheck);
        }

        // Check if there are more settings from the configuration (Web.config)
        if (!string.IsNullOrEmpty(ConfigurationKeyAllowedSingleIPs))
        {
            string configurationAllowedAdminSingleIPs = ConfigurationManager.AppSettings[ConfigurationKeyAllowedSingleIPs];
            if (!string.IsNullOrEmpty(configurationAllowedAdminSingleIPs))
            {
                SplitAndAddSingleIPs(configurationAllowedAdminSingleIPs, allowedIPsToCheck);
            }
        }

        if (!string.IsNullOrEmpty(ConfigurationKeyAllowedMaskedIPs))
        {
            string configurationAllowedAdminMaskedIPs = ConfigurationManager.AppSettings[ConfigurationKeyAllowedMaskedIPs];
            if (!string.IsNullOrEmpty(configurationAllowedAdminMaskedIPs))
            {
                SplitAndAddIPRanges(configurationAllowedAdminMaskedIPs, allowedIPRangesToCheck);
            }
        }

        return allowedIPsToCheck.Any(a => a.Equals(userIpAddress)) || allowedIPRangesToCheck.Any(a => a.IsInRange(userIpAddress));
    }

    /// <summary>
    /// Checks the denied IPs.
    /// </summary>
    /// <param name="userIpAddress">The user ip address.</param>
    /// <returns></returns>
    private bool CheckDeniedIPs(IPAddress userIpAddress)
    {
        List<IPAddress> deniedIPsToCheck = new List<IPAddress>();
        List<IPAddressRange> deniedIPRangesToCheck = new List<IPAddressRange>();

        // Populate the IPList with the Single IPs
        if (!string.IsNullOrEmpty(DeniedSingleIPs))
        {
            SplitAndAddSingleIPs(DeniedSingleIPs, deniedIPsToCheck);
        }

        // Populate the IPList with the Masked IPs
        if (!string.IsNullOrEmpty(DeniedIPRanges))
        {
            SplitAndAddIPRanges(DeniedIPRanges, deniedIPRangesToCheck);
        }

        // Check if there are more settings from the configuration (Web.config)
        if (!string.IsNullOrEmpty(ConfigurationKeyDeniedSingleIPs))
        {
            string configurationDeniedAdminSingleIPs = ConfigurationManager.AppSettings[ConfigurationKeyDeniedSingleIPs];
            if (!string.IsNullOrEmpty(configurationDeniedAdminSingleIPs))
            {
                SplitAndAddSingleIPs(configurationDeniedAdminSingleIPs, deniedIPsToCheck);
            }
        }

        if (!string.IsNullOrEmpty(ConfigurationKeyDeniedMaskedIPs))
        {
            string configurationDeniedAdminMaskedIPs = ConfigurationManager.AppSettings[ConfigurationKeyDeniedMaskedIPs];
            if (!string.IsNullOrEmpty(configurationDeniedAdminMaskedIPs))
            {
                SplitAndAddIPRanges(configurationDeniedAdminMaskedIPs, deniedIPRangesToCheck);
            }
        }

        return deniedIPsToCheck.Any(a => a.Equals(userIpAddress)) || deniedIPRangesToCheck.Any(a => a.IsInRange(userIpAddress));
    }

    /// <summary>
    /// Splits the incoming ip string of the format "IP,IP" example "10.2.0.0,10.3.0.0" and adds the result to the IPAddress list
    /// </summary>
    /// <param name="ips">The ips.</param>
    /// <param name="list">The list.</param>
    private void SplitAndAddSingleIPs(string ips, List<IPAddress> list)
    {
        var splitSingleIPs = ips.Split(',');
        IPAddress ip;

        foreach (string ipString in splitSingleIPs)
        {
            if(IPAddress.TryParse(ipString, out ip))
                list.Add(ip);
        }
    }

    /// <summary>
    /// Splits the incoming ip ranges string of the format "IP-IP,IP-IP" example "10.2.0.0-10.2.255.255,10.3.0.0-10.3.255.255" and adds the result to the IPAddressRange list
    /// </summary>
    /// <param name="ips">The ips.</param>
    /// <param name="list">The list.</param>
    private void SplitAndAddIPRanges(string ips, List<IPAddressRange> list)
    {
        var splitMaskedIPs = ips.Split(',');
        IPAddress lowerIp;
        IPAddress upperIp;
        foreach (string maskedIp in splitMaskedIPs)
        {
            var ipRange = maskedIp.Split('-');
            if (IPAddress.TryParse(ipRange[0], out lowerIp) && IPAddress.TryParse(ipRange[1], out upperIp))
                list.Add(new IPAddressRange(lowerIp, upperIp));
        }
    }

    protected void HandleUnauthorizedRequest(AuthorizationContext context)
    {
        context.Result = new RedirectToRouteResult(new RouteValueDictionary { { "Controller", "Home" },
                                                                                    { "Action", "Login" },
                                                                                    { "OriginalURL", context.HttpContext.Request.Url.AbsoluteUri } });
    }

    protected bool AuthorizeCore(AuthorizationContext context)
    {
        try
        {
            string userIPString = context.HttpContext.Request.UserHostName;
            IPAddress userIPAddress = IPAddress.Parse(userIPString);

            // Check that the IP is allowed to access
            bool? ipAllowed = CheckAllowedIPs(userIPAddress) ? true : (bool?)null;

            // Check that the IP is not denied to access
            ipAllowed = CheckDeniedIPs(userIPAddress) ? false : ipAllowed;

            if (ipAllowed.HasValue)
            {
                return ipAllowed.Value;
            }

            var serverSession = context.HttpContext.Session;

            UserSession session = null;

            //usersession in server session
            if (serverSession[Settings.HttpContextUserSession] != null)
            {
                session = (UserSession)serverSession[Settings.HttpContextUserSession];
                Trace.TraceInformation($"[{MethodBase.GetCurrentMethod().Name}] UserId:" + session.UserId + ". ClientId: " + session.ClientId);
                return true;
            }

            //usersession in database from cookie
            session = UserSession.GetSession(context.HttpContext.Request.Cookies.Get("sessionId").Value);
            if (session != null)
            {
                Trace.TraceInformation($"[{MethodBase.GetCurrentMethod().Name}] Session found for cookie {context.HttpContext.Request.Cookies.Get("sessionId").Value}");
                serverSession[Settings.HttpContextUserSession] = session;
                Trace.TraceInformation($"[{MethodBase.GetCurrentMethod().Name}] UserId:" + session.UserId + ". ClientId: " + session.ClientId);

                return true;
            }
            else
            {
                Trace.TraceInformation($"[{MethodBase.GetCurrentMethod().Name}] No session found for cookie {serverSession["cookie"]}");
                return false;
            }

        }
        catch (Exception ex)
        {
            Trace.TraceError($"[{MethodBase.GetCurrentMethod().Name}] exception: {ex.Message} - trace {ex.StackTrace}");
            return false;
        }
    }

    public void OnAuthorization(AuthorizationContext actionContext)
    {
        if (IsPublic == false && AuthorizeCore(actionContext) == false)
        {
            HandleUnauthorizedRequest(actionContext);
        }
    }
}

나는 sabbour의 솔루션이 훌륭하다는 것을 알았지 만 내 목적에 더 유용하도록 두 가지 변경이 필요했습니다.

  1. 허용 목록이 비어있는 경우 액세스를 허용합니다. 이렇게하면 구성 (예 : 테스트 배포)을 변경하여 모든 IP를 허용하거나 명시 적으로 거부 된 IP를 제외한 모든 IP를 허용 할 수 있습니다. 이를 위해 Count 속성을 포함하도록 IPList를 확장하고 CheckAllowedIPs의 일부로 확인했습니다.

    return _allowedIpListToCheck.Count == 0 || _allowedIpListToCheck.CheckNumber(userIpAddress);
    
  2. HandleUnauthorizedRequest를 재정 의하여 항상 403을 반환합니다. AuthorizeAtrribute는 기본적으로 401을 반환합니다.

    public override void OnAuthorization(AuthorizationContext actionContext)
    {
        if (AuthorizeCore((HttpContextBase)actionContext.HttpContext))
            return;
        HandleUnauthorizedRequest(actionContext);
    }
    
    protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
    {
            filterContext.Result = new HttpStatusCodeResult(403, "IP Access Denied");
    }
    

다음은 FilterIpAttribute 클래스의 전체 변형입니다.

public class FilterIpAttribute:AuthorizeAttribute
{

    #region Allowed
    /// <summary>
    /// Comma seperated string of allowable IPs. Example "10.2.5.41,192.168.0.22"
    /// </summary>
    /// <value></value>
    public string AllowedSingleIPs { get; set; }

    /// <summary>
    /// Comma seperated string of allowable IPs with masks. Example "10.2.0.0;255.255.0.0,10.3.0.0;255.255.0.0"
    /// </summary>
    /// <value>The masked I ps.</value>
    public string AllowedMaskedIPs { get; set; }

    /// <summary>
    /// Gets or sets the configuration key for allowed single IPs
    /// </summary>
    /// <value>The configuration key single I ps.</value>
    public string ConfigurationKeyAllowedSingleIPs { get; set; }

    /// <summary>
    /// Gets or sets the configuration key allowed mmasked IPs
    /// </summary>
    /// <value>The configuration key masked I ps.</value>
    public string ConfigurationKeyAllowedMaskedIPs { get; set; }

    /// <summary>
    /// List of allowed IPs
    /// </summary>
    readonly IpList _allowedIpListToCheck = new IpList();
    #endregion

    #region Denied
    /// <summary>
    /// Comma seperated string of denied IPs. Example "10.2.5.41,192.168.0.22"
    /// </summary>
    /// <value></value>
    public string DeniedSingleIPs { get; set; }

    /// <summary>
    /// Comma seperated string of denied IPs with masks. Example "10.2.0.0;255.255.0.0,10.3.0.0;255.255.0.0"
    /// </summary>
    /// <value>The masked I ps.</value>
    public string DeniedMaskedIPs { get; set; }


    /// <summary>
    /// Gets or sets the configuration key for denied single IPs
    /// </summary>
    /// <value>The configuration key single I ps.</value>
    public string ConfigurationKeyDeniedSingleIPs { get; set; }

    /// <summary>
    /// Gets or sets the configuration key for denied masked IPs
    /// </summary>
    /// <value>The configuration key masked I ps.</value>
    public string ConfigurationKeyDeniedMaskedIPs { get; set; }

    /// <summary>
    /// List of denied IPs
    /// </summary>
    readonly IpList _deniedIpListToCheck = new IpList();
    #endregion

    protected override bool AuthorizeCore(HttpContextBase httpContext)
    {
        if (httpContext == null)
            throw new ArgumentNullException("httpContext");

        string userIpAddress = httpContext.Request.UserIp();

        try
        {
            // Check that the IP is allowed to access
            bool ipAllowed = CheckAllowedIPs(userIpAddress);

            // Check that the IP is not denied to access
            bool ipDenied = CheckDeniedIPs(userIpAddress);

            //Only allowed if allowed and not denied

            bool finallyAllowed = ipAllowed && !ipDenied;


            return finallyAllowed;
        }
        catch (Exception e)
        {
            // Log the exception, probably something wrong with the configuration
        }

        return true; // if there was an exception, then we return true
    }

    /// <summary>
    /// Checks the allowed IPs.
    /// </summary>
    /// <param name="userIpAddress">The user ip address.</param>
    /// <returns></returns>
    private bool CheckAllowedIPs(string userIpAddress)
    {
        // Populate the IPList with the Single IPs
        if (!string.IsNullOrEmpty(AllowedSingleIPs))
        {
            SplitAndAddSingleIPs(AllowedSingleIPs, _allowedIpListToCheck);
        }

        // Populate the IPList with the Masked IPs
        if (!string.IsNullOrEmpty(AllowedMaskedIPs))
        {
            SplitAndAddMaskedIPs(AllowedMaskedIPs, _allowedIpListToCheck);
        }

        // Check if there are more settings from the configuration (Web.config)
        if (!string.IsNullOrEmpty(ConfigurationKeyAllowedSingleIPs))
        {
            string configurationAllowedAdminSingleIPs = ConfigurationManager.AppSettings[ConfigurationKeyAllowedSingleIPs];
            if (!string.IsNullOrEmpty(configurationAllowedAdminSingleIPs))
            {
                SplitAndAddSingleIPs(configurationAllowedAdminSingleIPs, _allowedIpListToCheck);
            }
        }

        if (!string.IsNullOrEmpty(ConfigurationKeyAllowedMaskedIPs))
        {
            string configurationAllowedAdminMaskedIPs = ConfigurationManager.AppSettings[ConfigurationKeyAllowedMaskedIPs];
            if (!string.IsNullOrEmpty(configurationAllowedAdminMaskedIPs))
            {
                SplitAndAddMaskedIPs(configurationAllowedAdminMaskedIPs, _allowedIpListToCheck);
            }
        }

        return _allowedIpListToCheck.Count == 0 || _allowedIpListToCheck.CheckNumber(userIpAddress);
    }

    /// <summary>
    /// Checks the denied IPs.
    /// </summary>
    /// <param name="userIpAddress">The user ip address.</param>
    /// <returns></returns>
    private bool CheckDeniedIPs(string userIpAddress)
    {
        // Populate the IPList with the Single IPs
        if (!string.IsNullOrEmpty(DeniedSingleIPs))
        {
            SplitAndAddSingleIPs(DeniedSingleIPs, _deniedIpListToCheck);
        }

        // Populate the IPList with the Masked IPs
        if (!string.IsNullOrEmpty(DeniedMaskedIPs))
        {
            SplitAndAddMaskedIPs(DeniedMaskedIPs, _deniedIpListToCheck);
        }

        // Check if there are more settings from the configuration (Web.config)
        if (!string.IsNullOrEmpty(ConfigurationKeyDeniedSingleIPs))
        {
            string configurationDeniedAdminSingleIPs = ConfigurationManager.AppSettings[ConfigurationKeyDeniedSingleIPs];
            if (!string.IsNullOrEmpty(configurationDeniedAdminSingleIPs))
            {
                SplitAndAddSingleIPs(configurationDeniedAdminSingleIPs, _deniedIpListToCheck);
            }
        }

        if (!string.IsNullOrEmpty(ConfigurationKeyDeniedMaskedIPs))
        {
            string configurationDeniedAdminMaskedIPs = ConfigurationManager.AppSettings[ConfigurationKeyDeniedMaskedIPs];
            if (!string.IsNullOrEmpty(configurationDeniedAdminMaskedIPs))
            {
                SplitAndAddMaskedIPs(configurationDeniedAdminMaskedIPs, _deniedIpListToCheck);
            }
        }

        return _deniedIpListToCheck.CheckNumber(userIpAddress);
    }

    /// <summary>
    /// Splits the incoming ip string of the format "IP,IP" example "10.2.0.0,10.3.0.0" and adds the result to the IPList
    /// </summary>
    /// <param name="ips">The ips.</param>
    /// <param name="list">The list.</param>
    private void SplitAndAddSingleIPs(string ips, IpList list)
    {
        var splitSingleIPs = ips.Split(',');
        foreach (string ip in splitSingleIPs)
            list.Add(ip);
    }

    /// <summary>
    /// Splits the incoming ip string of the format "IP;MASK,IP;MASK" example "10.2.0.0;255.255.0.0,10.3.0.0;255.255.0.0" and adds the result to the IPList
    /// </summary>
    /// <param name="ips">The ips.</param>
    /// <param name="list">The list.</param>
    private void SplitAndAddMaskedIPs(string ips, IpList list)
    {
        var splitMaskedIPs = ips.Split(',');
        foreach (string maskedIp in splitMaskedIPs)
        {
            var ipAndMask = maskedIp.Split(';');
            list.Add(ipAndMask[0], ipAndMask[1]); // IP;MASK
        }
    }

    public override void OnAuthorization(AuthorizationContext actionContext)
    {
        if (AuthorizeCore((HttpContextBase)actionContext.HttpContext))
            return;
        HandleUnauthorizedRequest(actionContext);
    }

    protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
    {
            filterContext.Result = new HttpStatusCodeResult(403, "IP Access Denied");
    }
}

github에서 osa가 제안한 사용자 IP를 가져 오는 확장 방법

public static class HttpUtils {

    public static string UserIp(this HttpRequestBase request)
    {
        var ip = request["HTTP_X_FORWARDED_FOR"];

        if (!string.IsNullOrWhiteSpace(ip))
        {
            ip = ip.Split(',').Last().Trim();
        }

        if (string.IsNullOrWhiteSpace(ip))
        {
            ip = request.UserHostAddress;
        }

        return ip;
    }
}

그리고 마지막으로 IPList 수정 (전체 소스는 여기 ) :

internal class IpArrayList
{
    //[...]
    public int Count
    {
        get { return _ipNumList.Count; }
    }

 }

public class IpList
{
      //[...]
     public int Count
     {
         get { return _usedList.Count; }
     }
}

메신저를 사용하는 가장 간단한 방법

먼저:

구성 테이블 (있는 경우) 또는 다른 테이블에 한 행을 추가하고 액세스 가능한 IP를이 테이블에 삽입합니다.

둘째:

이 작업 필터를 startup.cs에 추가하십시오.

public class IpAuthAttribute : ActionFilterAttribute
{
    public override void OnActionExecuting(ActionExecutingContext filterContext)
    {
        base.OnActionExecuting(filterContext);
        string ip = System.Web.HttpContext.Current.Request.UserHostAddress;
        string ips = "";
        using (var db = new DataBase())
        {
            ips = db.Configs.SingleOrDefault().IP;
        }
        if (!ips.Contains(ip))
        {
            filterContext.Result = new RedirectToRouteResult(new System.Web.Routing.RouteValueDictionary(new
            {
                controller = "Account",
                action = "OutOfRange"
            }));
        }
    }
}

그런 다음 컨트롤러에서 원하는 모든 작업에 이것을 사용하십시오.

[IpAuth]
public ActionResult Index()
{
    return View();
}

참고 URL : https://stackoverflow.com/questions/473687/restrict-access-to-a-specific-controller-by-ip-address-in-asp-net-mvc-beta

반응형