在 ASP.NET MVC Beta 中通过 IP 地址限制对特定控制器的访问

我有一个 ASP.NET MVC 项目,其中包含一个 AdminController 类,它给我的 URL 如下:

Http://example.com/admin/addcustomer

Http://examle.com/admin/listcustomers

我想配置服务器/应用程序,以便包含 行政的 URI 只能从192.168.0.0/24网络(即我们的 LAN)访问

我想限制这个控制器只能从特定的 IP 地址访问。

在 WebForms 中,/admin/是一个物理文件夹,我可以在 IIS 中对其进行限制... ... 但在 MVC 中,当然没有物理文件夹。这是否可以使用 web.config 或属性实现,还是需要截获 HTTP 请求才能实现?

67612 次浏览
小开

您应该能够访问控制器中 Request 对象中的 UserHostAddress,以便对。我建议您可以扩展 AuthorizeAttribute并在其上添加您的 IP地址限制,这样您就可以简单地装饰需要这种保护的任何方法或控制器。

小开
最佳答案

我知道这是一个老问题,但我今天需要有这个功能,所以我实现了它,并考虑在这里发布它。

从这里使用 IPList 类(http://www.codeproject.com/KB/IP/ipnumbers.aspx)

Filter 属性的 filteripattribute.cs 是:

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Http;
using System.Security.Principal;
using System.Configuration;


namespace Miscellaneous.Attributes.Controller
{


/// <summary>
/// Filter by IP address
/// </summary>
public class FilterIPAttribute : AuthorizeAttribute
{


#region Allowed
/// <summary>
/// Comma seperated string of allowable IPs. Example "10.2.5.41,192.168.0.22"
/// </summary>
/// <value></value>
public string AllowedSingleIPs { get; set; }


/// <summary>
/// Comma seperated string of allowable IPs with masks. Example "10.2.0.0;255.255.0.0,10.3.0.0;255.255.0.0"
/// </summary>
/// <value>The masked I ps.</value>
public string AllowedMaskedIPs { get; set; }


/// <summary>
/// Gets or sets the configuration key for allowed single IPs
/// </summary>
/// <value>The configuration key single I ps.</value>
public string ConfigurationKeyAllowedSingleIPs { get; set; }


/// <summary>
/// Gets or sets the configuration key allowed mmasked IPs
/// </summary>
/// <value>The configuration key masked I ps.</value>
public string ConfigurationKeyAllowedMaskedIPs { get; set; }


/// <summary>
/// List of allowed IPs
/// </summary>
IPList allowedIPListToCheck = new IPList();
#endregion


#region Denied
/// <summary>
/// Comma seperated string of denied IPs. Example "10.2.5.41,192.168.0.22"
/// </summary>
/// <value></value>
public string DeniedSingleIPs { get; set; }


/// <summary>
/// Comma seperated string of denied IPs with masks. Example "10.2.0.0;255.255.0.0,10.3.0.0;255.255.0.0"
/// </summary>
/// <value>The masked I ps.</value>
public string DeniedMaskedIPs { get; set; }




/// <summary>
/// Gets or sets the configuration key for denied single IPs
/// </summary>
/// <value>The configuration key single I ps.</value>
public string ConfigurationKeyDeniedSingleIPs { get; set; }


/// <summary>
/// Gets or sets the configuration key for denied masked IPs
/// </summary>
/// <value>The configuration key masked I ps.</value>
public string ConfigurationKeyDeniedMaskedIPs { get; set; }


/// <summary>
/// List of denied IPs
/// </summary>
IPList deniedIPListToCheck = new IPList();
#endregion




/// <summary>
/// Determines whether access to the core framework is authorized.
/// </summary>
/// <param name="actionContext">The HTTP context, which encapsulates all HTTP-specific information about an individual HTTP request.</param>
/// <returns>
/// true if access is authorized; otherwise, false.
/// </returns>
/// <exception cref="T:System.ArgumentNullException">The <paramref name="httpContext"/> parameter is null.</exception>
protected override bool IsAuthorized(HttpActionContext actionContext)
{
if (actionContext == null)
throw new ArgumentNullException("actionContext");


string userIpAddress = ((HttpContextWrapper)actionContext.Request.Properties["MS_HttpContext"]).Request.UserHostName;


try
{
// Check that the IP is allowed to access
bool ipAllowed = CheckAllowedIPs(userIpAddress);


// Check that the IP is not denied to access
bool ipDenied = CheckDeniedIPs(userIpAddress);


// Only allowed if allowed and not denied
bool finallyAllowed = ipAllowed && !ipDenied;


return finallyAllowed;
}
catch (Exception e)
{
// Log the exception, probably something wrong with the configuration
}


return true; // if there was an exception, then we return true
}


/// <summary>
/// Checks the allowed IPs.
/// </summary>
/// <param name="userIpAddress">The user ip address.</param>
/// <returns></returns>
private bool CheckAllowedIPs(string userIpAddress)
{
// Populate the IPList with the Single IPs
if (!string.IsNullOrEmpty(AllowedSingleIPs))
{
SplitAndAddSingleIPs(AllowedSingleIPs, allowedIPListToCheck);
}


// Populate the IPList with the Masked IPs
if (!string.IsNullOrEmpty(AllowedMaskedIPs))
{
SplitAndAddMaskedIPs(AllowedMaskedIPs, allowedIPListToCheck);
}


// Check if there are more settings from the configuration (Web.config)
if (!string.IsNullOrEmpty(ConfigurationKeyAllowedSingleIPs))
{
string configurationAllowedAdminSingleIPs = ConfigurationManager.AppSettings[ConfigurationKeyAllowedSingleIPs];
if (!string.IsNullOrEmpty(configurationAllowedAdminSingleIPs))
{
SplitAndAddSingleIPs(configurationAllowedAdminSingleIPs, allowedIPListToCheck);
}
}


if (!string.IsNullOrEmpty(ConfigurationKeyAllowedMaskedIPs))
{
string configurationAllowedAdminMaskedIPs = ConfigurationManager.AppSettings[ConfigurationKeyAllowedMaskedIPs];
if (!string.IsNullOrEmpty(configurationAllowedAdminMaskedIPs))
{
SplitAndAddMaskedIPs(configurationAllowedAdminMaskedIPs, allowedIPListToCheck);
}
}


return allowedIPListToCheck.CheckNumber(userIpAddress);
}


/// <summary>
/// Checks the denied IPs.
/// </summary>
/// <param name="userIpAddress">The user ip address.</param>
/// <returns></returns>
private bool CheckDeniedIPs(string userIpAddress)
{
// Populate the IPList with the Single IPs
if (!string.IsNullOrEmpty(DeniedSingleIPs))
{
SplitAndAddSingleIPs(DeniedSingleIPs, deniedIPListToCheck);
}


// Populate the IPList with the Masked IPs
if (!string.IsNullOrEmpty(DeniedMaskedIPs))
{
SplitAndAddMaskedIPs(DeniedMaskedIPs, deniedIPListToCheck);
}


// Check if there are more settings from the configuration (Web.config)
if (!string.IsNullOrEmpty(ConfigurationKeyDeniedSingleIPs))
{
string configurationDeniedAdminSingleIPs = ConfigurationManager.AppSettings[ConfigurationKeyDeniedSingleIPs];
if (!string.IsNullOrEmpty(configurationDeniedAdminSingleIPs))
{
SplitAndAddSingleIPs(configurationDeniedAdminSingleIPs, deniedIPListToCheck);
}
}


if (!string.IsNullOrEmpty(ConfigurationKeyDeniedMaskedIPs))
{
string configurationDeniedAdminMaskedIPs = ConfigurationManager.AppSettings[ConfigurationKeyDeniedMaskedIPs];
if (!string.IsNullOrEmpty(configurationDeniedAdminMaskedIPs))
{
SplitAndAddMaskedIPs(configurationDeniedAdminMaskedIPs, deniedIPListToCheck);
}
}


return deniedIPListToCheck.CheckNumber(userIpAddress);
}


/// <summary>
/// Splits the incoming ip string of the format "IP,IP" example "10.2.0.0,10.3.0.0" and adds the result to the IPList
/// </summary>
/// <param name="ips">The ips.</param>
/// <param name="list">The list.</param>
private void SplitAndAddSingleIPs(string ips,IPList list)
{
var splitSingleIPs = ips.Split(',');
foreach (string ip in splitSingleIPs)
list.Add(ip);
}


/// <summary>
/// Splits the incoming ip string of the format "IP;MASK,IP;MASK" example "10.2.0.0;255.255.0.0,10.3.0.0;255.255.0.0" and adds the result to the IPList
/// </summary>
/// <param name="ips">The ips.</param>
/// <param name="list">The list.</param>
private void SplitAndAddMaskedIPs(string ips, IPList list)
{
var splitMaskedIPs = ips.Split(',');
foreach (string maskedIp in splitMaskedIPs)
{
var ipAndMask = maskedIp.Split(';');
list.Add(ipAndMask[0], ipAndMask[1]); // IP;MASK
}
}


public override void OnAuthorization(AuthorizationContext filterContext)
{
base.OnAuthorization(filterContext);
}
}
}

示例用法:

中直接指定 IP 代码 

    [FilterIP(
AllowedSingleIPs="10.2.5.55,192.168.2.2",
AllowedMaskedIPs="10.2.0.0;255.255.0.0,192.168.2.0;255.255.255.0"
)]
public class HomeController {
// Some code here
}

或者,从 Web.config 加载配置

    [FilterIP(
ConfigurationKeyAllowedSingleIPs="AllowedAdminSingleIPs",
ConfigurationKeyAllowedMaskedIPs="AllowedAdminMaskedIPs",
ConfigurationKeyDeniedSingleIPs="DeniedAdminSingleIPs",
ConfigurationKeyDeniedMaskedIPs="DeniedAdminMaskedIPs"
)]
public class HomeController {
// Some code here
}




<configuration>
<appSettings>
<add key="AllowedAdminSingleIPs" value="localhost,127.0.0.1"/> <!-- Example "10.2.80.21,192.168.2.2" -->
<add key="AllowedAdminMaskedIPs" value="10.2.0.0;255.255.0.0"/> <!-- Example "10.2.0.0;255.255.0.0,192.168.2.0;255.255.255.0" -->
<add key="DeniedAdminSingleIPs" value=""/>    <!-- Example "10.2.80.21,192.168.2.2" -->
<add key="DeniedAdminMaskedIPs" value=""/>    <!-- Example "10.2.0.0;255.255.0.0,192.168.2.0;255.255.255.0" -->
</appSettings>
</configuration>
小开

我需要一个解决方案,在 MVC4的这个问题,可以处理 IPv6和 IP 范围。另外,我需要使用白名单和黑名单进行授权,但是当 IP 都不是时,我还需要使用常规的授权过程。

这是我从@sabbour 和@Richard Szalay (如何检查输入 IP 落在特定的 IP 范围)的精彩帖子中得到的解决方案,所以我把它发回到这里,不管它对谁有帮助。

public class MagniAuthorizeAttribute : FilterAttribute, IAuthorizationFilter
{


#region Allowed


public bool IsPublic { get; set; }
/// <summary>
/// Comma seperated string of allowable IPs. Example "10.2.5.41,192.168.0.22"
/// </summary>
/// <value></value>
public string AllowedSingleIPs { get; set; }


/// <summary>
/// Comma seperated string of allowable IPs with masks. Example "10.2.0.0;255.255.0.0,10.3.0.0;255.255.0.0"
/// </summary>
/// <value>The masked I ps.</value>
public string AllowedIPRanges { get; set; }


/// <summary>
/// Gets or sets the configuration key for allowed single IPs
/// </summary>
/// <value>The configuration key single I ps.</value>
public string ConfigurationKeyAllowedSingleIPs { get; set; }


/// <summary>
/// Gets or sets the configuration key allowed mmasked IPs
/// </summary>
/// <value>The configuration key masked I ps.</value>
public string ConfigurationKeyAllowedMaskedIPs { get; set; }


#endregion


#region Denied
/// <summary>
/// Comma seperated string of denied IPs. Example "10.2.5.41,192.168.0.22"
/// </summary>
/// <value></value>
public string DeniedSingleIPs { get; set; }


/// <summary>
/// Comma seperated string of denied IPs with masks. Example "10.2.0.0;255.255.0.0,10.3.0.0;255.255.0.0"
/// </summary>
/// <value>The masked I ps.</value>
public string DeniedIPRanges { get; set; }




/// <summary>
/// Gets or sets the configuration key for denied single IPs
/// </summary>
/// <value>The configuration key single I ps.</value>
public string ConfigurationKeyDeniedSingleIPs { get; set; }


/// <summary>
/// Gets or sets the configuration key for denied masked IPs
/// </summary>
/// <value>The configuration key masked I ps.</value>
public string ConfigurationKeyDeniedMaskedIPs { get; set; }


#endregion




/// <summary>
/// Checks the allowed IPs.
/// </summary>
/// <param name="userIpAddress">The user ip address.</param>
/// <returns></returns>
private bool CheckAllowedIPs(IPAddress userIpAddress)
{
List<IPAddress> allowedIPsToCheck = new List<IPAddress>();
List<IPAddressRange> allowedIPRangesToCheck = new List<IPAddressRange>();


// Populate the IPList with the Single IPs
if (!string.IsNullOrEmpty(AllowedSingleIPs))
{
SplitAndAddSingleIPs(AllowedSingleIPs, allowedIPsToCheck);
}


// Populate the IPList with the Masked IPs
if (!string.IsNullOrEmpty(AllowedIPRanges))
{
SplitAndAddIPRanges(AllowedIPRanges, allowedIPRangesToCheck);
}


// Check if there are more settings from the configuration (Web.config)
if (!string.IsNullOrEmpty(ConfigurationKeyAllowedSingleIPs))
{
string configurationAllowedAdminSingleIPs = ConfigurationManager.AppSettings[ConfigurationKeyAllowedSingleIPs];
if (!string.IsNullOrEmpty(configurationAllowedAdminSingleIPs))
{
SplitAndAddSingleIPs(configurationAllowedAdminSingleIPs, allowedIPsToCheck);
}
}


if (!string.IsNullOrEmpty(ConfigurationKeyAllowedMaskedIPs))
{
string configurationAllowedAdminMaskedIPs = ConfigurationManager.AppSettings[ConfigurationKeyAllowedMaskedIPs];
if (!string.IsNullOrEmpty(configurationAllowedAdminMaskedIPs))
{
SplitAndAddIPRanges(configurationAllowedAdminMaskedIPs, allowedIPRangesToCheck);
}
}


return allowedIPsToCheck.Any(a => a.Equals(userIpAddress)) || allowedIPRangesToCheck.Any(a => a.IsInRange(userIpAddress));
}


/// <summary>
/// Checks the denied IPs.
/// </summary>
/// <param name="userIpAddress">The user ip address.</param>
/// <returns></returns>
private bool CheckDeniedIPs(IPAddress userIpAddress)
{
List<IPAddress> deniedIPsToCheck = new List<IPAddress>();
List<IPAddressRange> deniedIPRangesToCheck = new List<IPAddressRange>();


// Populate the IPList with the Single IPs
if (!string.IsNullOrEmpty(DeniedSingleIPs))
{
SplitAndAddSingleIPs(DeniedSingleIPs, deniedIPsToCheck);
}


// Populate the IPList with the Masked IPs
if (!string.IsNullOrEmpty(DeniedIPRanges))
{
SplitAndAddIPRanges(DeniedIPRanges, deniedIPRangesToCheck);
}


// Check if there are more settings from the configuration (Web.config)
if (!string.IsNullOrEmpty(ConfigurationKeyDeniedSingleIPs))
{
string configurationDeniedAdminSingleIPs = ConfigurationManager.AppSettings[ConfigurationKeyDeniedSingleIPs];
if (!string.IsNullOrEmpty(configurationDeniedAdminSingleIPs))
{
SplitAndAddSingleIPs(configurationDeniedAdminSingleIPs, deniedIPsToCheck);
}
}


if (!string.IsNullOrEmpty(ConfigurationKeyDeniedMaskedIPs))
{
string configurationDeniedAdminMaskedIPs = ConfigurationManager.AppSettings[ConfigurationKeyDeniedMaskedIPs];
if (!string.IsNullOrEmpty(configurationDeniedAdminMaskedIPs))
{
SplitAndAddIPRanges(configurationDeniedAdminMaskedIPs, deniedIPRangesToCheck);
}
}


return deniedIPsToCheck.Any(a => a.Equals(userIpAddress)) || deniedIPRangesToCheck.Any(a => a.IsInRange(userIpAddress));
}


/// <summary>
/// Splits the incoming ip string of the format "IP,IP" example "10.2.0.0,10.3.0.0" and adds the result to the IPAddress list
/// </summary>
/// <param name="ips">The ips.</param>
/// <param name="list">The list.</param>
private void SplitAndAddSingleIPs(string ips, List<IPAddress> list)
{
var splitSingleIPs = ips.Split(',');
IPAddress ip;


foreach (string ipString in splitSingleIPs)
{
if(IPAddress.TryParse(ipString, out ip))
list.Add(ip);
}
}


/// <summary>
/// Splits the incoming ip ranges string of the format "IP-IP,IP-IP" example "10.2.0.0-10.2.255.255,10.3.0.0-10.3.255.255" and adds the result to the IPAddressRange list
/// </summary>
/// <param name="ips">The ips.</param>
/// <param name="list">The list.</param>
private void SplitAndAddIPRanges(string ips, List<IPAddressRange> list)
{
var splitMaskedIPs = ips.Split(',');
IPAddress lowerIp;
IPAddress upperIp;
foreach (string maskedIp in splitMaskedIPs)
{
var ipRange = maskedIp.Split('-');
if (IPAddress.TryParse(ipRange[0], out lowerIp) && IPAddress.TryParse(ipRange[1], out upperIp))
list.Add(new IPAddressRange(lowerIp, upperIp));
}
}


protected void HandleUnauthorizedRequest(AuthorizationContext context)
{
context.Result = new RedirectToRouteResult(new RouteValueDictionary { { "Controller", "Home" },
{ "Action", "Login" },
{ "OriginalURL", context.HttpContext.Request.Url.AbsoluteUri } });
}


protected bool AuthorizeCore(AuthorizationContext context)
{
try
{
string userIPString = context.HttpContext.Request.UserHostName;
IPAddress userIPAddress = IPAddress.Parse(userIPString);


// Check that the IP is allowed to access
bool? ipAllowed = CheckAllowedIPs(userIPAddress) ? true : (bool?)null;


// Check that the IP is not denied to access
ipAllowed = CheckDeniedIPs(userIPAddress) ? false : ipAllowed;


if (ipAllowed.HasValue)
{
return ipAllowed.Value;
}


var serverSession = context.HttpContext.Session;


UserSession session = null;


//usersession in server session
if (serverSession[Settings.HttpContextUserSession] != null)
{
session = (UserSession)serverSession[Settings.HttpContextUserSession];
Trace.TraceInformation($"[{MethodBase.GetCurrentMethod().Name}] UserId:" + session.UserId + ". ClientId: " + session.ClientId);
return true;
}


//usersession in database from cookie
session = UserSession.GetSession(context.HttpContext.Request.Cookies.Get("sessionId").Value);
if (session != null)
{
Trace.TraceInformation($"[{MethodBase.GetCurrentMethod().Name}] Session found for cookie {context.HttpContext.Request.Cookies.Get("sessionId").Value}");
serverSession[Settings.HttpContextUserSession] = session;
Trace.TraceInformation($"[{MethodBase.GetCurrentMethod().Name}] UserId:" + session.UserId + ". ClientId: " + session.ClientId);


return true;
}
else
{
Trace.TraceInformation($"[{MethodBase.GetCurrentMethod().Name}] No session found for cookie {serverSession["cookie"]}");
return false;
}


}
catch (Exception ex)
{
Trace.TraceError($"[{MethodBase.GetCurrentMethod().Name}] exception: {ex.Message} - trace {ex.StackTrace}");
return false;
}
}


public void OnAuthorization(AuthorizationContext actionContext)
{
if (IsPublic == false && AuthorizeCore(actionContext) == false)
{
HandleUnauthorizedRequest(actionContext);
}
}
}
小开

我发现 sabbour 的解决方案很棒,但需要做两个更改,以便对我的目标更有用:

  1. 如果允许的列表为空,则允许访问。通过这种方式,您可以通过简单地更改配置(例如测试部署)来允许任何 IP,或者允许除了显式拒绝的 IP 之外的所有 IP。为此,我将 IPList 扩展到 包含 Count 属性并将其作为 CheckAllowedIP 的一部分进行检查:

    return _allowedIpListToCheck.Count == 0 || _allowedIpListToCheck.CheckNumber(userIpAddress);

  2. Override HandleUnauthorizedRequest to always return 403. The AuthorizeAtrribute returns 401 by default: 

    public override void OnAuthorization(AuthorizationContext actionContext)
{
if (AuthorizeCore((HttpContextBase)actionContext.HttpContext))
return;
HandleUnauthorizedRequest(actionContext);
}


protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
filterContext.Result = new HttpStatusCodeResult(403, "IP Access Denied");
}

Here is the full variation of the FilterIpAttribute class:

public class FilterIpAttribute:AuthorizeAttribute
{


#region Allowed
/// <summary>
/// Comma seperated string of allowable IPs. Example "10.2.5.41,192.168.0.22"
/// </summary>
/// <value></value>
public string AllowedSingleIPs { get; set; }


/// <summary>
/// Comma seperated string of allowable IPs with masks. Example "10.2.0.0;255.255.0.0,10.3.0.0;255.255.0.0"
/// </summary>
/// <value>The masked I ps.</value>
public string AllowedMaskedIPs { get; set; }


/// <summary>
/// Gets or sets the configuration key for allowed single IPs
/// </summary>
/// <value>The configuration key single I ps.</value>
public string ConfigurationKeyAllowedSingleIPs { get; set; }


/// <summary>
/// Gets or sets the configuration key allowed mmasked IPs
/// </summary>
/// <value>The configuration key masked I ps.</value>
public string ConfigurationKeyAllowedMaskedIPs { get; set; }


/// <summary>
/// List of allowed IPs
/// </summary>
readonly IpList _allowedIpListToCheck = new IpList();
#endregion


#region Denied
/// <summary>
/// Comma seperated string of denied IPs. Example "10.2.5.41,192.168.0.22"
/// </summary>
/// <value></value>
public string DeniedSingleIPs { get; set; }


/// <summary>
/// Comma seperated string of denied IPs with masks. Example "10.2.0.0;255.255.0.0,10.3.0.0;255.255.0.0"
/// </summary>
/// <value>The masked I ps.</value>
public string DeniedMaskedIPs { get; set; }




/// <summary>
/// Gets or sets the configuration key for denied single IPs
/// </summary>
/// <value>The configuration key single I ps.</value>
public string ConfigurationKeyDeniedSingleIPs { get; set; }


/// <summary>
/// Gets or sets the configuration key for denied masked IPs
/// </summary>
/// <value>The configuration key masked I ps.</value>
public string ConfigurationKeyDeniedMaskedIPs { get; set; }


/// <summary>
/// List of denied IPs
/// </summary>
readonly IpList _deniedIpListToCheck = new IpList();
#endregion


protected override bool AuthorizeCore(HttpContextBase httpContext)
{
if (httpContext == null)
throw new ArgumentNullException("httpContext");


string userIpAddress = httpContext.Request.UserIp();


try
{
// Check that the IP is allowed to access
bool ipAllowed = CheckAllowedIPs(userIpAddress);


// Check that the IP is not denied to access
bool ipDenied = CheckDeniedIPs(userIpAddress);


//Only allowed if allowed and not denied


bool finallyAllowed = ipAllowed && !ipDenied;




return finallyAllowed;
}
catch (Exception e)
{
// Log the exception, probably something wrong with the configuration
}


return true; // if there was an exception, then we return true
}


/// <summary>
/// Checks the allowed IPs.
/// </summary>
/// <param name="userIpAddress">The user ip address.</param>
/// <returns></returns>
private bool CheckAllowedIPs(string userIpAddress)
{
// Populate the IPList with the Single IPs
if (!string.IsNullOrEmpty(AllowedSingleIPs))
{
SplitAndAddSingleIPs(AllowedSingleIPs, _allowedIpListToCheck);
}


// Populate the IPList with the Masked IPs
if (!string.IsNullOrEmpty(AllowedMaskedIPs))
{
SplitAndAddMaskedIPs(AllowedMaskedIPs, _allowedIpListToCheck);
}


// Check if there are more settings from the configuration (Web.config)
if (!string.IsNullOrEmpty(ConfigurationKeyAllowedSingleIPs))
{
string configurationAllowedAdminSingleIPs = ConfigurationManager.AppSettings[ConfigurationKeyAllowedSingleIPs];
if (!string.IsNullOrEmpty(configurationAllowedAdminSingleIPs))
{
SplitAndAddSingleIPs(configurationAllowedAdminSingleIPs, _allowedIpListToCheck);
}
}


if (!string.IsNullOrEmpty(ConfigurationKeyAllowedMaskedIPs))
{
string configurationAllowedAdminMaskedIPs = ConfigurationManager.AppSettings[ConfigurationKeyAllowedMaskedIPs];
if (!string.IsNullOrEmpty(configurationAllowedAdminMaskedIPs))
{
SplitAndAddMaskedIPs(configurationAllowedAdminMaskedIPs, _allowedIpListToCheck);
}
}


return _allowedIpListToCheck.Count == 0 || _allowedIpListToCheck.CheckNumber(userIpAddress);
}


/// <summary>
/// Checks the denied IPs.
/// </summary>
/// <param name="userIpAddress">The user ip address.</param>
/// <returns></returns>
private bool CheckDeniedIPs(string userIpAddress)
{
// Populate the IPList with the Single IPs
if (!string.IsNullOrEmpty(DeniedSingleIPs))
{
SplitAndAddSingleIPs(DeniedSingleIPs, _deniedIpListToCheck);
}


// Populate the IPList with the Masked IPs
if (!string.IsNullOrEmpty(DeniedMaskedIPs))
{
SplitAndAddMaskedIPs(DeniedMaskedIPs, _deniedIpListToCheck);
}


// Check if there are more settings from the configuration (Web.config)
if (!string.IsNullOrEmpty(ConfigurationKeyDeniedSingleIPs))
{
string configurationDeniedAdminSingleIPs = ConfigurationManager.AppSettings[ConfigurationKeyDeniedSingleIPs];
if (!string.IsNullOrEmpty(configurationDeniedAdminSingleIPs))
{
SplitAndAddSingleIPs(configurationDeniedAdminSingleIPs, _deniedIpListToCheck);
}
}


if (!string.IsNullOrEmpty(ConfigurationKeyDeniedMaskedIPs))
{
string configurationDeniedAdminMaskedIPs = ConfigurationManager.AppSettings[ConfigurationKeyDeniedMaskedIPs];
if (!string.IsNullOrEmpty(configurationDeniedAdminMaskedIPs))
{
SplitAndAddMaskedIPs(configurationDeniedAdminMaskedIPs, _deniedIpListToCheck);
}
}


return _deniedIpListToCheck.CheckNumber(userIpAddress);
}


/// <summary>
/// Splits the incoming ip string of the format "IP,IP" example "10.2.0.0,10.3.0.0" and adds the result to the IPList
/// </summary>
/// <param name="ips">The ips.</param>
/// <param name="list">The list.</param>
private void SplitAndAddSingleIPs(string ips, IpList list)
{
var splitSingleIPs = ips.Split(',');
foreach (string ip in splitSingleIPs)
list.Add(ip);
}


/// <summary>
/// Splits the incoming ip string of the format "IP;MASK,IP;MASK" example "10.2.0.0;255.255.0.0,10.3.0.0;255.255.0.0" and adds the result to the IPList
/// </summary>
/// <param name="ips">The ips.</param>
/// <param name="list">The list.</param>
private void SplitAndAddMaskedIPs(string ips, IpList list)
{
var splitMaskedIPs = ips.Split(',');
foreach (string maskedIp in splitMaskedIPs)
{
var ipAndMask = maskedIp.Split(';');
list.Add(ipAndMask[0], ipAndMask[1]); // IP;MASK
}
}


public override void OnAuthorization(AuthorizationContext actionContext)
{
if (AuthorizeCore((HttpContextBase)actionContext.HttpContext))
return;
HandleUnauthorizedRequest(actionContext);
}


protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
filterContext.Result = new HttpStatusCodeResult(403, "IP Access Denied");
}
}

一种扩展方法,以获得用户的 IP 所建议的美国通信协会的 Github

public static class HttpUtils {


public static string UserIp(this HttpRequestBase request)
{
var ip = request["HTTP_X_FORWARDED_FOR"];


if (!string.IsNullOrWhiteSpace(ip))
{
ip = ip.Split(',').Last().Trim();
}


if (string.IsNullOrWhiteSpace(ip))
{
ip = request.UserHostAddress;
}


return ip;
}
}

最后,修改了 IPList (完整源代码是 给你) :

internal class IpArrayList
{
//[...]
public int Count
{
get { return _ipNumList.Count; }
}


}


public class IpList
{
//[...]
public int Count
{
get { return _usedList.Count; }
}
}
小开

我使用的最简单的方法

第一:

在配置表或任何其他表上添加一行(如果有的话) ,并将可访问的 IP 插入到该表中。

第二:

将这个操作过滤器添加到 startup.cs

public class IpAuthAttribute : ActionFilterAttribute
{
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
base.OnActionExecuting(filterContext);
string ip = System.Web.HttpContext.Current.Request.UserHostAddress;
string ips = "";
using (var db = new DataBase())
{
ips = db.Configs.SingleOrDefault().IP;
}
if (!ips.Contains(ip))
{
filterContext.Result = new RedirectToRouteResult(new System.Web.Routing.RouteValueDictionary(new
{
controller = "Account",
action = "OutOfRange"
}));
}
}
}

然后在控制器上的每个操作中使用它

[IpAuth]
public ActionResult Index()
{
return View();
}

提交答案