我有一个 ASP.NET MVC 项目,其中包含一个 AdminController 类并给我这样的 URls:
我想配置服务器/应用程序,以便只能从 192.168.0.0/24 网络(即我们的 LAN)访问包含 /Admin 的 URI
我想限制此 Controller 只能从某些 IP 地址访问。
在 WebForms 下,/admin/是我可以在 IIS 中限制的物理文件夹……但是对于 MVC,当然没有物理文件夹。这是否可以使用 web.config 或属性来实现,还是我需要拦截 HTTP 请求才能实现?
最佳答案
我知道这是一个老问题,但我今天需要这个功能,所以我实现了它并考虑将其发布在这里。
使用此处的 IPList 类 (http://www.codeproject.com/KB/IP/ipnumbers.aspx)
过滤属性FilterIPAttribute.cs:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Http;
using System.Security.Principal;
using System.Configuration;
namespace Miscellaneous.Attributes.Controller
{
/// <summary>
/// Filter by IP address
/// </summary>
public class FilterIPAttribute : AuthorizeAttribute
{
#region Allowed
/// <summary>
/// Comma seperated string of allowable IPs. Example "10.2.5.41,192.168.0.22"
/// </summary>
/// <value></value>
public string AllowedSingleIPs { get; set; }
/// <summary>
/// Comma seperated string of allowable IPs with masks. Example "10.2.0.0;255.255.0.0,10.3.0.0;255.255.0.0"
/// </summary>
/// <value>The masked I ps.</value>
public string AllowedMaskedIPs { get; set; }
/// <summary>
/// Gets or sets the configuration key for allowed single IPs
/// </summary>
/// <value>The configuration key single I ps.</value>
public string ConfigurationKeyAllowedSingleIPs { get; set; }
/// <summary>
/// Gets or sets the configuration key allowed mmasked IPs
/// </summary>
/// <value>The configuration key masked I ps.</value>
public string ConfigurationKeyAllowedMaskedIPs { get; set; }
/// <summary>
/// List of allowed IPs
/// </summary>
IPList allowedIPListToCheck = new IPList();
#endregion
#region Denied
/// <summary>
/// Comma seperated string of denied IPs. Example "10.2.5.41,192.168.0.22"
/// </summary>
/// <value></value>
public string DeniedSingleIPs { get; set; }
/// <summary>
/// Comma seperated string of denied IPs with masks. Example "10.2.0.0;255.255.0.0,10.3.0.0;255.255.0.0"
/// </summary>
/// <value>The masked I ps.</value>
public string DeniedMaskedIPs { get; set; }
/// <summary>
/// Gets or sets the configuration key for denied single IPs
/// </summary>
/// <value>The configuration key single I ps.</value>
public string ConfigurationKeyDeniedSingleIPs { get; set; }
/// <summary>
/// Gets or sets the configuration key for denied masked IPs
/// </summary>
/// <value>The configuration key masked I ps.</value>
public string ConfigurationKeyDeniedMaskedIPs { get; set; }
/// <summary>
/// List of denied IPs
/// </summary>
IPList deniedIPListToCheck = new IPList();
#endregion
/// <summary>
/// Determines whether access to the core framework is authorized.
/// </summary>
/// <param name="actionContext">The HTTP context, which encapsulates all HTTP-specific information about an individual HTTP request.</param>
/// <returns>
/// true if access is authorized; otherwise, false.
/// </returns>
/// <exception cref="T:System.ArgumentNullException">The <paramref name="httpContext"/> parameter is null.</exception>
protected override bool IsAuthorized(HttpActionContext actionContext)
{
if (actionContext == null)
throw new ArgumentNullException("actionContext");
string userIpAddress = ((HttpContextWrapper)actionContext.Request.Properties["MS_HttpContext"]).Request.UserHostName;
try
{
// Check that the IP is allowed to access
bool ipAllowed = CheckAllowedIPs(userIpAddress);
// Check that the IP is not denied to access
bool ipDenied = CheckDeniedIPs(userIpAddress);
// Only allowed if allowed and not denied
bool finallyAllowed = ipAllowed && !ipDenied;
return finallyAllowed;
}
catch (Exception e)
{
// Log the exception, probably something wrong with the configuration
}
return true; // if there was an exception, then we return true
}
/// <summary>
/// Checks the allowed IPs.
/// </summary>
/// <param name="userIpAddress">The user ip address.</param>
/// <returns></returns>
private bool CheckAllowedIPs(string userIpAddress)
{
// Populate the IPList with the Single IPs
if (!string.IsNullOrEmpty(AllowedSingleIPs))
{
SplitAndAddSingleIPs(AllowedSingleIPs, allowedIPListToCheck);
}
// Populate the IPList with the Masked IPs
if (!string.IsNullOrEmpty(AllowedMaskedIPs))
{
SplitAndAddMaskedIPs(AllowedMaskedIPs, allowedIPListToCheck);
}
// Check if there are more settings from the configuration (Web.config)
if (!string.IsNullOrEmpty(ConfigurationKeyAllowedSingleIPs))
{
string configurationAllowedAdminSingleIPs = ConfigurationManager.AppSettings[ConfigurationKeyAllowedSingleIPs];
if (!string.IsNullOrEmpty(configurationAllowedAdminSingleIPs))
{
SplitAndAddSingleIPs(configurationAllowedAdminSingleIPs, allowedIPListToCheck);
}
}
if (!string.IsNullOrEmpty(ConfigurationKeyAllowedMaskedIPs))
{
string configurationAllowedAdminMaskedIPs = ConfigurationManager.AppSettings[ConfigurationKeyAllowedMaskedIPs];
if (!string.IsNullOrEmpty(configurationAllowedAdminMaskedIPs))
{
SplitAndAddMaskedIPs(configurationAllowedAdminMaskedIPs, allowedIPListToCheck);
}
}
return allowedIPListToCheck.CheckNumber(userIpAddress);
}
/// <summary>
/// Checks the denied IPs.
/// </summary>
/// <param name="userIpAddress">The user ip address.</param>
/// <returns></returns>
private bool CheckDeniedIPs(string userIpAddress)
{
// Populate the IPList with the Single IPs
if (!string.IsNullOrEmpty(DeniedSingleIPs))
{
SplitAndAddSingleIPs(DeniedSingleIPs, deniedIPListToCheck);
}
// Populate the IPList with the Masked IPs
if (!string.IsNullOrEmpty(DeniedMaskedIPs))
{
SplitAndAddMaskedIPs(DeniedMaskedIPs, deniedIPListToCheck);
}
// Check if there are more settings from the configuration (Web.config)
if (!string.IsNullOrEmpty(ConfigurationKeyDeniedSingleIPs))
{
string configurationDeniedAdminSingleIPs = ConfigurationManager.AppSettings[ConfigurationKeyDeniedSingleIPs];
if (!string.IsNullOrEmpty(configurationDeniedAdminSingleIPs))
{
SplitAndAddSingleIPs(configurationDeniedAdminSingleIPs, deniedIPListToCheck);
}
}
if (!string.IsNullOrEmpty(ConfigurationKeyDeniedMaskedIPs))
{
string configurationDeniedAdminMaskedIPs = ConfigurationManager.AppSettings[ConfigurationKeyDeniedMaskedIPs];
if (!string.IsNullOrEmpty(configurationDeniedAdminMaskedIPs))
{
SplitAndAddMaskedIPs(configurationDeniedAdminMaskedIPs, deniedIPListToCheck);
}
}
return deniedIPListToCheck.CheckNumber(userIpAddress);
}
/// <summary>
/// Splits the incoming ip string of the format "IP,IP" example "10.2.0.0,10.3.0.0" and adds the result to the IPList
/// </summary>
/// <param name="ips">The ips.</param>
/// <param name="list">The list.</param>
private void SplitAndAddSingleIPs(string ips,IPList list)
{
var splitSingleIPs = ips.Split(',');
foreach (string ip in splitSingleIPs)
list.Add(ip);
}
/// <summary>
/// Splits the incoming ip string of the format "IP;MASK,IP;MASK" example "10.2.0.0;255.255.0.0,10.3.0.0;255.255.0.0" and adds the result to the IPList
/// </summary>
/// <param name="ips">The ips.</param>
/// <param name="list">The list.</param>
private void SplitAndAddMaskedIPs(string ips, IPList list)
{
var splitMaskedIPs = ips.Split(',');
foreach (string maskedIp in splitMaskedIPs)
{
var ipAndMask = maskedIp.Split(';');
list.Add(ipAndMask[0], ipAndMask[1]); // IP;MASK
}
}
public override void OnAuthorization(AuthorizationContext filterContext)
{
base.OnAuthorization(filterContext);
}
}
}
示例用法:
<强>1。直接指定IP在 代码
[FilterIP(
AllowedSingleIPs="10.2.5.55,192.168.2.2",
AllowedMaskedIPs="10.2.0.0;255.255.0.0,192.168.2.0;255.255.255.0"
)]
public class HomeController {
// Some code here
}
<强>2。或者,从 Web.config 加载配置
[FilterIP(
ConfigurationKeyAllowedSingleIPs="AllowedAdminSingleIPs",
ConfigurationKeyAllowedMaskedIPs="AllowedAdminMaskedIPs",
ConfigurationKeyDeniedSingleIPs="DeniedAdminSingleIPs",
ConfigurationKeyDeniedMaskedIPs="DeniedAdminMaskedIPs"
)]
public class HomeController {
// Some code here
}
<configuration>
<appSettings>
<add key="AllowedAdminSingleIPs" value="localhost,127.0.0.1"/> <!-- Example "10.2.80.21,192.168.2.2" -->
<add key="AllowedAdminMaskedIPs" value="10.2.0.0;255.255.0.0"/> <!-- Example "10.2.0.0;255.255.0.0,192.168.2.0;255.255.255.0" -->
<add key="DeniedAdminSingleIPs" value=""/> <!-- Example "10.2.80.21,192.168.2.2" -->
<add key="DeniedAdminMaskedIPs" value=""/> <!-- Example "10.2.0.0;255.255.0.0,192.168.2.0;255.255.255.0" -->
</appSettings>
</configuration>
关于c# - 在 ASP.NET MVC Beta 中通过 IP 地址限制对特定 Controller 的访问,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/473687/
类classAprivatedeffooputs:fooendpublicdefbarputs:barendprivatedefzimputs:zimendprotecteddefdibputs:dibendendA的实例a=A.new测试a.foorescueputs:faila.barrescueputs:faila.zimrescueputs:faila.dibrescueputs:faila.gazrescueputs:fail测试输出failbarfailfailfail.发送测试[:foo,:bar,:zim,:dib,:gaz].each{|m|a.send(m)resc
我想要做的是有2个不同的Controller,client和test_client。客户端Controller已经构建,我想创建一个test_clientController,我可以使用它来玩弄客户端的UI并根据需要进行调整。我主要是想绕过我在客户端中内置的验证及其对加载数据的管理Controller的依赖。所以我希望test_clientController加载示例数据集,然后呈现客户端Controller的索引View,以便我可以调整客户端UI。就是这样。我在test_clients索引方法中试过这个:classTestClientdefindexrender:template=>
我有一个包含模块的模型。我想在模块中覆盖模型的访问器方法。例如:classBlah这显然行不通。有什么想法可以实现吗? 最佳答案 您的代码看起来是正确的。我们正在毫无困难地使用这个确切的模式。如果我没记错的话,Rails使用#method_missing作为属性setter,因此您的模块将优先,阻止ActiveRecord的setter。如果您正在使用ActiveSupport::Concern(参见thisblogpost),那么您的实例方法需要进入一个特殊的模块:classBlah
刚入门rails,开始慢慢理解。有人可以解释或给我一些关于在application_controller中编码的好处或时间和原因的想法吗?有哪些用例。您如何为Rails应用程序使用应用程序Controller?我不想在那里放太多代码,因为据我了解,每个请求都会调用此Controller。这是真的? 最佳答案 ApplicationController实际上是您应用程序中的每个其他Controller都将从中继承的类(尽管这不是强制性的)。我同意不要用太多代码弄乱它并保持干净整洁的态度,尽管在某些情况下ApplicationContr
我正在使用Sequel构建一个愿望list系统。我有一个wishlists和itemstable和一个items_wishlists连接表(该名称是续集选择的名称)。items_wishlists表还有一个用于facebookid的额外列(因此我可以存储opengraph操作),这是一个NOTNULL列。我还有Wishlist和Item具有续集many_to_many关联的模型已建立。Wishlist类也有:selectmany_to_many关联的选项设置为select:[:items.*,:items_wishlists__facebook_action_id].有没有一种方法可以
我知道您通常应该在Rails中使用新建/创建和编辑/更新之间的链接,但我有一个情况需要其他东西。无论如何我可以实现同样的连接吗?我有一个模型表单,我希望它发布数据(类似于新View如何发布到创建操作)。这是我的表格prohibitedthisjobfrombeingsaved: 最佳答案 使用:url选项。=form_for@job,:url=>company_path,:html=>{:method=>:post/:put} 关于ruby-on-rails-rails:Howtomak
我有一个rubyonrails应用程序。我按照facebook的说明添加了一个像素。但是,要跟踪转化,Facebook要求您将页面置于达到预期结果时出现的转化中。即,如果我想显示客户已注册,我会将您注册后转到的页面作为成功对象进行跟踪。我的问题是,当客户注册时,在我的应用程序中没有登陆页面。该应用程序将用户带回主页。它在主页上显示了一条消息,所以我想看看是否有一种方法可以跟踪来自Controller操作而不是实际页面的转化。我需要计数的Action没有页面,它们是ControllerAction。是否有任何人都知道的关于如何执行此操作的gem、文档或最佳实践?这是进入布局文件的像素
我有一个存储主机名的Ruby数组server_names。如果我打印出来,它看起来像这样:["hostname.abc.com","hostname2.abc.com","hostname3.abc.com"]相当标准。我想要做的是获取这些服务器的IP(可能将它们存储在另一个变量中)。看起来IPSocket类可以做到这一点,但我不确定如何使用IPSocket类遍历它。如果它只是尝试像这样打印出IP:server_names.eachdo|name|IPSocket::getaddress(name)pnameend它提示我没有提供服务器名称。这是语法问题还是我没有正确使用类?输出:ge
如何在ruby中调用C#dll? 最佳答案 我能想到几种可能性:为您的DLL编写(或找人编写)一个COM包装器,如果它还没有,则使用Ruby的WIN32OLE库来调用它;看看RubyCLR,其中一位作者是JohnLam,他继续在Microsoft从事IronRuby方面的工作。(估计不会再维护了,可能不支持.Net2.0以上的版本);正如其他地方已经提到的,看看使用IronRuby,如果这是您的技术选择。有一个主题是here.请注意,最后一篇文章实际上来自JohnLam(看起来像是2009年3月),他似乎很自在地断言RubyCL
我正在尝试在Ruby中复制Convert.ToBase64String()行为。这是我的C#代码:varsha1=newSHA1CryptoServiceProvider();varpasswordBytes=Encoding.UTF8.GetBytes("password");varpasswordHash=sha1.ComputeHash(passwordBytes);returnConvert.ToBase64String(passwordHash);//returns"W6ph5Mm5Pz8GgiULbPgzG37mj9g="当我在Ruby中尝试同样的事情时,我得到了相同sha