2

In our MVC 3 solution we have a site with many sections. Customer want to have a possibility to manage access to each section by IP address(from admin part). What are the standard ways of implementing this requirements? I see, smth like this: every section has a list of wildcards, that represent IP addresses, and then we we somehow validate IP address using this wildcards.

valerii.sverdlik
  • 559
  • 4
  • 18
  • Yes, that's pretty much it. What do you have so far? What worked? What didn't? (How do you deal with changing IP addresses? With NAT? With IPv6?) – Piskvor left the building Nov 09 '11 at 12:38
  • I didn't try anything yet, because I thought this tas kis pretty standard and there must be standard solutions. Regarding IPv6 - yes, it would be perfect if I could validate IPv^ addresses – valerii.sverdlik Nov 09 '11 at 12:50

1 Answers1

3

I would suggest not using directly IP addresses in your code - these tend to change from time to time. Do create system of "zones", similar like in many personal firewalls.

My solution would be basically like this :

Create custom authorization attribute

public class AuthorizeZone: AuthorizeAttribute
{
    private string _zone; 
    public AuthorizeZone(string zoneName)
    {
        _zone = zoneName;
    }

    protected override bool AuthorizeCore(HttpContextBase httpContext)
    {
        var zone = GetZoneIpMappingsFromXMLorDB_IdeallyCached(_zone);
        return zone.ContainsIp(httpContext.Request.UserHostAddress); // implement by simple list or ip-mask
    }        
}

you then use it like this

[AuthorizeZone("Intranet")]
public ActionResult Foo()
{}

Your zones definitions is up to you, use XML, database, whatever...

rouen
  • 5,003
  • 2
  • 25
  • 48
  • thank you for suggestion. but it doesn't cover my needs. the things I need: some easy and flexible way of editing ID list by not-it-specialists and a way to check this permissions. But anyway, I will use your idea – valerii.sverdlik Nov 09 '11 at 16:33
  • my solution will certainly satisfy your needs - once you have "zones" in database, you can make some user-friendly administration to edit them – rouen Nov 09 '11 at 18:07