cguldogan · November 7, 2017 17:24 · cguldogan · Nov 7, 2017
diff --git a/AuthorizeIPAddressAttribute.cs b/AuthorizeIPAddressAttribute.cs
 using System;
 using System.Configuration;
 using System.Linq;
 using System.Net;
 using System.Net.Http;
 using System.Web;
 using System.Web.Http.Controllers;
 using ActionFilterAttribute = System.Web.Http.Filters.ActionFilterAttribute;

 namespace Api.Filters
 {
    /// <summary> 
    /// Only allows authorized IP addresses access. 
    /// </summary> 
    public class AuthorizeIPAddressAttribute : ActionFilterAttribute
    {
        public override void OnActionExecuting(HttpActionContext filterContext)
        {
            //Get users IP Address 
            string ipAddress = HttpContext.Current.Request.UserHostAddress;

            if (ipAddress != null && !IsIpAddressValid(ipAddress.Trim()))
            {
                //Send back a HTTP Status code of 403 Forbidden  
                filterContext.Response = new HttpResponseMessage(HttpStatusCode.Forbidden);
            }

            base.OnActionExecuting(filterContext);
        }

        /// <summary> 
        /// Compares an IP address to list of valid IP addresses attempting to 
        /// find a match 
        /// </summary> 
        /// <param name="ipAddress">String representation of a valid IP Address</param> 
        /// <returns></returns> 
        public static bool IsIpAddressValid(string ipAddress)
        {
            //Split the users IP address into it's 4 octets (Assumes IPv4) 
            var incomingOctets = ipAddress.Trim().Split('.');

            //Get the valid IP addresses from the web.config 
            var addresses =
              Convert.ToString(ConfigurationManager.AppSettings["AuthorizeIPAddresses"]);

            //Store each valid IP address in a string array 
            var validIpAddresses = addresses.Trim().Split(',');

            //Iterate through each valid IP address 
            foreach (var validIpAddress in validIpAddresses)
            {
                //Return true if valid IP address matches the users 
                if (validIpAddress.Trim() == ipAddress)
                {
                    return true;
                }

                //Split the valid IP address into it's 4 octets 
                var validOctets = validIpAddress.Trim().Split('.');

                var matches = !validOctets.Where((t, index) => t != "*" && t != incomingOctets[index]).Any();

                //Iterate through each octet 

                if (matches)
                {
                    return true;
                }
            }

            //Found no matches 
            return false;
        }
    }
 }
	using System;
	using System.Configuration;
	using System.Linq;
	using System.Net;
	using System.Net.Http;
	using System.Web;
	using System.Web.Http.Controllers;
	using ActionFilterAttribute = System.Web.Http.Filters.ActionFilterAttribute;

	namespace Api.Filters
	{
	/// <summary>
	/// Only allows authorized IP addresses access.
	/// </summary>
	public class AuthorizeIPAddressAttribute : ActionFilterAttribute
	{
	public override void OnActionExecuting(HttpActionContext filterContext)
	{
	//Get users IP Address
	string ipAddress = HttpContext.Current.Request.UserHostAddress;

	if (ipAddress != null && !IsIpAddressValid(ipAddress.Trim()))
	{
	//Send back a HTTP Status code of 403 Forbidden
	filterContext.Response = new HttpResponseMessage(HttpStatusCode.Forbidden);
	}

	base.OnActionExecuting(filterContext);
	}

	/// <summary>
	/// Compares an IP address to list of valid IP addresses attempting to
	/// find a match
	/// </summary>
	/// <param name="ipAddress">String representation of a valid IP Address</param>
	/// <returns></returns>
	public static bool IsIpAddressValid(string ipAddress)
	{
	//Split the users IP address into it's 4 octets (Assumes IPv4)
	var incomingOctets = ipAddress.Trim().Split('.');

	//Get the valid IP addresses from the web.config
	var addresses =
	Convert.ToString(ConfigurationManager.AppSettings["AuthorizeIPAddresses"]);

	//Store each valid IP address in a string array
	var validIpAddresses = addresses.Trim().Split(',');

	//Iterate through each valid IP address
	foreach (var validIpAddress in validIpAddresses)
	{
	//Return true if valid IP address matches the users
	if (validIpAddress.Trim() == ipAddress)
	{
	return true;
	}

	//Split the valid IP address into it's 4 octets
	var validOctets = validIpAddress.Trim().Split('.');

	var matches = !validOctets.Where((t, index) => t != "*" && t != incomingOctets[index]).Any();

	//Iterate through each octet

	if (matches)
	{
	return true;
	}
	}

	//Found no matches
	return false;
	}
	}
	}
No results found