Best way to check IP address in a lot of pages

Discussion in 'ASP .Net' started by Andrew Banks, Jan 17, 2004.

  1. Andrew Banks

    Andrew Banks Guest

    I'm going to have an admin section to a site I'm developing using ASP.NET C#

    I want to restrict access to this directory based on username and password
    (I've got that bit done) but also upon the IP address of the user accessing
    it. I only want my IP to get access to this directory but my IP may change
    from time to time so this should be easy to change in the code - ideally in
    one place.

    Is this possible and if so what is the best way to do it?
    Andrew Banks, Jan 17, 2004
    #1
    1. Advertising

  2. Andrew Banks

    Nick Guest

    Can you put the allowable IPs in the web.config?

    "Andrew Banks" <> wrote in message
    news:BKaOb.1892$...
    > I'm going to have an admin section to a site I'm developing using ASP.NET

    C#
    >
    > I want to restrict access to this directory based on username and password
    > (I've got that bit done) but also upon the IP address of the user

    accessing
    > it. I only want my IP to get access to this directory but my IP may change
    > from time to time so this should be easy to change in the code - ideally

    in
    > one place.
    >
    > Is this possible and if so what is the best way to do it?
    >
    >
    Nick, Jan 17, 2004
    #2
    1. Advertising

  3. Andrew Banks

    Andrew Banks Guest

    That's what I was thinking. I've got my authorisation set to forms in their
    and that's working fine for this directory, I just want to add the IP as an
    extra measure.

    Is this possibe anyone?

    "Nick" <> wrote in message
    news:...
    > Can you put the allowable IPs in the web.config?
    >
    > "Andrew Banks" <> wrote in message
    > news:BKaOb.1892$...
    > > I'm going to have an admin section to a site I'm developing using

    ASP.NET
    > C#
    > >
    > > I want to restrict access to this directory based on username and

    password
    > > (I've got that bit done) but also upon the IP address of the user

    > accessing
    > > it. I only want my IP to get access to this directory but my IP may

    change
    > > from time to time so this should be easy to change in the code - ideally

    > in
    > > one place.
    > >
    > > Is this possible and if so what is the best way to do it?
    > >
    > >

    >
    >
    Andrew Banks, Jan 17, 2004
    #3
  4. Andrew Banks

    Nick Guest

    Well you've got the UserHostAddress in HttpRequest which gives the IP of the
    client for the current Session. In the page that requires further
    authentication, simply check this value with the list of allowable IPs,
    possibly loaded from the web.config or elsewhere.

    "Andrew Banks" <> wrote in message
    news:Z0bOb.1904$...
    > That's what I was thinking. I've got my authorisation set to forms in

    their
    > and that's working fine for this directory, I just want to add the IP as

    an
    > extra measure.
    >
    > Is this possibe anyone?
    >
    > "Nick" <> wrote in message
    > news:...
    > > Can you put the allowable IPs in the web.config?
    > >
    > > "Andrew Banks" <> wrote in message
    > > news:BKaOb.1892$...
    > > > I'm going to have an admin section to a site I'm developing using

    > ASP.NET
    > > C#
    > > >
    > > > I want to restrict access to this directory based on username and

    > password
    > > > (I've got that bit done) but also upon the IP address of the user

    > > accessing
    > > > it. I only want my IP to get access to this directory but my IP may

    > change
    > > > from time to time so this should be easy to change in the code -

    ideally
    > > in
    > > > one place.
    > > >
    > > > Is this possible and if so what is the best way to do it?
    > > >
    > > >

    > >
    > >

    >
    >
    Nick, Jan 17, 2004
    #4
  5. I don't think you can do this as a built in feature of asp.net. However,
    you should be able to easily add the IP check into your forms authentication
    code. Add a key to your web.config file with the IP Address:

    <appSettings>
    <add key="AdminIPAddress" value="a.b.c.d" />
    </appSettings>

    In the login check, check the remote IP Address against the allowed IP
    Address:

    string remoteIP = Request.ServerVariables["remote_addr"];
    string allowedIP =
    System.Configuration.ConfigurationSettings.AppSettings["AdminIPAddress"];

    if (remoteIP == allowedIP)
    {
    bool isAuthenticated = FormsAuthentication.Authenticate(username,
    password);
    if (isAuthenticated)
    {
    // User logged in successfully and IP Address is valid
    }
    else
    {
    // User login failed, but IP Address is valid
    }
    }
    else
    {
    // User login failed. IP Address is invalid
    }

    Hope this helps,

    Mun

    --
    Munsifali Rashid
    http://www.munsplace.com/




    "Andrew Banks" <> wrote in message
    news:Z0bOb.1904$...
    > That's what I was thinking. I've got my authorisation set to forms in

    their
    > and that's working fine for this directory, I just want to add the IP as

    an
    > extra measure.
    >
    > Is this possibe anyone?
    Munsifali Rashid, Jan 17, 2004
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Replies:
    3
    Views:
    1,403
  2. Tobias[br]

    the best pratice to save lot of data

    Tobias[br], Sep 2, 2004, in forum: ASP .Net
    Replies:
    3
    Views:
    367
    Rocky Moore
    Sep 2, 2004
  3. Darren Kirby

    Best way to get ip address

    Darren Kirby, Sep 9, 2004, in forum: Python
    Replies:
    2
    Views:
    378
    Pierre Fortin
    Sep 9, 2004
  4. fl
    Replies:
    2
    Views:
    439
  5. Brent
    Replies:
    0
    Views:
    117
    Brent
    Dec 26, 2003
Loading...

Share This Page