I wonder how I can block calls that are not from direct Url's allowed on the server. Or is it possible to implement some other direct validation in oauth to block accesses other than those URLs?
Web API - Blocking specific calls to the server
0
asked by anonymous 03.12.2018 / 15:36
1 answer
0
Then I managed to block the application in another way, through the I.P. Through some research I saw that this was the best solution to apply to the system, which is an Owin system.
Solution :
Follow the solution:
public static string GetIP(this HttpRequestMessage request)
{
if (request.Properties.ContainsKey("MS_OwinContext"))
{
return HttpContext.Current != null ? HttpContext.Current.Request.GetOwinContext().Request.RemoteIpAddress : null;
}
if (request.Properties.ContainsKey("MS_HttpContext"))
{
return HttpContext.Current != null ? HttpContext.Current.Request.UserHostAddress : null;
}
return null;
}
public static bool AllowIP(this HttpRequestMessage request)
{
string whiteList= ConfigurationManager.AppSettings["whiteListIp"];
if (!IsNullOrEmpty(whiteList))
{
string[] ipList = whiteList.Split(';');
var ipAdress= request.GetIP();
bool ipAllowed = ipList.Where(x => x.Trim().Equals(ipAdress, StringComparison.InvariantCultureIgnoreCase)).Any();
return ipAllowed;
}
else return true;
}
Filter:
public class AllowedIpFilter: DelegatingHandler
{
protected override async Task<HttpResponseMessage> SendAsync(HttpRequestMessage request,
CancellationToken cancellationToken)
{
if (request.AllowIP())
{
return await base.SendAsync(request, cancellationToken);
}
return request.CreateErrorResponse(HttpStatusCode.Unauthorized, "Access denied!");
}
}
04.12.2018 / 13:03