IP filtering attribute for web API

Recently I came up with a solution for filtering the API requests by filtering the server IP. This is used when you want to make the received requests private and secure. It's a simple helper and I hope it could be useful for you as well.

  1. public class AuthorizeApiIPAddressAttribute : ActionFilterAttribute
  2.     {
  3.         public override void OnActionExecuted(HttpActionExecutedContext actionExecutedContext)
  4.         {
  5.             //Get users IP Address
  6.             string ipAddress = HttpContext.Current.Request.UserHostAddress;
  7.  
  8.             if (!IsIpAddressValid(ipAddress.Trim()))
  9.             {
  10.                 actionExecutedContext.Response = new System.Net.Http.HttpResponseMessage(HttpStatusCode.Unauthorized);
  11.             }
  12.  
  13.             base.OnActionExecuted(actionExecutedContext);
  14.         }
  15.  
  16.         /// <summary>
  17.         /// Compares an IP address to list of valid IP addresses attempting to
  18.         /// find a match
  19.         /// </summary>
  20.         /// <param name="ipAddress">String representation of a valid IP Address</param>
  21.         /// <returns></returns>
  22.         public static bool IsIpAddressValid(string ipAddress)
  23.         {
  24.             //Split the users IP address into it's 4 octets (Assumes IPv4)
  25.             string[] incomingOctets = ipAddress.Trim().Split(new char[] { '.' });
  26.  
  27.             //Get the valid IP addresses from the web.config
  28.             string addresses = Convert.ToString(AppSettingHelper.GetSetting("AuthorizedIPAddresses"));
  29.  
  30.             //Store each valid IP address in a string array
  31.             string[] validIpAddresses = addresses.Trim().Split(new char[] { ',' });
  32.  
  33.             //Iterate through each valid IP address
  34.             foreach (var validIpAddress in validIpAddresses)
  35.             {
  36.                 //Return true if valid IP address matches the users
  37.                 if (validIpAddress.Trim() == ipAddress)
  38.                 {
  39.                     return true;
  40.                 }
  41.  
  42.                 //Split the valid IP address into it's 4 octets
  43.                 string[] validOctets = validIpAddress.Trim().Split(new char[] { '.' });
  44.  
  45.                 bool matches = true;
  46.  
  47.                 //Iterate through each octet
  48.                 for (int index = 0; index < validOctets.Length; index++)
  49.                 {
  50.                     //Skip if octet is an asterisk indicating an entire
  51.                     //subnet range is valid
  52.                     if (validOctets[index] != "*")
  53.                     {
  54.                         if (validOctets[index] != incomingOctets[index])
  55.                         {
  56.                             matches = false;
  57.                             break; //Break out of loop
  58.                         }
  59.                     }
  60.                 }
  61.  
  62.                 if (matches)
  63.                 {
  64.                     return true;
  65.                 }
  66.             }
  67.  
  68.             //Found no matches
  69.             return false;
  70.         }

As you saw, it's an attribute that you can use it in web API.


Tags: Asp.Net Web API


comments powered by Disqus