Page 1/2 of IP filtering for websites in ASP. NET

1. Requirement Analysis

Through in-depth communication, the improvement requirements of the power plant for Enterprise Website user access control are confirmed. The general situation is as follows:

A) The website is implemented based on ASP. net2.0 and cannot be modified.Program

B) in-plant users can directly access all pages of the entire site, and employees do not need authentication.

C. users outside the factory can only access the specified page

Obviously, they add an IP address filtering function for enterprise websites to deny access to some sensitive pages by users outside the factory. First, we need to set an IP address list and a URL list. The former includes all the IP addresses in the factory, and the latter includes all the URLs accessible to users outside the factory. The two lists are maintained; another core issue is that we need to choose a reasonable way to integrate the developed functional modules into the enterprise website. It is incumbent on httpmodules.

In ASP. net Era, after IIS receives the request and schedules it to aspnet_isapi.dll, Asp. the net engine starts to initialize the configured HTTP module (httpmodules) one by one, and then calls the correct HTTP processing program and presents the requested resources, finally, return the generated tag to IIS and the request client, as shown in ).

IIS and ASP. NET are processing requests

For more information about httpmodules, see.

2. solution design

2.1. Development Environment

Programming Language: C #2.0.

Development Tool: Visual Studio. net2008

Operating System: Windows2003 r2

2.2. Outline Design

The core idea of using httpmodules to implement the IP filtering function is to customize an httpmodule to capture each user request, and then obtain the relevant user IP address and the requested URL for logical judgment, redirect unauthorized requests to an error prompt page. The logic for determining whether an HTTP request is authorized is:

1) checks whether the request is from a local computer. If yes, the request is automatically ignored; otherwise, the request continues;

2) check whether the user's IP address belongs to the Intranet (IP address list). If yes, ignore it; otherwise, continue;

3) if the requested URL authorizes all users to access it, ignore it; otherwise, continue;

4) redirect requests to the error prompt page.

You can add a Custom Handler to the beginrequest event of httpapplication to complete HTTP request capturing. In addition, to facilitate maintenance, we should store the parameters (IP address list, URL list, error prompt page path, and so on) required for running the program in a specific xml configuration file. To improve efficiency, we also need to cache the configuration file in memory and match the IP address and URL.AlgorithmPerform proper optimization.