A government system in a recent project requires configurable IP address access control. Now we have to meet this requirement.
In the previous article, ihttphandlerfactory was used to verify user experience. This time, httpmodule was used to detect users earlier.
How to better determine whether the IP address is in the permitted or prohibited list? Based on the current IPv4 address, simply determine the four-digit fields of the IP address separately. In this way, you can also set the IP address segments in batches.
The system saves the configuration to the database. The database design is as follows:
Next, you can write the httpmodule as follows:
Public class iphttpmodule: ihttpmodule {# region ihttpmodule member public void dispose () {} public void Init (httpapplication context) {context. beginrequest + = new eventhandler (context_beginrequest);} # endregion // <summary> /// prompt message // </Summary> const string errorhtml = @ "<! Doctype HTML public ""-// W3C // dtd html 4.01 transitional // en ""> <HTML>
The following is the judgment code:
/// <Summary> /// check whether the IP address has the permission to access the system. /// </Summary> /// <Param name = "ip"> </param>/ // <returns> </returns> Public static bool checkpermisssion (string IP) {bool isallow = true; string [] tempipsection = IP. split ('. '); int [] ipsection = new int [] {Int. parse (tempipsection [0]), Int. parse (tempipsection [1]), Int. parse (tempipsection [2]), Int. parse (tempipsection [3])}; List <base_ip> iplist = getlist (null); // ip permitted list List <base_ip> ipallowlist = iplist. findall (delegate (base_ip ipmodel) {return ipmodel. iptype = 1 ;}); foreach (base_ip ipmodel in ipallowlist) {If (checkpermisssion (ipsection, ipmodel) {isallow = true; break ;} else {isallow = false ;}} if (! Isallow) return isallow; // list of IP prohibited lists <base_ip> ipnotallowlist = iplist. findall (delegate (base_ip ipmodel) {return ipmodel. iptype = 2 ;}); foreach (base_ip ipmodel in ipnotallowlist) {If (checkpermisssion (ipsection, ipmodel) {isallow = false; break ;}} return isallow ;} /// <summary> /// determine whether the content is included. /// </Summary> /// <Param name = "ip"> </param> /// <Param name = "ipmodel"> </param> // <returns> </returns> Private Static bool checkpermisssion (INT [] ipsection, base_ip ipmodel) {If (ipsection [0] <ipmodel. onefrom | ipsection [0]> ipmodel. oneend) return false; If (ipsection [1] <ipmodel. twofrom | ipsection [1]> ipmodel. twoend) return false; If (ipsection [2] <ipmodel. threefrom | ipsection [2]> ipmodel. threeend) return false; If (ipsection [3] <ipmodel. fourfrom | ipsection [3]> ipmodel. fourend) return false; return true ;}
The code is actually very simple and will not be detailed.
Below are also a few system diagrams.
Add IP Configuration:
Configuration list:
When access is restricted, the system returns the following:
Configure the httpmodules node in Web. config,
<add name="ipconfig" type="HttpModule.IPHttpModule,HttpModule"/>
Because the user needs to check every time he accesses the system, the configuration in the database is queried every time. In the system, data access is implemented through hxj. data. You can reduce the pressure on the database by configuring the cache configuration of hxj. Data.