ASPNETZERO 7.0.0, Angular, .Net Code
Question(this is not a issue ticket): We are trying to implement IP validation on each request, and wanted to know how I can extend the Authorization so validate each request based on our business logic. I thought of implementaing when they login, but as we have SPA: once user login and change their IP address and now they can access application from IP restrictrictions.
Any help would be appriciated. Thanks!
You can create an action filter to check clients ip address and return unauthorized exception with specific message. Then to let authorized users to change their ip address you can create an enpoint which is not controlled by that ip address filter. Than if any request get an unauthorized exception with ip address message you can call ip changing endpoint, and if user authorized, you can change their stoed ip address.
See an example to create action filter: https://stackoverflow.com/a/47213148 (You should store that ip addresses in db not appsettings.json)