Base solution for your next web application
Open Closed

Checking for IP address on all API calls #5738

User avatar
1
vladsd created

We have a white list of IP addresses, all other should be blocked.

Is there one place we can check against that list on ALL API calls to web service?

Thanks.

Go to accepted answer
7 Answer(s)
  • User Avatar
    0
    maliming created
    Support Team

    I suggest you register a net core middleware, this is the highest priority.

  • User Avatar
    0
    aaron created
    Support Team
  • User Avatar
    0
    vladsd created

    For all users, anonymous user and registered, I need to intercept all API calls and check against IP list in tenant table. The solutions above do not provide for it.

    Putting TenantManager reference in Startup causes issues InvalidOperationException: Unable to resolve service for type 'MyProject.MultiTenancy.TenantManager' while attempting to activate 'MyProject.Web.Startup.Startup'.

    //https://docs.microsoft.com/en-us/aspnet/core/fundamentals/middleware/?view=aspnetcore-2.1

               app.Use(async (context, next) =>
           {
               // Do work that doesn't write to the Response.
               if(! await _tenantManager.ValidateIPAddress())
               {
                   throw new AbpAuthorizationException();
               }

               await next.Invoke();
           });
  • User Avatar
    0
    ryancyq created
    Support Team

    you can inject TenantManager and use in Intercept()

    example from the SO post:

    internal class ClientIpAuthorizationInterceptor : IInterceptor
{
    private readonly IClientInfoProvider _clientInfoProvider;
    private readonly ITenantManager _tenantManager;

    public ClientIpAuthorizationInterceptor(
        IClientInfoProvider clientInfoProvider,
        ITenantManager tenantManager
    )
    {
        _clientInfoProvider = clientInfoProvider;
        _tenanrManager = tenantManager;
    }

    public void Intercept(IInvocation invocation)
    {
        //more code

        //modify the following to check IP addresses from TenantManager
        if (clientIpAuthorizeAttribute != null &&
            clientIpAuthorizeAttribute.AllowedIpAddress != _clientInfoProvider.ClientIpAddress)
        {
            throw new AbpAuthorizationException();
        }

        invocation.Proceed();
    }
}

    Do note that by reading ip addresses from tenant manager will impact the performance as this interception is triggerred for every web request.

  • User Avatar
    0
    vladsd created

    @ryancyq sorry, it still does not solve my issue as I need IP check on all calls, now I need to add ClientIpAuthorize to all API calls! What about abp framework, I cannot access those like one for GetAll, etc.

  • User Avatar
    0
    aaron created
    Support Team 
    app.Use(async (context, next) =>
{
    IocManager.Instance.Using<TenantManager>(async tenantManager =>
    {
        if (!await _tenantManager.ValidateIPAddress())
        {
            throw new AbpAuthorizationException();
        }
    });

    await next.Invoke();
});
  • User Avatar
    0
    vladsd created

    Better solution is to override AuthorizationHelper -> AuthorizeAsync method and check there

Assignee
No one
Labels
Non yet