IP based security for specific tenants/users #7739 | Support Center

razkhan78 created 5 years ago

We are trying to apply ip based access for specific tenants/users, we tried below code but it seems to be firing for each request on system.

app.Use(async (context, next) => { var test = context.Request.Path; IocManager.Instance.Using<TenantManager>(async tenantManager => { if (!tenantManager.ValidateIPAddress()) { throw new AbpAuthorizationException(); } });

            await next.Invoke();
        });

Is there any other better approach available? or can we override AbpMVCAuthorize?

5 Answer(s)

0

musa.demir created 5 years ago

What is your ValidateIPAddress method code inside? Do you do ip restriction for the whole project or only for specific endpoints? If the user has ip authorization, will the application check the normal permissions or bypass it and authorize user?
0

razkhan78 created 5 years ago

"What is your ValidateIPAddress method code inside?" ==>It checks allowed IP address for user if that user is flagged to validate.

Do you do ip restriction for the whole project or only for specific endpoints? ==>Whole

If the user has ip authorization, will the application check the normal permissions or bypass it and authorize user? ==>It will check rest permissions as it is but first we want to validate IPaddress.

musa.demir created 5 years ago

You can create an AuthorizationFilter like

  public class AbpMvcIpBasedAuthFilter : IAsyncAuthorizationFilter, ITransientDependency
    {    
        public async Task OnAuthorizationAsync(AuthorizationFilterContext context)
        {
           //control if this request needs to be authorized
            if (!ThisRequestNeedsToBeAuthorized(context)){
                    return;
            }
            
            //this request needs to be authorized, control ip
            try
            {
                //do your logic in here
                //throw new AbpAuthorizationException("Your message");
            }
            catch (Exception ex)
            {
                Logger.Error(ex.ToString(), ex);

                _eventBus.Trigger(this, new AbpHandledExceptionData(ex));

                if (ActionResultHelper.IsObjectResult(context.ActionDescriptor.GetMethodInfo().ReturnType))
                {
                    context.Result = new ObjectResult(new AjaxResponse(_errorInfoBuilder.BuildForException(ex)))
                    {
                        StatusCode = context.HttpContext.User.Identity.IsAuthenticated
                            ? (int)System.Net.HttpStatusCode.Forbidden
                            : (int)System.Net.HttpStatusCode.Unauthorized
                    };
                }
                else
                {
                    context.Result = new StatusCodeResult((int)System.Net.HttpStatusCode.InternalServerError);
                }
            }
        }
    }

And add it to Mvc filter Startup.cs

...
services.Configure<MvcOptions>(mvcOptions =>
{
    mvcOptions.Filters.AddService(typeof(AbpMvcIpBasedAuthFilter));
});

return services.AddAbp<AbpZeroTemplateWebMvcModule>(options =>
...

To fill ThisRequestNeedsToBeAuthorizedfunction: check this: AbpAuthorizationFilter.cs and this: AuthorizationHelper.cs

0

musa.demir created 5 years ago

You can also check: https://docs.microsoft.com/tr-tr/aspnet/core/mvc/controllers/filters?view=aspnetcore-2.2
0

ismcagdas created 4 years ago
Support Team

This issue is closed because it has not had recent activity for a long time.

Have an answer to this question? Log in and write your answer.