By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
464,475 Members | 1,029 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 464,475 IT Pros & Developers. It's quick & easy.

Restrict page access by IP address

P: n/a
Hi,

I need to restirict access at the page level to a range of IP
addresses. What's the best approach? I thought of building an HTTP
module that could compare the requesting IP with a restricted range,
specified in web.config. Any thoughts?

Thanks,
Chris

Apr 5 '06 #1
Share this Question
Share on Google+
7 Replies

P: n/a
Use a base Page class which inherits System.Web.UI.Page, and checks the
client IP against the list in the web.config. If you want to save
processing, you can set a Session variable that indicates the IP is fine,
and only call the method if the Session variable is not present.

--
HTH,

Kevin Spencer
Microsoft MVP
Professional Numbskull

Show me your certification without works,
and I'll show my certification
*by* my works.

"Chris Fulstow" <ch**********@hotmail.com> wrote in message
news:11*********************@g10g2000cwb.googlegro ups.com...
Hi,

I need to restirict access at the page level to a range of IP
addresses. What's the best approach? I thought of building an HTTP
module that could compare the requesting IP with a restricted range,
specified in web.config. Any thoughts?

Thanks,
Chris

Apr 5 '06 #2

P: n/a
Thanks Kevin, that's a great idea. I could first check the IP in
Session_OnStart and set the Session variable, then use Page_Init to
check if the requested page is accessible. If it's not, then send an
HTTP 403 response to the browser. It might just work... :)

Apr 5 '06 #3

P: n/a
You can do it right in IIS.
In the IIS 6.0 Administrator's guide, there's complete instructions.

Open D:\WINDOWS\Help\IIS.chm

and search for "IP addresses, controlling access to applications"

Securing Sites with IP Address Restrictions

You can configure your Web site to grant or deny specific computers,
groups of computers, or domains access to Web sites, directories, or files.

IP address restrictions apply only to IPv4 addresses.

Important : You must be a member of the Administrators group on the local computer to perform
the following procedure (or procedures), or you must have been delegated the appropriate authority.

To grant or deny access to a group of computers
1.. In IIS Manager, expand the local computer, right-click a Web site, directory, or file, and
click Properties.
2.. Click the Directory Security or File Security tab. In the IP address and domain name
restrictions section, click Edit.
3.. Click Granted access or Denied access. When you select Denied access, you deny access to
all computers and domains, except to those that you specifically grant access. When you select
Granted access, you grant access to all computers and domains, except to those that you specifically
deny access.
4.. Click Add.
5.. Click Group of computers.
6.. In the Network ID box, type the IP address of the host computer.
7.. In the Subnet mask box, type the subnet ID for the computer you want grant or deny access to.
8.. Click OK three times.


Juan T. Llibre, asp.net MVP
aspnetfaq.com : http://www.aspnetfaq.com/
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en español : http://asp.net.do/foros/
===================================
"Chris Fulstow" <ch**********@hotmail.com> wrote in message
news:11*********************@g10g2000cwb.googlegro ups.com...
Hi,

I need to restirict access at the page level to a range of IP
addresses. What's the best approach? I thought of building an HTTP
module that could compare the requesting IP with a restricted range,
specified in web.config. Any thoughts?

Thanks,
Chris


Apr 5 '06 #4

P: n/a
Thanks Juan - it might be that I need to control access to individual
pages, but it might turn out to be the whole site, in which case I'll
definitely use this approach.

Apr 5 '06 #5

P: n/a
You're quite welcome, Chris.

It's always good to know all your options.


Juan T. Llibre, asp.net MVP
aspnetfaq.com : http://www.aspnetfaq.com/
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en español : http://asp.net.do/foros/
===================================
"Chris Fulstow" <ch**********@hotmail.com> wrote in message
news:11**********************@j33g2000cwa.googlegr oups.com...
Thanks Juan - it might be that I need to control access to individual
pages, but it might turn out to be the whole site, in which case I'll
definitely use this approach.

Apr 5 '06 #6

P: n/a
Hi I'm working with IIS 5.0 and for some odd reason a single IP address is
not being blocked even though I've denied all users except for a few IP
addresses. I was wondering if in IIS 5.0 I'm able to both grant access to a
certain group of IP addresses as well as deny access to one domain name
without having to write an ISAPI script. Or is it just a "one or the other"
option?

v/r,
reena
"Juan T. Llibre" wrote:
You're quite welcome, Chris.

It's always good to know all your options.


Juan T. Llibre, asp.net MVP
aspnetfaq.com : http://www.aspnetfaq.com/
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en español : http://asp.net.do/foros/
===================================
"Chris Fulstow" <ch**********@hotmail.com> wrote in message
news:11**********************@j33g2000cwa.googlegr oups.com...
Thanks Juan - it might be that I need to control access to individual
pages, but it might turn out to be the whole site, in which case I'll
definitely use this approach.


Apr 13 '06 #7

P: n/a
Hi,
I was reading through this and I was wondering if you could restrict page
access by domain name?

v/r,
reena

"Kevin Spencer" wrote:
Use a base Page class which inherits System.Web.UI.Page, and checks the
client IP against the list in the web.config. If you want to save
processing, you can set a Session variable that indicates the IP is fine,
and only call the method if the Session variable is not present.

--
HTH,

Kevin Spencer
Microsoft MVP
Professional Numbskull

Show me your certification without works,
and I'll show my certification
*by* my works.

"Chris Fulstow" <ch**********@hotmail.com> wrote in message
news:11*********************@g10g2000cwb.googlegro ups.com...
Hi,

I need to restirict access at the page level to a range of IP
addresses. What's the best approach? I thought of building an HTTP
module that could compare the requesting IP with a restricted range,
specified in web.config. Any thoughts?

Thanks,
Chris


Apr 13 '06 #8

This discussion thread is closed

Replies have been disabled for this discussion.