Reputation: 5529
ASP.NET MVC: how to authorize for users or client IP?
In an ASP.NET MVC application, I'd like for certain controllers to only be accessible to authorized users. AuthorizeAttribute works great for this. However, I'd also like those controllers to provide access to certain IP numbers even if the remote user is unauthorized. Should I override AuthorizeAttribute to provide this functionality, or is there a better solution?
Upvotes: 4
Views: 785
Answers (2)
Reputation: 1815
Keep in mind that if you add both the AuthorizeAttribute with users and your own ClientIPAuthorizeAttribute with the client IP's, unauthorised users within the specified IP's still won't be allowed...
This is because individual AuthorizeAttributes can't communicate with one another to do a logical OR. Subclassing is the easiest and cleanest way to achieve what you want.
Upvotes: 3
Reputation: 15663
Your instincts are correct--extending authorize attribute makes the most sense in this case.
Upvotes: 2
Related Questions
- How can I get the client's IP address in ASP.NET MVC?
- Pass different network credentials for requesting web page
- Remote authentication and local authorization in MVC5
- How to get the client ip address in asp.net mvc?
- Authenticate a user using its IP address
- MVC restrict access based on IP
- IP Based User Authorization in MVC4
- mvc authorize or authenticate
- Authorization in ASP.NET MVC
- Asp.Net MVC Authorize Options