ASP.NET MVC: how to allow users or client IP?

Question

ASP.NET MVC: how to allow users or client IP?

In an ASP.NET MVC application, I would like certain controllers to be available only to authorized users. AuthorizeAttribute is great for this. However, I would also like these controllers to provide access to specific IP numbers, even if the remote user is unauthorized. Should I override AuthorizeAttribute to provide this function or is there a better solution?

+4

asp.net-mvc

royco 15 sept. '09 at 18:25

source share

2 answers

Keep in mind that if you add both AuthorizeAttribute with users and your own ClientIPAuthorizeAttribute with the client IP address, unauthorized users at the specified IP address will not be allowed ...

This is because individual AuthorizeAttribute cannot communicate with each other to make a logical OR . Subclassification is the easiest and cleanest way to achieve what you want.

+3

Ronald 15 sept. '09 at 20:39

source share

Wyatt barnett · Accepted Answer · 2009-09-15T18:48:38+0000

Your instincts are correct - the extension of the authorization attribute makes the most sense in this case.

ASP.NET MVC: how to allow users or client IP?

More articles: