public static bool Verify(Tenant tenant)
{
if (!IpSecurityEnabled)
{
return(true);
}
var httpContext = HttpContext.Current;
if (httpContext == null)
{
return(true);
}
if (tenant == null || SecurityContext.CurrentAccount.ID == tenant.OwnerId)
{
return(true);
}
string requestIps = null;
try
{
var restrictions = IPRestrictionsService.Get(tenant.TenantId).ToList();
if (!restrictions.Any())
{
return(true);
}
if (string.IsNullOrWhiteSpace(requestIps = CurrentIpForTest))
{
var request = httpContext.Request;
requestIps = request.Headers["X-Forwarded-For"] ?? request.UserHostAddress;
}
var ips = string.IsNullOrWhiteSpace(requestIps)
? new string[] { }
: requestIps.Split(new[] { ",", " " }, StringSplitOptions.RemoveEmptyEntries);
if (ips.Any(requestIp => restrictions.Any(restriction => MatchIPs(GetIpWithoutPort(requestIp), restriction.Ip))))
{
return(true);
}
if (IsMyNetwork(ips))
{
return(true);
}
}
catch (Exception ex)
{
Log.ErrorFormat("Can't verify request with IP-address: {0}. Tenant: {1}. Error: {2} ", requestIps ?? "", tenant, ex);
return(false);
}
Log.InfoFormat("Restricted from IP-address: {0}. Tenant: {1}. Request to: {2}", requestIps ?? "", tenant, httpContext.Request.Url);
return(false);
}
public static bool Verify(Tenant tenant)
{
if (!IpSecurityEnabled)
{
return(true);
}
var httpContext = HttpContext.Current;
if (httpContext == null)
{
return(true);
}
if (tenant == null || SecurityContext.CurrentAccount.ID == tenant.OwnerId)
{
return(true);
}
var request = httpContext.Request;
var requestIps = request.Headers["X-Forwarded-For"] ?? request.UserHostAddress;
//for testing
var testRequestIp = ConfigurationManager.AppSettings["ipsecurity.test"];
if (!string.IsNullOrWhiteSpace(testRequestIp))
{
requestIps = testRequestIp;
}
try
{
var restrictions = IPRestrictionsService.Get(tenant.TenantId).ToList();
if (!restrictions.Any())
{
return(true);
}
var ips = string.IsNullOrWhiteSpace(requestIps)
? new string[] {}
: requestIps.Split(new[] { ",", " " }, StringSplitOptions.RemoveEmptyEntries);
if (ips.Select(GetIpWithoutPort)
.Any(requestIp => restrictions.Any(restriction => MatchIPs(requestIp, restriction.Ip))))
{
return(true);
}
}
catch (Exception ex)
{
Log.Error(string.Format("Can't verify request with IP-address: {0}. Tenant: {1}. Error: {2} ", requestIps, tenant, ex));
return(false);
}
return(false);
}
public bool Verify()
{
var tenant = TenantManager.GetCurrentTenant();
var settings = SettingsManager.Load <IPRestrictionsSettings>();
if (!IpSecurityEnabled)
{
return(true);
}
if (HttpContextAccessor?.HttpContext == null)
{
return(true);
}
if (tenant == null || AuthContext.CurrentAccount.ID == tenant.OwnerId)
{
return(true);
}
string requestIps = null;
try
{
var restrictions = IPRestrictionsService.Get(tenant.TenantId).ToList();
if (!restrictions.Any())
{
return(true);
}
if (string.IsNullOrWhiteSpace(requestIps = CurrentIpForTest))
{
var request = HttpContextAccessor.HttpContext.Request;
requestIps = request.Headers["X-Forwarded-For"].FirstOrDefault() ?? request.GetUserHostAddress();
}
var ips = string.IsNullOrWhiteSpace(requestIps)
? new string[] { }
: requestIps.Split(new[] { ",", " " }, StringSplitOptions.RemoveEmptyEntries);
if (ips.Any(requestIp => restrictions.Any(restriction => MatchIPs(GetIpWithoutPort(requestIp), restriction.Ip))))
{
return(true);
}
}
catch (Exception ex)
{
Log.ErrorFormat("Can't verify request with IP-address: {0}. Tenant: {1}. Error: {2} ", requestIps ?? "", tenant, ex);
return(false);
}
Log.InfoFormat("Restricted from IP-address: {0}. Tenant: {1}. Request to: {2}", requestIps ?? "", tenant, HttpContextAccessor.HttpContext.Request.GetDisplayUrl());
return(false);
}
public IPSecurity(
IConfiguration configuration,
IHttpContextAccessor httpContextAccessor,
AuthContext authContext,
TenantManager tenantManager,
IPRestrictionsService iPRestrictionsService,
SettingsManager settingsManager,
IOptionsMonitor <ILog> options)
{
Log = options.Get("ASC.IPSecurity");
HttpContextAccessor = httpContextAccessor;
AuthContext = authContext;
TenantManager = tenantManager;
IPRestrictionsService = iPRestrictionsService;
SettingsManager = settingsManager;
CurrentIpForTest = configuration["ipsecurity:test"];
var hideSettings = (configuration["web:hide-settings"] ?? "").Split(new[] { ',', ';', ' ' });
IpSecurityEnabled = !hideSettings.Contains("IpSecurity", StringComparer.CurrentCultureIgnoreCase);
}
