public static bool Verify(Tenant tenant) { if (!IpSecurityEnabled) { return(true); } var httpContext = HttpContext.Current; if (httpContext == null) { return(true); } if (tenant == null || SecurityContext.CurrentAccount.ID == tenant.OwnerId) { return(true); } string requestIps = null; try { var restrictions = IPRestrictionsService.Get(tenant.TenantId).ToList(); if (!restrictions.Any()) { return(true); } if (string.IsNullOrWhiteSpace(requestIps = CurrentIpForTest)) { var request = httpContext.Request; requestIps = request.Headers["X-Forwarded-For"] ?? request.UserHostAddress; } var ips = string.IsNullOrWhiteSpace(requestIps) ? new string[] { } : requestIps.Split(new[] { ",", " " }, StringSplitOptions.RemoveEmptyEntries); if (ips.Any(requestIp => restrictions.Any(restriction => MatchIPs(GetIpWithoutPort(requestIp), restriction.Ip)))) { return(true); } if (IsMyNetwork(ips)) { return(true); } } catch (Exception ex) { Log.ErrorFormat("Can't verify request with IP-address: {0}. Tenant: {1}. Error: {2} ", requestIps ?? "", tenant, ex); return(false); } Log.InfoFormat("Restricted from IP-address: {0}. Tenant: {1}. Request to: {2}", requestIps ?? "", tenant, httpContext.Request.Url); return(false); }
public static bool Verify(Tenant tenant) { if (!IpSecurityEnabled) { return(true); } var httpContext = HttpContext.Current; if (httpContext == null) { return(true); } if (tenant == null || SecurityContext.CurrentAccount.ID == tenant.OwnerId) { return(true); } var request = httpContext.Request; var requestIps = request.Headers["X-Forwarded-For"] ?? request.UserHostAddress; //for testing var testRequestIp = ConfigurationManager.AppSettings["ipsecurity.test"]; if (!string.IsNullOrWhiteSpace(testRequestIp)) { requestIps = testRequestIp; } try { var restrictions = IPRestrictionsService.Get(tenant.TenantId).ToList(); if (!restrictions.Any()) { return(true); } var ips = string.IsNullOrWhiteSpace(requestIps) ? new string[] {} : requestIps.Split(new[] { ",", " " }, StringSplitOptions.RemoveEmptyEntries); if (ips.Select(GetIpWithoutPort) .Any(requestIp => restrictions.Any(restriction => MatchIPs(requestIp, restriction.Ip)))) { return(true); } } catch (Exception ex) { Log.Error(string.Format("Can't verify request with IP-address: {0}. Tenant: {1}. Error: {2} ", requestIps, tenant, ex)); return(false); } return(false); }
public bool Verify() { var tenant = TenantManager.GetCurrentTenant(); var settings = SettingsManager.Load <IPRestrictionsSettings>(); if (!IpSecurityEnabled) { return(true); } if (HttpContextAccessor?.HttpContext == null) { return(true); } if (tenant == null || AuthContext.CurrentAccount.ID == tenant.OwnerId) { return(true); } string requestIps = null; try { var restrictions = IPRestrictionsService.Get(tenant.TenantId).ToList(); if (!restrictions.Any()) { return(true); } if (string.IsNullOrWhiteSpace(requestIps = CurrentIpForTest)) { var request = HttpContextAccessor.HttpContext.Request; requestIps = request.Headers["X-Forwarded-For"].FirstOrDefault() ?? request.GetUserHostAddress(); } var ips = string.IsNullOrWhiteSpace(requestIps) ? new string[] { } : requestIps.Split(new[] { ",", " " }, StringSplitOptions.RemoveEmptyEntries); if (ips.Any(requestIp => restrictions.Any(restriction => MatchIPs(GetIpWithoutPort(requestIp), restriction.Ip)))) { return(true); } } catch (Exception ex) { Log.ErrorFormat("Can't verify request with IP-address: {0}. Tenant: {1}. Error: {2} ", requestIps ?? "", tenant, ex); return(false); } Log.InfoFormat("Restricted from IP-address: {0}. Tenant: {1}. Request to: {2}", requestIps ?? "", tenant, HttpContextAccessor.HttpContext.Request.GetDisplayUrl()); return(false); }
public IPSecurity( IConfiguration configuration, IHttpContextAccessor httpContextAccessor, AuthContext authContext, TenantManager tenantManager, IPRestrictionsService iPRestrictionsService, SettingsManager settingsManager, IOptionsMonitor <ILog> options) { Log = options.Get("ASC.IPSecurity"); HttpContextAccessor = httpContextAccessor; AuthContext = authContext; TenantManager = tenantManager; IPRestrictionsService = iPRestrictionsService; SettingsManager = settingsManager; CurrentIpForTest = configuration["ipsecurity:test"]; var hideSettings = (configuration["web:hide-settings"] ?? "").Split(new[] { ',', ';', ' ' }); IpSecurityEnabled = !hideSettings.Contains("IpSecurity", StringComparer.CurrentCultureIgnoreCase); }