示例#1
0
        /// <summary>
        /// Return a list of ranges that contain invalid ranges
        /// </summary>
        /// <returns>List of errored ranges</returns>
        public IEnumerable <string> InitIpAccessControl(IpAccessControl rule)
        {
            var errors = new List <string>();

            foreach (var exception in rule.Exceptions)
            {
                var ipAddressRange = exception.IpAddressType == IpAccessControl.IpAddressType.Single
                    ? exception.FromIpAddress
                    : $"{exception.FromIpAddress}-{exception.ToIpAddress}";


                if (!IPAddressRange.TryParse(ipAddressRange, out var range))
                {
                    errors.Add(ipAddressRange);
                }
                range.Begin     = range.Begin.MapToIPv6();
                range.End       = range.End.MapToIPv6();
                exception.Range = range;
            }
            return(errors);
        }
示例#2
0
        /// <summary>
        /// States whether a specific ip address is valid within the rules of client access control
        /// </summary>
        /// <param name="rule"></param>
        /// <param name="ipAddress"></param>
        /// <returns></returns>
        public bool IsValid(IpAccessControl rule, string ipAddress)
        {
            IPAddressRange clientRange;

            if (ipAddress.Equals(IPAddress.IPv6Loopback.ToString()))
            {
                clientRange = new IPAddressRange(IPAddress.Loopback);
            }
            else if (!IPAddressRange.TryParse(ipAddress, out clientRange))
            {
                return(false);
            }

            var ip6 = clientRange.Begin.MapToIPv6();

            if (rule.Exceptions.Where(x => x.Range != null).Any(exception => exception.Range.Contains(ip6)))
            {
                return(rule.AccessType != IpAccessControl.AccessTypes.AllowAll);
            }
            return(rule.AccessType == IpAccessControl.AccessTypes.AllowAll);
        }
示例#3
0
        /// <summary>
        /// States whether a specific ip address is valid within the rules of client access control
        /// </summary>
        /// <param name="rule">The Ip Access Control to determine whether to grant access or not</param>
        /// <param name="request">The current HttpContext Request</param>
        /// <returns></returns>
        public bool IsValid(IpAccessControl rule, HttpRequest request)
        {
            var ips = new List <IPAddress>();

            if (Configuration.IpAddressValidation.CheckUserHostAddress)
            {
                ips.Add(GetIpAddressRange(request.UserHostAddress).Begin.MapToIPv6());
            }

            foreach (var requestHeader in Configuration.IpAddressValidation.RequestHeaders)
            {
                var headerValue = request.Headers[requestHeader];

                if (string.IsNullOrEmpty(headerValue))
                {
                    continue;
                }

                var headerIps = headerValue.Split(new [] { ',' }, StringSplitOptions.RemoveEmptyEntries);

                foreach (var headerIp in headerIps)
                {
                    var clientRange = GetIpAddressRange(headerIp);

                    if (clientRange != null)
                    {
                        ips.Add(clientRange.Begin.MapToIPv6());
                    }
                }
            }

            if (rule.Exceptions.Where(x => x.Range != null).Any(exception => exception.Range.Contains(ips)))
            {
                return(rule.AccessType != IpAccessControl.AccessTypes.AllowAll);
            }

            return(rule.AccessType == IpAccessControl.AccessTypes.AllowAll);
        }