Open in app

Sign up

Sign in

Write

Sign up

Sign in

codeburst

Bursts of code to power through your day. Web Development articles, tutorials, and news.

Follow publication

Member-only story

Implementing and Testing IP SafeLists in ASP.NET Core

Changhui Xu
codeburst
Published in
6 min readMar 14, 2021

We sometimes want to limit our application to only certain IP addresses or IP network ranges. For example, during beta testing, we prefer to only allow admins and preselected testers to access the new website. Besides blocking the whole application, we sometimes want to expose most APIs in an application but restrict a few API endpoints to a confined network so that sensitive data won’t be scrapped.

IP restrictions can be done at several levels to achieve security goals. As developers, we can properly guard our applications and API endpoints in the code so that they are available to trusted network addresses. The official tutorial, Client IP safelist for ASP.NET Core, has documented different ways to implement an IP address safelist (a.k.a., an allow list) in an ASP.NET Core app. Unfortunately, the official tutorial doesn’t cover the configuration of CIDR blocks.

In this article, we will go over some implementation details for allowing a list of IP addresses and CIDR blocks to access our API endpoints. We will create a middleware and an action filter. Each of them can be used in the request pipeline to bounce back requests if the remote IP address is not in the configured network range. We will write integration tests to verify the functionalities of the middleware or the action filter. In the end, I will show you how to use ngrok (https://ngrok.com/) to test the application from another computer other than our dev machine.

The full solution can be found in my GitHub repository. Now let’s dive in.

Implementation

We are not going to steal the thunder from the official tutorial in Microsoft Docs. We only want to improve the code a little bit by handling CIDR blocks because CIDR blocks are commonly being used to configure IP safelists.

In this solution, we will use a NuGet package IPNetwork2 to parse IP addresses and CIDR blocks in a configuration file. This NuGet package enables developers to easily take care of the complex network, IP, IPv4, IPv6, netmask, CIDR, subnet, subnetting, supernet, and supernetting calculations. It’s worth noting that the…

Create an account to read the full story.

The author made this story available to Medium members only.
If you’re new to Medium, create a new account to read this story on us.

Continue in app
Or, continue in mobile web

Already have an account? Sign in

codeburst
codeburst
Follow

Published in codeburst

105K Followers
Last published May 19, 2021

Bursts of code to power through your day. Web Development articles, tutorials, and news.

Follow
Changhui Xu
Changhui Xu
Subscribe

Written by Changhui Xu

1.4K Followers
43 Following

Lead Application Developer. MBA. I write blogs about .NET, Angular, JavaScript/TypeScript, Docker, AWS, DDD, and many others.

Subscribe

Write a response

What are your thoughts?

See all from Changhui Xu
See all from codeburst
See more recommendations

Help

Status

About

Careers

Press

Blog

Privacy

Rules

Terms

Text to speech