Attention: We are retiring the ASP.NET Community Blogs. Learn more >

Restrict IP Address ASP.NET Core Web API

There are several ways to restrict access to a Web server based on the requestor’s IP address.  We can do that from IIS or using inbound Firewall rules. But If you want to restrict access to one of the application deployed in the server based on the IP Address then you have to achieve that programmatically.  In this post, i will guide you on how to restrict IP address in ASP.NET Core

Lets start with basic concepts

Whitelist vs Blacklist

To provide access or deny, we have to get the IP Address of the incoming request. We need to verify that against a list.  When I say list, you can use this list to grant or deny access.  This is called as IP Whitelisting and Blacklisting respectively.

  • Whitelisting – Allow traffic only to known addresses
  • Blacklisting – Deny traffic to known addresses

For this example, I am going to use a whitelist of IP Address and use middleware to provide access only the IP Address i have configured.  I have the list of IP Address stored in an array format inside “ApplicationOptions” in  the appsettings.json. Alternatively, we can use a table driven approach which allows the admin add update entries easily.

Please check the following link for more details.  It includes code snippets and sample project

https://www.blogofpi.com/restrict-ip-address-asp-net-core-web-api/

 

No Comments