2

What is the best practice to protect access to public ASP .NET MVC application in development phase? I would like to testing the application but deny access for public.

Petr
  • 1,193
  • 1
  • 15
  • 27
  • This might be applicable http://stackoverflow.com/questions/4729197/asp-net-mvc-easy-way-to-temporarily-require-authorisation-for-whole-site-excep –  Apr 19 '15 at 11:18

1 Answers1

1

The <ipSecurity> element of the web.config was introduced in IIS 7.0.

Here's how you can deny all, but allow specific IPs or networks through.

<security>
    <ipSecurity allowUnlisted="false">    <!-- this line blocks everybody, except those listed below -->                
        <clear/> <!-- removes all upstream restrictions -->
        <add ipAddress="127.0.0.1" allowed="true"/>    <!-- allow requests from the local machine -->
        <add ipAddress="83.116.19.53" allowed="true"/>   <!-- allow the specific IP of 83.116.19.53  -->                
        <add ipAddress="83.116.119.0" subnetMask="255.255.255.0" allowed="true"/>   <!--allow network 83.116.119.0 to 83.116.119.255-->                
        <add ipAddress="83.116.0.0" subnetMask="255.255.0.0" allowed="true"/>   <!--allow network 83.116.0.0 to 83.116.255.255-->                
        <add ipAddress="83.0.0.0" subnetMask="255.0.0.0" allowed="true"/>   <!--allow entire /8 network of 83.0.0.0 to 83.255.255.255-->                
    </ipSecurity>
</security>
QFDev
  • 8,668
  • 14
  • 58
  • 85
  • Ok. And if I need allow access from VS on my local machine? – Petr Apr 19 '15 at 21:52
  • No problem. As long as you have 127.0.0.1 listed you will have localhost access. You could also use a Web.Config transform to add this block on-publish. – QFDev Apr 20 '15 at 11:23