ASP.Net How to limit access to a particular IP address to a particular page through web.config file (.htaccess similar)?

Question

The project I'm working on contains three folder under "Views" folder: Home, Shared, and Data folders.

What can I add to my web.config file to deny everyone access except people with IP address xxx.x.xx.xx?

Essentially, what would be the equivalent of placing a .htaccess file inside the "Data" folder under views with the code:

order deny,allow
deny from all
allow from xxx.x.xx.xx

Is there a way to do this without active directory?

score 2 · Accepted Answer · edited May 23 '17 at 12:14

2

On IIS7 use IPSecurity to restrict by IP address:

<system.webServer>
  <security>
    <ipSecurity allowUnlisted="false">          
       <clear/>
       <add ipAddress="xxx.x.xx.xx" allowed="true"/>  
    </ipSecurity>
  </security>

https://www.iis.net/configreference/system.webserver/security/ipsecurity

Similar topics: Best way to restrict access by IP address?, Internal Server Error with web.config ipSecurity, http://www.victor-ratajczyk.com/post/2011/12/21/Webconfig-ipSecurity-Allow-specific-IP-addresses-Deny-all-others.aspx

edited May 23 '17 at 12:14

Community

1
1

answered Jul 29 '16 at 21:45

user2316116

6,726
1
21
35

What if I want to allow specific range of IP address only – Prakash Mhasavekar Jun 24 '19 at 11:51
2

@Prakash You can provide a subnetMask. – Larry Flewwelling Dec 29 '20 at 23:00

ASP.Net How to limit access to a particular IP address to a particular page through web.config file (.htaccess similar)?

1 Answers1

Linked