Skip to content

Instantly share code, notes, and snippets.

@poychang
Last active August 15, 2018 06:41
Show Gist options
  • Save poychang/60570f178dfb1e4566b45b5b83589b01 to your computer and use it in GitHub Desktop.
Save poychang/60570f178dfb1e4566b45b5b83589b01 to your computer and use it in GitHub Desktop.
[ASP.NET Core Middleware 限制未授權的 API 呼叫] 只允許特定 IP 區段才能呼叫API #dotnet
using System.Threading.Tasks;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Http;
namespace DemoApp.Middleware
{
/// <summary>權限驗證中介程序</summary>
public class AuthorizedMiddleware
{
private readonly RequestDelegate _next;
/// <summary>建構式</summary>
public AuthorizedMiddleware(RequestDelegate next)
{
_next = next;
}
/// <summary>任務調用</summary>
/// <remarks></remarks>
public async Task Invoke(HttpContext context)
{
if (context.Request.Path.StartsWithSegments("/api") // 網址是 /api 開頭
&& !context.Connection.RemoteIpAddress.ToString().StartsWith("172.16")) // 客戶端使用內部 IP
{
context.Response.StatusCode = StatusCodes.Status401Unauthorized;
return;
}
await _next.Invoke(context);
}
}
/// <summary>權限驗證中介程序的擴充方法</summary>
public static class MyAuthorizeExtensions
{
/// <summary>驗證呼叫 API 的條件</summary>
/// <param name="builder">中介程序建構器</param>
public static IApplicationBuilder UseAuthorized(this IApplicationBuilder builder)
{
return builder.UseMiddleware<AuthorizedMiddleware>();
}
}
}
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Logging;
using DemoApp.Middleware;
namespace DemoApp
{
public class Startup
{
public Startup(IHostingEnvironment env)
{
var builder = new ConfigurationBuilder()
.SetBasePath(env.ContentRootPath)
.AddJsonFile("appsettings.json", optional: false, reloadOnChange: true)
.AddJsonFile($"appsettings.{env.EnvironmentName}.json", optional: true)
.AddEnvironmentVariables();
Configuration = builder.Build();
}
public IConfigurationRoot Configuration { get; }
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
// Add framework services.
services.AddMvc();
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
loggerFactory.AddConsole(Configuration.GetSection("Logging"));
loggerFactory.AddDebug();
// 限制未授權的 API 呼叫
app.UseAuthorized();
app.UseMvc();
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment