Thank you to our sponsors who keep this newsletter free:
Transform your .NET development skills with our cutting-edge clean architecture course! Join over 1000+ satisfied developers worldwide who have elevated their expertise.
Uncover the secrets of building robust and scalable applications. Crafted by Milan Jovanovic, a seasoned expert with a proven track record in guiding developers to success. Sign up here!
Discount code at the end of newsletter.
About today’s newsletter :
In today’s newsletter we are going to discuss:
What is client IP safe list technique
Benefits
At which level we should implement it
Two ways to achieve it in .NET API
Coding implementation of both ways
What is client IP safe list technique
In this technique we track every request coming to our API and check its IP address, then we check list of our safe IP lists, if it exists in that list we allow it otherwise we don’t allow it to move on relevant controller.
Benefits of white listing IPs
This technique comes under security concerns, following are the benefits :
1/ Enhanced security
2/ Reduced attack surface
3/ Prevention of unauthorized access
At which level of application we should restrict it
We can apply this restriction at three levels:
1/ Cloud level (e.g. using azure services)
2/ Network level (e.g. firewall)
3/ Application level (that we are going to do)
The more higher you can go would be more appropriate unless you have some IF/ELSE that forces you to come at low level.
Fun fact : We can apply whitelisting technique via load balancer or rate limiter as well.
Enough talking let’s dive into code implementation.
Ways to whitelist IP it in .NET API
We have two ways to achieve it:
1/ Via Middleware ( I already wrote about middlewares)
2/ Via Action Filters ( Read a previous newsletter of mine on action filters)
Before moving on let’s add list of allowed IPs in appsetting
1/ Implementing via Middleware
So let’ add the middleware, whose code looks like this
And don’t forget to register the middleware
2/ Via Action Filter
Let’s create an action filter that looks like this :
Register action filter service:
Now we can apply this filter on any method in controller and even at controller level as well.
Find code of this newsletter issue at my GitHub Repository
Whenever you’re ready, there are 2 ways I can help you
Promote yourself to 7000+ subscribers by Sponsoring my Newsletter
Download my free eBook of 30 Tips for .NET Developers with 3K+ downloads
Special Offers
Pragmatic Clean Architecture: Learn how to confidently ship well-architected production-ready apps using clean architecture. [ 10% discount with promo code MUWAS]
Ultimate ASP.NET Core Web API Second Edition - Premium Package [10% discount with promo code 9s6nuez]