Restrict access to a specific URL, running on IIS7 / ASP.NET

asp.net security authentication iis-7
12,591

Solution 1

I found the best solution was to place an irule on our F5 load balancer.

We created a rule that the load balancer would drop all external requests for the specific directory. Internally, we could still hit the pages by connecting directly to the servers in the farm.

Solution 2

Here is how to secure specific page for specific users and only them

<configuration>
    <location path="admin/somepage.aspx">
        <system.web>
            <authorization>
                <allow users="User1,User2" />
                <deny users="*" />
            </authorization>
        </system.web>
    </location>
</configuration>

To set allowed IP you need to configure web site in IIS via IPv4 Address and Domain Restriction where add a wildcard Deny Entry and specif Allow Entries.

Also you can setup all this programmatically.

Share:
12,591
frankadelic
Author by

frankadelic

Updated on June 04, 2022

Comments

  • frankadelic
    frankadelic almost 2 years

    I am deploying a public ASP.NET website on an IIS7 web farm.

    The application runs on 3 web servers and is behind a firewall.

    We want to create a single page on the website that is accessible only to internal users. It is primarily used for diagnostics, trigger cache expiry, etc.

    /admin/somepage.aspx

    What is the best way to control access to this page? We need to:

    1. Prevent all external (public) users from accessing the URL.
    2. Permit specific internal users to access the page, only from certain IPs or networks.

    Should this access control be done at the (a) network level, (b) application level, etc.?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

IIS7 is not propagating authorization to subdirectories
ASP.NET Core using custom authenticationhandler with cookieauthentication
ASP.Net Authentication using <credentials> in web.config
Why does my ASP.NET 4.0 web service fail with a compliation error with NetworkService but succeed with LocalSystem
The trust relationship between the primary domain and the trusted domain failed
ASP.net user account permissions in IIS 7 on Windows 2008 server
HRESULT: 0x800A03EC - It works on my machine issue when creating Excel files
IIS Returning Old User Names to my application
How do I protect static files with ASP.NET form authentication on IIS 7.5?
X-Frame-Options Allow-From multiple domains