Restrict access to a specific URL, running on IIS7 / ASP.NET
Solution 1
I found the best solution was to place an irule on our F5 load balancer.
We created a rule that the load balancer would drop all external requests for the specific directory. Internally, we could still hit the pages by connecting directly to the servers in the farm.
Solution 2
Here is how to secure specific page for specific users and only them
<configuration>
<location path="admin/somepage.aspx">
<system.web>
<authorization>
<allow users="User1,User2" />
<deny users="*" />
</authorization>
</system.web>
</location>
</configuration>
To set allowed IP you need to configure web site in IIS via IPv4 Address and Domain Restriction
where add a wildcard Deny Entry
and specif Allow Entries
.
Also you can setup all this programmatically.
frankadelic
Updated on June 04, 2022Comments
-
frankadelic almost 2 years
I am deploying a public ASP.NET website on an IIS7 web farm.
The application runs on 3 web servers and is behind a firewall.
We want to create a single page on the website that is accessible only to internal users. It is primarily used for diagnostics, trigger cache expiry, etc.
/admin/somepage.aspx
What is the best way to control access to this page? We need to:
- Prevent all external (public) users from accessing the URL.
- Permit specific internal users to access the page, only from certain IPs or networks.
Should this access control be done at the (a) network level, (b) application level, etc.?