I've developed a RestService through C# that gets the petition in this way:
{server}/user/{action}
{server}/auth/{action}
...
I don't want people to access directly to the webservice, instead it's just the web server who has to access. I have successfully achieved this denying every IP except the webserver, but I realized now that there's a part of the site that should actually have public access.
EDIT: What I've done to deny every petition is the use of the feature "IPv4 Address and Domain Restrictions" from IIS, denying access to unspecified clients in the settings and finally adding just one allow entry to the ip I of the web server
So, what I want is to keep the actual behaviour, except for the case of pages like:
{server}/admin/{action}
How can I achieve this?
Thanks!
Related
I have implemented a "User Registration" functionality using "CreateUserWizard" control in ASP.NET C#. When user is registered successfully, he receives an email. I used template file which reflects username and password along with redirected URL. As below:
http://myinternaldomain.xyz.com?changepassword.aspx?uname=abc&pwd=blahblah
Now, my issue is - the application should be accessible from outside domain firewall too. and external URL is something like http://myexternaldomain.xyz.com?changepassword.aspx?uname=abc&pwd=blahblah
Now, I have one template file and two URLs.
I am trying to develop a workaround to create another template file containing my external domain URL. But as of now there is no luck.
Can anybody advise is there any way to provide such template file so that both users (either internal or external) will get to see email with the respective URL?
Anyway you need one "universal" domain, because even if you can detect if current request was local or remote (outside domain firewall) and use one of two your templates later your url will be incorrect if user will change his/her location. So I would use myexternaldomain.xyz.com and just resolve it to your local webserver IP from your local network. If you have domain firewall then you probably have local DNS server. Or maybe there is way you can setup firewall rule so your traffic for myexternaldomain.xyz.com will be transferred to your local server, I'm not sure. Both tasks are administration-related though.
My domain is WWW.Bank.com which is configured to Bank folder.
I want to access same folder by demo.Bank.com/user.Bank.com/anything.Bank.com i.e I don't want to create new sub folder in my root.
If I give URL like demo.Bank.com then internal pages should be demo.Bank.com/folder 1/home.asp x likewise..
Please help. If anyone have any dummy code then please share.
This goes beyond ASP.NET in the core of the DNS.
You need to have control of the DNS zone of your 'bank.com' domain. If your DNS provider has a web-service for adding, deleting and updating DNS A and CNAME records, you could do that, but that's very unusual thing to do. Then again, you need to bind each domain name in the IIS website if you do not have a dedicated IP for such purposes.
Blogging websites are a good example for this, they usually host blogs on blogname.blogsite.com, such as alice.blogsite.com or bob.blogsite.com and as they usually have huge amount of different blogs, they resort to a single DNS record to take care of all of them.
That's called wildcard DNS and is what you need. Add one DNS record called *.yourdomain.com and point it to a dedicated IP address. That will work for any subdomain name combination, even the ones you don't want and where no content will exist (you're still going to be able to handle 404's). Then, on the server, add that IP address as a secondary network address. In the IIS bind your website to that IP address without Host Header (domain name) constraint, so it would receive all requests for that IP, regardless of domain name.
Finally, in your ASP.net code fetch Request.Url.Host and you're going to get your subdomain as it was typed by the user.
(You can also go with a single IP address, but then no other websites must exist on the server.)
I want to develop sub domain feature using ASP.NET to work like how it happens here
when you sign up
you create a user name say "ann"
on sign up on "www.domainName.com"
you will get a subdomain "www.ann.domainName.com"
This approach will solve the issue
First, establish a wildcard DNS domain (*) for your site's IP address. That will allow anystring.yourdomain.com to resolve correctly.
Configure IIS to bind to a dedicated IP address, but not to rely on host headers (have an empty host header). That will cause all HTTP requests for the bound IP to be directed to your site.
Have an HttpModule that looks at the incoming domain (in HttpContext), and rejects it if it's not valid. You might consider setting a cookie or ticket or something like that, to avoid the need to do a DB lookup for each request in order to validate it.
I have an application that sends an email to a user so that they may access a web form. In the email there is just a link to the start page of this form. Currently, I have the value for the form location hardcoded. Once the app is deployed I know it is in inetpub/wwwroot/appName, which results in a URL of serverip:appPort/appName.
What is the C# to get the serverip:appPort portion of the URL that I need?
I think that server.mappath() might work, but for some reason I can't get to the method even though I have the necessary references.
Note: I will be deploying this application on several different servers and really just don't want to have to hardcode the IP every time I re-deploy.
Try
HttpContext.Current.Request.ServerVariables("HTTP_HOST"), this should give you the host name.
this link will show you how to get all the keys you (may) need to get the port and application (if you don't already have them).
http://msdn.microsoft.com/en-us/library/system.web.httprequest.servervariables.aspx
anybody knows of blocking certain users (by IP) from accessing your website (website on asp.net mvc).
EDIT:
I know that web-servers can do this as well, but I need this at the application level
It's better to do this in the web server.
However, if you want to do it in code, you can handle the Application.BeginRequest event, check Request.UserHostAddress, and call Response.End.
IIS allows you to specify IP-based block lists.
If you want to do it at the application level you can get the users IP from Request.UserHostAddress and then do a redirect to wherever you want them to go if their IP is in a list you have saved.