.NET：在ASP.NET中如何进行IP限制

.NET：在ASP.NET中如何进行IP限制

背景

为了增强系统的安全，很多信息系统都提供了“IP限制”功能。功能虽然简单，但是从业五年来从来没有是实现过，因此就以博文的形式记录下来。

思路

实现应该很简答，功能可以分解为如下这三个问题：

判断当前请求是否应用IP限制，有些请求不用应用IP限制的。

当前客户IP是否包含在限制列表中。

如何以AOP的形式应用IP限制

1和2可以抽象为一个接口

1 using System;
2
3 namespace IpLimit.Codes
4 {
5     interface IIpLimitService
6     {
7         bool IsInExcludeUrl(string url);
8         bool IsInLimit(string ip);
9     }
10 }

3可以用IHttpModule实现

1 using System;
2 using System.Collections.Generic;
3 using System.Linq;
4 using System.Web;
5
6 namespace IpLimit.Codes
7 {
8     public sealed class IpLimitModule : IHttpModule
9     {
10         public void Dispose()
11         {
12
13         }
14
15         public void Init(HttpApplication context)
16         {
17             context.BeginRequest += this.OnBeginRequest;
18         }
19
20         private void OnBeginRequest(object sender, EventArgs args)
21         {
22             var ipLimitService = new IpLimitService();
23             var clientIp = HttpContext.Current.Request.UserHostAddress;
24             var requestUrl = HttpContext.Current.Request.Url;
25
26             if (ipLimitService.IsInExcludeUrl(requestUrl.AbsolutePath))
27             {
28                 return;
29             }
30
31             if (ipLimitService.IsInLimit(clientIp))
32             {
33                 HttpContext.Current.Response.Redirect("IpLimit.html");
34             }
35         }
36     }
37 }

实现细节

this.Request.UserHostAddress的格式为“127.0.0.1”。

this.Request.Url.AbsolutePath的格式为“/Tests/GetIp.aspx”，

具体限制IP列表和排除地址列表的存储可以自己酌情实现。

备注

对应黑客知识，我并不了解，黑客是不是很容易模拟客户端IP，有高手的话，请指点一二。

.net json序列化组件Json.NET

Json.NET（Newtonsoft.Json）是.Net 框架下比较流行的一款高效json序列化开源组件,支持.Net Framework 2.0 到 4.5+,并且可用于.Net各种环境Asp.net,Silverlight,Windows Phone,Windows 8等等.更多特性移步开源首页：http://json.codeplex.com/

性能

Json.NET 、DataContractJsonSerializer、JavascriptSeriallizer性能测试结果对比，还不错吧。



引用

方式1.下载解压引用Newtonsoft.Json.dll

下载地址http://json.codeplex.com/releases/view/105633

方式2:Nuget安装

PM> Install-Package Newtonsoft.Json

序列化与反序列

1.基本用法，首先引用Newtonsoft.Json命名空间,定义好与json同结构的的类用于转换

Software software = new  Software{ SoftID=1,
SoftName="限时免费" ,
DownloadUrl="http://itunes.apple.com/cn/app/id427577372?mt=8",
ReleaseTime=DateTime.Now
};

//序列化
string jsonStr = JsonConvert.SerializeObject(software);

//反序列化
Software objSoftware =JsonConvert.DeserializeObject<Software>(jsonStr);
Console.WriteLine(jsonStr);

序列化输出





2.时间格式处理,DateTime类型序列化默认序列化如上,这种格式在其它客户端很难读取，或者想按自己的格式化

Newtonsoft.Json.Converters.IsoDateTimeConverter timeConverter = new Newtonsoft.Json.Converters.IsoDateTimeConverter();
timeConverter.DateTimeFormat = "yyyy年MM月dd日 HH:mm:ss";
Console.WriteLine(JsonConvert.SerializeObject(software, timeConverter));

输出结果：





3.匿名类型序列化,这种方法无需事先定义与json同结构的类就能反序列化

//Json字符串
string jsonStr = @"{result:-1,desc:'参数错误，请检查格式'}";

//反序列化
var obj = JsonConvert.DeserializeAnonymousType(jsonStr, new { result = 0, desc = string.Empty });
Console.WriteLine(string.Format("result:{0} desc:{1}", obj.result, obj.desc));

4.快速定位节点，用于快速处理或者json结构较为复杂的字符串,又不想定义对应转移类,如

{"weatherinfo":{"city":"福州","city_en":"fuzhou","date_y":"2013年5月4日","date":"","week":"星期六","fchh":"18","cityid":"101230101","temp1":"16℃~21℃","temp2":"16℃~23℃","temp3":"17℃~24℃","temp4":"16℃~26℃","temp5":"17℃~29℃","temp6":"18℃~28℃","tempF1":"60.8℉~69.8℉","tempF2":"60.8℉~73.4℉","tempF3":"62.6℉~75.2℉","tempF4":"60.8℉~78.8℉","tempF5":"62.6℉~84.2℉","tempF6":"64.4℉~82.4℉","weather1":"阵雨","weather2":"阵雨转阴","weather3":"阴转雷阵雨","weather4":"阵雨转雷阵雨","weather5":"阵雨转多云","weather6":"多云转中雨","img1":"3","img2":"99","img3":"3","img4":"2","img5":"2","img6":"4","img7":"3","img8":"4","img9":"3","img10":"1","img11":"1","img12":"8","img_single":"3","img_title1":"阵雨","img_title2":"阵雨","img_title3":"阵雨","img_title4":"阴","img_title5":"阴","img_title6":"雷阵雨","img_title7":"阵雨","img_title8":"雷阵雨","img_title9":"阵雨","img_title10":"多云","img_title11":"多云","img_title12":"中雨","img_title_single":"阵雨","wind1":"微风","wind2":"微风","wind3":"微风","wind4":"微风","wind5":"微风","wind6":"微风","fx1":"微风","fx2":"微风","fl1":"小于3级","fl2":"小于3级","fl3":"小于3级","fl4":"小于3级","fl5":"小于3级","fl6":"小于3级","index":"舒适","index_d":"建议着薄型套装或牛仔衫裤等春秋过渡装。年老体弱者宜着套装、夹克衫等。","index48":"舒适","index48_d":"建议着薄型套装或牛仔衫裤等春秋过渡装。年老体弱者宜着套装、夹克衫等。","index_uv":"弱","index48_uv":"最弱","index_xc":"不宜","index_tr":"适宜","index_co":"舒适","st1":"19","st2":"14","st3":"25","st4":"14","st5":"23","st6":"16","index_cl":"较不宜","index_ls":"不太适宜","index_ag":"易发"}}

读取weatherinfo下的weather1

var obj = JObject.Parse(html);
string weather1 = (string)obj["weatherinfo"]["weather1"];

快速方便吧~~