AbleCommerce Forums
»
AbleCommerce
»
General Questions
»
Locking down admin with ip restrictions
Rank: Advanced Member
Groups: Developers
Joined: 11/7/2018(UTC) Posts: 303
Thanks: 21 times Was thanked: 5 time(s) in 5 post(s)
|
We just took a site live and the hoster is trying to lock down the admin to restricted ip addresses, like they did in Gold. He has tried locking down the Areas and the Areas/Admin folders and it isn't working. Can you point us in the right direction about how to do this? Thanks
|
|
|
|
Rank: Advanced Member
Groups: Admin, Developers, Registered, HelpDesk, Authorized User Joined: 10/5/2018(UTC) Posts: 704
Thanks: 5 times Was thanked: 113 time(s) in 112 post(s)
|
There is a difference between MVC (AC9) and webForms (Gold). In Gold, the URLs are mapped on physical files and folder structure whereas, in AC9 MVC, the routes are defined to map the URLs to controller and actions.
TO restrict certain pages or areas in MVC, you need to restrict the URLs containing a string. e.g all URLs containing "admin" will be related to admin area of our MVC application.
|
1 user thanked shaharyar for this useful post.
|
|
|
Rank: Advanced Member
Groups: Authorized User, Developers Joined: 5/30/2020(UTC) Posts: 125
Thanks: 14 times Was thanked: 3 time(s) in 3 post(s)
|
Quote:you need to restrict the URLs containing a string. e.g all URLs containing "admin" will be related to admin area of our MVC application What is the preferred method for doing this? I was trying to think of a way to do this unobtrusively via plug-in, but not sure there is a great way. In most of the examples I've seen, route authorization is taken care of via attributes on the controllers and/or actions.
|
|
|
|
Rank: Advanced Member
Groups: Developers
Joined: 11/7/2018(UTC) Posts: 303
Thanks: 21 times Was thanked: 5 time(s) in 5 post(s)
|
The site I asked about is hosted by a big provider/datacenter and their network guys said they didn't know how to do this!So they went with a WAF instead. If they hadn't done that, I had found info by Googling about how to do it in MVC.
|
|
|
|
Rank: Advanced Member
Groups: Admin, Developers, Registered, HelpDesk, Authorized User Joined: 10/5/2018(UTC) Posts: 704
Thanks: 5 times Was thanked: 113 time(s) in 112 post(s)
|
This can be achieved by extending IAbleHttpModule class. You can register your custom HttpModule in App_Data/ablecommerce.config. Please follow the steps: 1- Create a class in your plugin project and paste the following code in it. Code:using CommerceBuilder.Essentials;
using System;
using System.Web;
namespace ExamplePlugin
{
public class RestrictURLModule : IAbleHttpModule
{
public void Initialize(HttpApplication context)
{
// register the BeginRequest and EndRequest handler
context.BeginRequest += new EventHandler(Begin);
context.EndRequest += new EventHandler(End);
}
public void Dispose()
{
// dispose
}
private void Begin(object sender, EventArgs e)
{
HttpApplication application = (HttpApplication)sender;
if (application == null) return;
HttpContext context = application.Context;
// ignore requests from the admin directory
HttpRequest request = context.Request;
string absolutePath = request.Url.AbsolutePath.ToLowerInvariant();
if (absolutePath.Contains("/admin/"))
{
// add your ip restriction logic here
// e.g
if (request.UserHostAddress == "127.0.0.1")
return;
}
}
private void End(object sender, EventArgs e)
{
}
}
}
2- Open AppData/ablecommerce.config file 3- Search for 4- Replace with Code:<add name="Restrict URL Module" type="{Default namespace}.RestrictURLModule, {Assembly Name}" enabled="True" />
</ableHttpModules>
5- Replace the {Default namespace} and {Assembly Name} with the original values. You can see the values in VS by opening the plugin project properties Application tab.
|
2 users thanked shaharyar for this useful post.
|
|
|
AbleCommerce Forums
»
AbleCommerce
»
General Questions
»
Locking down admin with ip restrictions
Forum Jump
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.
Important Information:
The AbleCommerce Forums uses cookies. By continuing to browse this site, you are agreeing to our use of cookies.
More Details
Close