ASYNC CLIENT IP SAFELIST FOR DOT NET

Sibeesh Venu
4 min readAug 11, 2023

Here, in this post we will see, how we can get the Safe List IP addresses asynchronously and add that to configure our ActionFilterAttribute and apply the same to the Web API to make sure that the unidentified requests gets 403 Forbidden.

ASYNC CLIENT IP SAFELIST FOR DOT NET

I have a .Net Web API project and I wanted to implement a mechanism via code to make sure that only certain IP addresses are allowed to call that API. We could do this by configuring the networking rules, Virtual Network, NSG implementations or even Azure App Access Restrictions if we host the Web API in an Azure App Service. However, the reason why I wanted to implement this via code is that the IP addresses list gets updated frequently and I wanted to make sure that there is very less maintenance on the service. Here, in this post we will see, how we can get the Safe List IP addresses asynchronously and add that to configure our ActionFilterAttribute and apply the same to the Web API to make sure that the unidentified requests gets 403 Forbidden.

Create an IP Action Filter

Before you do this, I assume that you already have the .Net Web API. For this post I am using .Net 7. Create a Services folder and then create a class IpActionFilter that is inherited from ActionFilterAttribute.

The implementation is a clone of this doc. As you can see from that doc, there it the safe IP addresses list are static and is added to the App Settings manually. However in my scenario, I had to get this from an Async service call.

Get the IP addresses from an Asyn service call

We will create a new Service IpFilterService that implements IIpFilterService. Here we will mimic the async call to make this post more concrete.

--

--

Sibeesh Venu

An engineer by profession and writer by passion. Author at Sibeesh Passion, Microsoft MVP (2016–2022). Software Engineer @ Microsoft