tags:

views:

48

answers:

2

I have asmx web service and I would like to reject all requests coming from all ip addresses except one I know.

I used Application_BeginRequest but after I confirm that the ip is not the ip I know, I would like to know what I need to replace the comment in the code bellow.

Thanks

protected void Application_BeginRequest(object sender, EventArgs e)
{
     var  address = "916.222.18.0";
     var ip = Context.Request.ServerVariables["REMOTE_ADDR"];

     if (ip != address)
     {
         // reject request
     }
}
A: 

Try this:

Context.Response.StatusCode = (int)HttpStatusCode.Forbidden;
Context.Response.End();

Or you can simply redirect to another page that does not have client restrictions:

Context.Response.Redirect("Head-Fake.aspx");
kbrimington
A: 
 if (ip != address)
 {
     Context.Response.StatusCode = 401; // Unauthorized
     Context.Response.End();
     // or
     throw new HttpNotFoundException();
 }
John Sheehan
In my experience, use of Response.End() results in a ThreadAbortException. This exception trumps the specified status code (401), and instead returns a 500. Is there something I was doing wrong? Perhaps something I had mis-configured? In any case, due to my problems with Response.End(), I would definitely recommend throwing the exception instead.
mikemanne