We have a requirement to restrict access to certain web endpoints in our application to a specific set of IP addresses.
In traditional web form applications, we have successfully used the combination of <location> and <ipSecurity> in our web.config to restrict access to our handlers (ashx). Will this same approach work for an ASP.NET MVC application where the endpoint is a controller or action. Our first attempt to simply specify the name of the controller in the path attribute does not work.
Another approach is to use the MVC Authorize / Filter attributes on this controller to get the correct in-place constraint, but we would prefer to control this solely from our web.config rather than the code.
source
share