Last active
February 13, 2021 17:50
-
-
Save asontu/a8d24cc0730e2a78608e6e326eb17561 to your computer and use it in GitHub Desktop.
Admin page to add/remove IP's to IIS's IP address and domain restrictions feature for Identity Server IP white-listing. Further reading here: https://asontu.github.io/2020/12/28/admin-panel-to-whitelist-ips-for-identity-server.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<%@ Page Language="C#" AutoEventWireup="true" Debug="true" %> | |
<%@ Import Namespace="System.Collections.Generic" %> | |
<%@ Import Namespace="System.Linq" %> | |
<%@ Import Namespace="System.Data.Linq" %> | |
<%@ Import Namespace="Microsoft.Web.Administration" %> | |
<%@ Import Namespace="Sitecore" %> | |
<script runat="server" language="c#"> | |
// For this administration page to work, IIS needs to be configured to allow Read/Write | |
// delegation of the IP Address and Domain Restrictions feature on the Site of Interest | |
// (overrideMode="Allow" for system.webServer/security/ipSecurity) | |
// And the user this page runs under (App Pool) must have read/write access to both: | |
// - %SystemRoot%\System32\inetsrv\config of the webserver | |
// - web.config of the Site of Interest | |
private const string siteOfInterest = "NAME OF YOUR IIS SITE"; | |
private ServerManager serverManager; | |
private ServerManager ServerManager | |
{ | |
get | |
{ | |
return serverManager ?? (serverManager = new ServerManager()); | |
} | |
} | |
private Microsoft.Web.Administration.ConfigurationElementCollection IpCollection | |
{ | |
get | |
{ | |
return ServerManager.Sites | |
.FirstOrDefault(s => s.Name.Equals(siteOfInterest)) | |
.GetWebConfiguration() | |
.GetSection("system.webServer/security/ipSecurity") | |
.GetCollection(); | |
} | |
} | |
protected override void OnInit(EventArgs arguments) | |
{ | |
CheckSecurity(true); | |
BindRepeater(); | |
} | |
public void Page_Load(object sender, EventArgs args) | |
{ | |
CheckSecurity(true); | |
if (!IsPostBack) | |
{ | |
BindRepeater(); | |
} | |
} | |
private void BindRepeater() | |
{ | |
rpt.DataSource = IpCollection | |
.Select(ip => ip.GetAttributeValue("ipAddress").ToString()) | |
.OrderBy(ip => ip); | |
rpt.DataBind(); | |
} | |
private void RemoveValue(object source, CommandEventArgs commandEventArgs) | |
{ | |
var ipToRemove = (string) commandEventArgs.CommandArgument; | |
IpCollection | |
.FirstOrDefault(ip => ip.GetAttributeValue("ipAddress").Equals(ipToRemove)) | |
.Delete(); | |
ServerManager.CommitChanges(); | |
BindRepeater(); | |
} | |
private void SaveValue(object sender, EventArgs e) | |
{ | |
if (string.IsNullOrEmpty(txtValue.Text)) | |
{ | |
return; | |
} | |
var newIpElement = IpCollection.CreateElement(); | |
newIpElement.SetAttributeValue("ipAddress", txtValue.Text); | |
newIpElement.SetAttributeValue("allowed", true); | |
IpCollection.Add(newIpElement); | |
ServerManager.CommitChanges(); | |
BindRepeater(); | |
txtValue.Text = string.Empty; | |
} | |
private void CheckSecurity(bool isDeveloperAllowed) | |
{ | |
if (Sitecore.Context.User.IsAdministrator || (isDeveloperAllowed && this.IsDeveloper)) return; | |
var site = Sitecore.Context.Site; | |
if (site != null) | |
{ | |
base.Response.Redirect(string.Format("{0}?returnUrl={1}", site.LoginPage, HttpUtility.UrlEncode(base.Request.Url.PathAndQuery))); | |
} | |
} | |
private bool IsDeveloper | |
{ | |
get | |
{ | |
return User.IsInRole(@"sitecore\developer") || User.IsInRole(@"sitecore\sitecore client developing"); | |
} | |
} | |
</script> | |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> | |
<html xmlns="http://www.w3.org/1999/xhtml"> | |
<head runat="server"> | |
<title>Manage white-listed IP's</title> | |
<meta name="viewport" content="width=device-width, initial-scale=1"> | |
<link rel="Stylesheet" type="text/css" href="../default.css" /> | |
<link rel="Stylesheet" type="text/css" href="/sitecore/shell/themes/standard/default/WebFramework.css" /> | |
<style type="text/css"> | |
body { | |
font-size: 16px !important; | |
background-attachment: fixed; | |
} | |
form.wf-container { | |
width: auto; | |
max-width: 860px; | |
} | |
.wf-content { | |
padding: 1em !important; | |
} | |
h1 { | |
padding: 1em 0 !important; | |
} | |
</style> | |
</head> | |
<body> | |
<form id="form1" runat="server" class="wf-container"> | |
<div class="wf-content"> | |
<h1>Manage white-listed IP's</h1> | |
<table cellspacing="1" cellpadding="1" border="1"> | |
<tr> | |
<th>IP address</th> | |
<th> </th> | |
</tr> | |
<asp:Repeater runat="server" id="rpt" ItemType="System.String" OnItemCommand="RemoveValue"> | |
<ItemTemplate> | |
<tr style="<%# Container.ItemIndex % 2 == 1 ? string.Empty : "background-color: #ddd" %>"> | |
<td><%#: Item %></td> | |
<td style="text-align: center"> | |
<asp:LinkButton ForeColor="Red" | |
runat="server" | |
OnCommand="RemoveValue" | |
CommandArgument="<%#: Item %>" | |
OnClientClick="return confirm('Remove this IP?')">×</asp:LinkButton> | |
</td> | |
</tr> | |
</ItemTemplate> | |
</asp:Repeater> | |
<tr> | |
<td><asp:TextBox runat="server" id="txtValue" ValidationExpression="" /></td> | |
<td style="text-align: center"> | |
<asp:LinkButton ForeColor="Green" runat="server" OnClick="SaveValue">Add</asp:LinkButton> | |
</td> | |
</tr> | |
</table> | |
<asp:RegularExpressionValidator ID="RegularExpressionValidatorIp" runat="server" | |
ErrorMessage="Invalid IP Address!" | |
ValidationExpression="^(?!$)(?!.*?::.*?::)(?!.*?::.*?:$)(?!(?:[\da-fA-F]{1,4}(?::|$)){1,7}$)(?!(?:[\da-fA-F]{1,4}:){8})(?!:?(?::[\da-fA-F]{1,4}){8})(?!(?:[\da-fA-F]{1,4}:){7,}(?:\d+(?:\.|$)){4})(?!(?:[\da-fA-F]{1,4}:){6,}:(?:\d+(?:\.|$)){4})(?!(?:[\da-fA-F]{0,4}:){8,}(?:\d+(?:\.|$)){4})(?!(?:[\da-fA-F]{1,4}:){1,5}(?:\d+(?:\.|$)){4})(?:(?:::)?(?:[\da-fA-F]{1,4}(?:::?|$)){0,8})?(?:(?:(?:25[0-5]|2[0-4][0-9]|(?!00)1?[0-9][0-9]?)(?:\.|$)){4})?$" | |
ControlToValidate="txtValue"></asp:RegularExpressionValidator> | |
</div> | |
</form> | |
</body> | |
</html> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment