logo
Welcome to our new AbleCommerce forums. As a guest, you may view the information here. To post to this forum, you must have a registered account with us, either as a new user evaluating AbleCommerce or an existing user of the application. For all questions related to the older version of Gold and earlier, please go to AbleCommerce Gold forum. Please use your AbleCommerce username and password to Login. New Registrations are disabled.

Notification

Icon
Error
Locking down admin with ip restrictions
Options
Go to last post Go to first unread
Previous Topic Next Topic
judy at Web2Market  
#1 Posted : Tuesday, May 11, 2021 10:06:22 AM(UTC)
judy at Web2Market

Rank: Advanced Member

Groups: Developers
Joined: 11/7/2018(UTC)
Posts: 289

Thanks: 21 times
Was thanked: 5 time(s) in 5 post(s)
We just took a site live and the hoster is trying to lock down the admin to restricted ip addresses, like they did in Gold. He has tried locking down the Areas and the Areas/Admin folders and it isn't working. Can you point us in the right direction about how to do this?
Thanks
Back to top

Wanna join the discussion?! Login to your AbleCommerce Forums forum account. New Registrations are disabled.
Back to top  
shaharyar  
#2 Posted : Wednesday, May 12, 2021 2:47:27 AM(UTC)
shaharyar

Rank: Advanced Member

Groups: Admin, Developers, Registered, HelpDesk, Authorized User
Joined: 10/5/2018(UTC)
Posts: 704

Thanks: 5 times
Was thanked: 113 time(s) in 112 post(s)
There is a difference between MVC (AC9) and webForms (Gold). In Gold, the URLs are mapped on physical files and folder structure whereas, in AC9 MVC, the routes are defined to map the URLs to controller and actions.

TO restrict certain pages or areas in MVC, you need to restrict the URLs containing a string. e.g all URLs containing "admin" will be related to admin area of our MVC application.
Back to top
thanks 1 user thanked shaharyar for this useful post.
judy at Web2Market on 5/12/2021(UTC)
sweeperqb  
#3 Posted : Wednesday, May 19, 2021 11:41:49 AM(UTC)
sweeperqb

Rank: Advanced Member

Groups: Authorized User, Developers
Joined: 5/30/2020(UTC)
Posts: 125

Thanks: 14 times
Was thanked: 3 time(s) in 3 post(s)
Quote:
you need to restrict the URLs containing a string. e.g all URLs containing "admin" will be related to admin area of our MVC application

What is the preferred method for doing this?

I was trying to think of a way to do this unobtrusively via plug-in, but not sure there is a great way. In most of the examples I've seen, route authorization is taken care of via attributes on the controllers and/or actions.
Back to top
judy at Web2Market  
#4 Posted : Thursday, May 20, 2021 5:42:56 AM(UTC)
judy at Web2Market

Rank: Advanced Member

Groups: Developers
Joined: 11/7/2018(UTC)
Posts: 289

Thanks: 21 times
Was thanked: 5 time(s) in 5 post(s)
The site I asked about is hosted by a big provider/datacenter and their network guys said they didn't know how to do this!So they went with a WAF instead. If they hadn't done that, I had found info by Googling about how to do it in MVC.
Back to top
shaharyar  
#5 Posted : Thursday, May 20, 2021 6:36:37 AM(UTC)
shaharyar

Rank: Advanced Member

Groups: Admin, Developers, Registered, HelpDesk, Authorized User
Joined: 10/5/2018(UTC)
Posts: 704

Thanks: 5 times
Was thanked: 113 time(s) in 112 post(s)
This can be achieved by extending IAbleHttpModule class. You can register your custom HttpModule in App_Data/ablecommerce.config.

Please follow the steps:

1- Create a class in your plugin project and paste the following code in it.
Code:
using CommerceBuilder.Essentials;
using System;
using System.Web;

namespace ExamplePlugin
{
    public class RestrictURLModule : IAbleHttpModule
    {        
        public void Initialize(HttpApplication context)
        {
            // register the BeginRequest and EndRequest handler
            context.BeginRequest += new EventHandler(Begin);
            context.EndRequest += new EventHandler(End);
        }
        
        public void Dispose()
        {
            // dispose
        }
        
        private void Begin(object sender, EventArgs e)
        {
            HttpApplication application = (HttpApplication)sender;
            if (application == null) return;
            HttpContext context = application.Context;

            // ignore requests from the admin directory 
            HttpRequest request = context.Request;
            string absolutePath = request.Url.AbsolutePath.ToLowerInvariant();
            if (absolutePath.Contains("/admin/"))
            {
                // add your ip restriction logic here
                // e.g
                if (request.UserHostAddress == "127.0.0.1")
                    return;
            }
        }
        
        private void End(object sender, EventArgs e)
        {
            
        }
    }
}


2- Open AppData/ablecommerce.config file
3- Search for
Code:
</ableHttpModules>

4- Replace with
Code:
<add name="Restrict URL Module" type="{Default namespace}.RestrictURLModule, {Assembly Name}" enabled="True" />
  </ableHttpModules>


5- Replace the {Default namespace} and {Assembly Name} with the original values. You can see the values in VS by opening the plugin project properties Application tab.
Back to top
thanks 2 users thanked shaharyar for this useful post.
sweeperqb on 5/21/2021(UTC), judy at Web2Market on 5/24/2021(UTC)
Users browsing this topic
Guest
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.

Privacy Policy | Powered by YAF.NET 2.2.4.14 | YAF.NET © 2003-2024, Yet Another Forum.NET
This page was generated in 0.146 seconds.