.NET：在ASP.NET中如何进行IP限制

.NET：在ASP.NET中如何进行IP限制

背景

 

为了增强系统的安全，很多信息系统都提供了“IP限制”功能。功能虽然简单，但是从业五年来从来没有是实现过，因此就以博文的形式记录下来。

 

思路

 

实现应该很简答，功能可以分解为如下这三个问题：

 

1. 1. 判断当前请求是否应用IP限制，有些请求不用应用IP限制的。
   2. 当前客户IP是否包含在限制列表中。
   3. 如何以AOP的形式应用IP限制

 

 

1和2可以抽象为一个接口

 

 1 using System;
 2 
 3 namespace IpLimit.Codes
 4 {
 5     interface IIpLimitService
 6     {
 7         bool IsInExcludeUrl(string url);
 8         bool IsInLimit(string ip);
 9     }
10 }

 

3可以用IHttpModule实现

 

 1 using System;
 2 using System.Collections.Generic;
 3 using System.Linq;
 4 using System.Web;
 5 
 6 namespace IpLimit.Codes
 7 {
 8     public sealed class IpLimitModule : IHttpModule
 9     {
10         public void Dispose()
11         {
12 
13         }
14 
15         public void Init(HttpApplication context)
16         {
17             context.BeginRequest += this.OnBeginRequest;
18         }
19 
20         private void OnBeginRequest(object sender, EventArgs args)
21         {
22             var ipLimitService = new IpLimitService();
23             var clientIp = HttpContext.Current.Request.UserHostAddress;
24             var requestUrl = HttpContext.Current.Request.Url;
25 
26             if (ipLimitService.IsInExcludeUrl(requestUrl.AbsolutePath))
27             {
28                 return;
29             }
30 
31             if (ipLimitService.IsInLimit(clientIp))
32             {
33                 HttpContext.Current.Response.Redirect("IpLimit.html");
34             }
35         }
36     }
37 }

 

实现细节

 

1. 1. this.Request.UserHostAddress的格式为“127.0.0.1”。
   2. this.Request.Url.AbsolutePath的格式为“/Tests/GetIp.aspx”，
   3. 具体限制IP列表和排除地址列表的存储可以自己酌情实现。

 

备注

 

对应黑客知识，我并不了解，黑客是不是很容易模拟客户端IP，有高手的话，请指点一二。

 

.net json序列化组件Json.NET

    Json.NET（Newtonsoft.Json）是.Net 框架下比较流行的一款高效json序列化开源组件,支持.Net Framework 2.0 到 4.5+,并且可用于.Net各种环境Asp.net,Silverlight,Windows Phone,Windows 8等等.更多特性移步开源首页：http://json.codeplex.com/

性能

Json.NET 、DataContractJsonSerializer、JavascriptSeriallizer性能测试结果对比，还不错吧。

引用

方式1.下载解压引用Newtonsoft.Json.dll

下载地址http://json.codeplex.com/releases/view/105633

方式2:Nuget安装

PM> Install-Package Newtonsoft.Json

序列化与反序列

1.基本用法，首先引用Newtonsoft.Json命名空间,定义好与json同结构的的类用于转换

Software software = new  Software{ SoftID=1, 
                SoftName="限时免费" ,
                DownloadUrl="http://itunes.apple.com/cn/app/id427577372?mt=8",
                ReleaseTime=DateTime.Now
            };

//序列化
 string jsonStr = JsonConvert.SerializeObject(software);

//反序列化
Software objSoftware =JsonConvert.DeserializeObject<Software>(jsonStr);
Console.WriteLine(jsonStr);

序列化输出

2.时间格式处理,DateTime类型序列化默认序列化如上,这种格式在其它客户端很难读取，或者想按自己的格式化

Newtonsoft.Json.Converters.IsoDateTimeConverter timeConverter = new Newtonsoft.Json.Converters.IsoDateTimeConverter();
timeConverter.DateTimeFormat = "yyyy年MM月dd日 HH:mm:ss";
Console.WriteLine(JsonConvert.SerializeObject(software, timeConverter));

输出结果：

3.匿名类型序列化,这种方法无需事先定义与json同结构的类就能反序列化

//Json字符串
 string jsonStr = @"{result:-1,desc:'参数错误，请检查格式'}";

 //反序列化
 var obj = JsonConvert.DeserializeAnonymousType(jsonStr, new { result = 0, desc = string.Empty });
 Console.WriteLine(string.Format("result:{0} desc:{1}", obj.result, obj.desc));

4.快速定位节点，用于快速处理或者json结构较为复杂的字符串,又不想定义对应转移类,如

{"weatherinfo":{"city":"福州","city_en":"fuzhou","date_y":"2013年5月4日","date":"","week":"星期六","fchh":"18","cityid":"101230101","temp1":"16℃~21℃","temp2":"16℃~23℃","temp3":"17℃~24℃","temp4":"16℃~26℃","temp5":"17℃~29℃","temp6":"18℃~28℃","tempF1":"60.8℉~69.8℉","tempF2":"60.8℉~73.4℉","tempF3":"62.6℉~75.2℉","tempF4":"60.8℉~78.8℉","tempF5":"62.6℉~84.2℉","tempF6":"64.4℉~82.4℉","weather1":"阵雨","weather2":"阵雨转阴","weather3":"阴转雷阵雨","weather4":"阵雨转雷阵雨","weather5":"阵雨转多云","weather6":"多云转中雨","img1":"3","img2":"99","img3":"3","img4":"2","img5":"2","img6":"4","img7":"3","img8":"4","img9":"3","img10":"1","img11":"1","img12":"8","img_single":"3","img_title1":"阵雨","img_title2":"阵雨","img_title3":"阵雨","img_title4":"阴","img_title5":"阴","img_title6":"雷阵雨","img_title7":"阵雨","img_title8":"雷阵雨","img_title9":"阵雨","img_title10":"多云","img_title11":"多云","img_title12":"中雨","img_title_single":"阵雨","wind1":"微风","wind2":"微风","wind3":"微风","wind4":"微风","wind5":"微风","wind6":"微风","fx1":"微风","fx2":"微风","fl1":"小于3级","fl2":"小于3级","fl3":"小于3级","fl4":"小于3级","fl5":"小于3级","fl6":"小于3级","index":"舒适","index_d":"建议着薄型套装或牛仔衫裤等春秋过渡装。年老体弱者宜着套装、夹克衫等。","index48":"舒适","index48_d":"建议着薄型套装或牛仔衫裤等春秋过渡装。年老体弱者宜着套装、夹克衫等。","index_uv":"弱","index48_uv":"最弱","index_xc":"不宜","index_tr":"适宜","index_co":"舒适","st1":"19","st2":"14","st3":"25","st4":"14","st5":"23","st6":"16","index_cl":"较不宜","index_ls":"不太适宜","index_ag":"易发"}}

读取weatherinfo下的weather1

 var obj = JObject.Parse(html);
 string weather1 = (string)obj["weatherinfo"]["weather1"];

快速方便吧~~

 

 

 

标签: Json.NET, 序列化, Newtonsoft.Json