第一步:在项目中添加一个cs文件,内容如下,代码中的RemoteEndpointMessageProperty需要引用System.ServiceModel.Channels,如果没有,去NuGet工具箱搜索安装System.ServiceModel.Primitives
using System;
using System.Collections.Generic;
using System.Configuration;
using System.Linq;
using System.Net;
using System.Net.Http;
using System.Threading;
using System.Threading.Tasks;
using System.Web;
using System.ServiceModel.Channels;
public class IPFilterHandler : DelegatingHandler
{
private readonly HashSet<string> _allowedIPs;
public IPFilterHandler()
{
var ips = ConfigurationManager.AppSettings["AllowedIPs"] ?? "";
_allowedIPs = new HashSet<string>(ips.Split(','), StringComparer.OrdinalIgnoreCase);
}
protected override async Task<HttpResponseMessage> SendAsync(
HttpRequestMessage request, CancellationToken cancellationToken)
{
var clientIP = GetClientIp(request);
if (_allowedIPs.Contains(clientIP))
{
return await base.SendAsync(request, cancellationToken);
}
return request.CreateResponse(HttpStatusCode.Forbidden, new
{
Code = 403,
Message = $"IP {clientIP} 无访问权限"
});
}
private string GetClientIp(HttpRequestMessage request)
{
// 尝试从 X-Forwarded-For 获取(适用于反向代理场景)
if (request.Headers.TryGetValues("X-Forwarded-For", out var forwardedFor))
{
return forwardedFor.First().Split(',').First().Trim();
}
// 标准方式获取 IP
if (request.Properties.ContainsKey("MS_HttpContext"))
{
return ((HttpContextWrapper)request.Properties["MS_HttpContext"]).Request.UserHostAddress;
}
if (request.Properties.ContainsKey(RemoteEndpointMessageProperty.Name))
{
var prop = (RemoteEndpointMessageProperty)request.Properties[RemoteEndpointMessageProperty.Name];
return prop.Address;
}
return "0.0.0.0";
}
}第二步:注册,在 WebApiConfig.cs 中,添加
config.MessageHandlers.Add(new IPFilterHandler());
第三步:在Web.config的<appSettings>中添加,value中添加限制的ip,多个用英文逗号隔开
<add key="AllowedIPs" value="10.10.10.1" />