webapi项目添加访问IP限制

第一步：在项目中添加一个cs文件，内容如下，代码中的RemoteEndpointMessageProperty需要引用System.ServiceModel.Channels，如果没有，去NuGet工具箱搜索安装System.ServiceModel.Primitives

using System;
using System.Collections.Generic;
using System.Configuration;
using System.Linq;
using System.Net;
using System.Net.Http;
using System.Threading;
using System.Threading.Tasks;
using System.Web;
using System.ServiceModel.Channels;public class IPFilterHandler : DelegatingHandler
{private readonly HashSet<string> _allowedIPs;public IPFilterHandler(){var ips = ConfigurationManager.AppSettings["AllowedIPs"] ?? "";_allowedIPs = new HashSet<string>(ips.Split(','), StringComparer.OrdinalIgnoreCase);}protected override async Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken){var clientIP = GetClientIp(request);if (_allowedIPs.Contains(clientIP)){return await base.SendAsync(request, cancellationToken);}return request.CreateResponse(HttpStatusCode.Forbidden, new{Code = 403,Message = $"IP {clientIP} 无访问权限"});}private string GetClientIp(HttpRequestMessage request){// 尝试从 X-Forwarded-For 获取（适用于反向代理场景）if (request.Headers.TryGetValues("X-Forwarded-For", out var forwardedFor)){return forwardedFor.First().Split(',').First().Trim();}// 标准方式获取 IPif (request.Properties.ContainsKey("MS_HttpContext")){return ((HttpContextWrapper)request.Properties["MS_HttpContext"]).Request.UserHostAddress;}if (request.Properties.ContainsKey(RemoteEndpointMessageProperty.Name)){var prop = (RemoteEndpointMessageProperty)request.Properties[RemoteEndpointMessageProperty.Name];return prop.Address;}return "0.0.0.0";}
}

第二步：注册，在 WebApiConfig.cs 中，添加

config.MessageHandlers.Add(new IPFilterHandler());

第三步：在Web.config的<appSettings>中添加，value中添加限制的ip，多个用英文逗号隔开

<add key="AllowedIPs" value="10.10.10.1" />