I have an app where that takes in an IP address, compares it to some data in SQL, and then decides whether it should redirect a user or send them to the user unauthorized view. The issue is that when I put in the URL it sends them to a blank page. When I test this on my PC using IIS it works as expected, but not when I search in a browser. Any ideas?
Helper:
public class IPHelper
{
public static string GetIPType(IPAddress ip)
{
//determines if ip is part of public or private network
if (Convert.ToInt32(ip.ToString().Split('.')[1]) > 59)
return GetPublic(ip);
else
{
return GetNotPublic(ip);
}
}
public static string GetNotPublic(IPAddress ip)
{
List<SchoolIP> networks = new SchoolIP().Get();
foreach (SchoolIP scip in networks)
{
//determines whether the ip is wired or wireless
bool wireless = Convert.ToInt32(ip.ToString().Split('.')[1]) < 30 ? false : true;
//checks if the ip address is wired or wireless and returns the school
if (wireless == false)
{
string[] netArray = scip.IPWired.Split('/');
if (new IPNetwork(IPAddress.Parse(netArray[0]), Convert.ToInt32(netArray[1])).Contains(ip))
{
return scip.School;
}
}
else
{
string[] netArray = scip.IPWireless.Split('/');
if (new IPNetwork(IPAddress.Parse(netArray[0]), Convert.ToInt32(netArray[1])).Contains(ip))
{
return scip.School;
}
}
}
return "InvalidSchool";
}
public static string GetPublic(IPAddress ip)
{
List<SchoolIP> networks = new SchoolIP().Get();
foreach (SchoolIP scip in networks)
{
string[] netArray = scip.IPPublic.Split('/');
if (new IPNetwork(IPAddress.Parse(netArray[0]), Convert.ToInt32(netArray[1])).Contains(ip))
{
return scip.School;
}
}
return "InvalidSchool";
}
}
Controller:
public IActionResult Kiosk(string form)
{
string school = IPHelper.GetIPType(HttpContext.Connection.RemoteIpAddress);
ViewBag.school = school;
switch (school)
{
case "0071":
if (form == "discipline".ToLower())
return Redirect("redactedurl");
else if (form == "guidance".ToLower())
return Redirect("redactedurl");
else
return View("UserUnauthorized");
case "0911":
if (form == "discipline".ToLower())
return Redirect("redactedurl");
else if (form == "guidance".ToLower())
return Redirect("redactedurl");
else
return View("UserUnauthorized");
default:
return View("UserUnauthorized");
}
}
public ActionResult UserUnauthorized()
{
return View();
}
UserUnauthorized.cshtml
@{
Layout = null;
ViewBag.Title = "Unauthorized";
}
<img src="~/Logo.png" />
<h2>Access Denied:</h2>
<h3>You currently do not have access to this application. If you believe this is incorrect, please contact </h3>
I changed the Kiosk method back to the original KioskDiscipline method which works. I added the KioskGuidance method which doesn't work. The logic is basically the same, yet the KioskDiscipline method works where as the KioskGuidance method returns a 404. I'm wondering if this could be because of cookies?
[AllowAnonymous]
public IActionResult KioskDiscipline()
{
string school = IPHelper.GetIPType(HttpContext.Connection.RemoteIpAddress);
ViewBag.school = school;
switch (school)
{
case "0071":
return Redirect("redactedurl");
default:
return View("UserUnauthorized");
}
}
[AllowAnonymous]
public IActionResult KioskGuidance()
{
string school = IPHelper.GetIPType(HttpContext.Connection.RemoteIpAddress);
ViewBag.school = school;
switch (school)
{
case "0911": //Winter Springs HS
return Redirect("https://docs.google.com/forms/d/e/1FAIpQLSfpNQWlOyM-HCc8CviXTOfA8CfXRkaW1u6XCTFokvoxisd3vQ/viewform");
default:
return View("UserUnauthorized");
}
}
I've tried removing the AllowAnonymous tags, I've tried adding blank views, I've tried moving the UserUnauthorized view to Shared, still nothing.
This is my start up configure method:
public void Configure(IApplicationBuilder app, IWebHostEnvironment env, ILogger<Startup> logger)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseExceptionHandler("/Home/Error");
// The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
app.UseDeveloperExceptionPage();
app.UseHsts();
}
app.UseStatusCodePages(async context =>
{
var code = context.HttpContext.Response.StatusCode;
if (code == 404)
{
logger.Log(LogLevel.Error, null, "[Error] 404 Path not found");
}
if (code == 403)
{
logger.Log(LogLevel.Error, null, "[Error] 403 Unauthorized");
}
});
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllerRoute(
name: "default",
pattern: "{controller=Home}/{action=Index}/{id?}");
});
This is my Startup Services cookies:
.AddCookie(IdentityConstants.ExternalScheme);
services.ConfigureExternalCookie(options =>
{
options.Cookie.Name = "SCPS.BiFrost";
options.ExpireTimeSpan = TimeSpan.FromMinutes(60);
options.ForwardChallenge = Saml2Defaults.Scheme;
options.AccessDeniedPath = "/Home/UserUnauthorized/";
});
CodePudding user response:
return View("UserUnauthorized") don't go to the UserUnauthorized acton in your case. It immediately returns the view.
You have to create UserUnauthorized.cshtml view in "Views/Shared" folder if you still don't have or put existing view in Shared folder.
Something like this
@{
ViewData["Title"] = "Not Authorized";
}
<h1 class="text-danger">Not Authorized.</h1>
<h2 class="text-danger"> You are Not Authorized.</h2>
or if you for some reasons want to go to action at first you have to use somtning like this
return Redirect("UserUnauthorized");
CodePudding user response:
An update: So this issue wasn't on my end apparently. I'm at a new job myself and 3 devs all started at the same time (and we're the only devs). No one's around that was here and there's no documentation so we are still figuring out how things were done around here.
Basically the issue was that when I was publishing changes to our prod server, it wasn't actually going to the server, but to a folder so that our senior dev could manually move it to the server after checking our work (he also was unaware of this).