Azure API Management Advanced policies using C# - II

Applying IP filter based on named value json in policy | Using LINQ query inside API management policy | Dynamically filtering IPs based on json

Azure API Management Advanced policies using C# - II
Sanjeevi Subramani's photo
Sanjeevi Subramani

Published on Jun 24, 2021

2 min read

Subscribe to my newsletter and never miss my upcoming articles

In this article we can see how to get NamedValue json content and load in JObject and use a LINQ query inside APIM policies for applying IP restriction in policy.

Also refer part-I of this article here.

By following this article from MSDN where we have when conditions and Ip filter policies and advanced C# code inside policy can be done.

First create a Namedvalue inside Api Management under Namedvalues tab:

image.png

with key name: IpAllowList value:

[
{
"User":"user1",
"subscriptionKey":"subskeyforuser1",
"AllowedIps" : ["192.168.1.3","192.168.1.4","192.168.1.5","192.168.3.4","13.91.284.72"]
}
 ]

To get the Namedvalue json content inside policy use below code:

<set-variable name="IAllowListNamdval" value="{{IpAllowList}}" />

To get the subscriptionkey given in the request header or parameter use the below code:

<set-variable name="SubscriptionKeyVar" value="@{ string[] value; string value2;
            if (context.Request.Headers.TryGetValue("Ocp-Apim-Subscription-Key", out value))
            {   if(value != null && value.Length > 0)
                {
                    return value[0];
                }
            }
            else if(context.Request.MatchedParameters.TryGetValue("Ocp-Apim-Subscription-Key", out value2))
            {   if(value2 != null && value2 != "")
                {
                    return value2;
                }
            }
            return null;
        }" />

Using the LINQ query to the json array obtained from Namedvalue see below code:

<set-variable name="AlwdIpForUser" value="@{
                    var jsonval = JArray.Parse((string)context.Variables.GetValueOrDefault<string>("IAllowListNamdval"));
                    var arr = jsonval.Where(m => m["subscriptionKey"].Value<string>() == (string)context.Variables.GetValueOrDefault<string>("SubscriptionKeyVar")).SelectMany(y => (JArray)y["AllowedIps"]);
                    return arr.Any(t => t.Value<string>() == (string)context.Request.IpAddress); }" />

Then using the result in blocking the IP with below code:

<choose>
            <when condition="@(!(bool)context.Variables.GetValueOrDefault<bool>("AlwdIpForUser"))">
                <ip-filter action="forbid">
                    <address>@(context.Request.IpAddress)</address>
                </ip-filter>
            </when>
        </choose>
[
{
"User":"user1",
"subscriptionKey":"subskeyforuser1",
"AllowedIps" : ["192.168.1.3","192.168.1.4","192.168.1.5","192.168.3.4","13.91.284.72"]
}
 ]

By following above steps, we can filter and block IPs. In the Namedvalue we can have a json content in this structure where user based on subscription key and the corresponding IPs blocking can be applied.

 
Share this