Recently, I deployed an application that was only available on the local intranet to be available on the internet. In doing so, concerns were raised about the protection of the company's IP. The site is password protected, however, it was a requirement that some information be restricted when the site was not accessed from the local intranet. The users of the system and the people deemed to be of risk to steal company IP were deemed to be not technically savvy, so the solution did not have to be full proof. It was decided then that an effective yet relatively simple solution would to be check the IP address of the request and if were a private IP address, then the site would behave differently from if it was accessed from the premises of the company.
Initially, I did some quick Google searches to find a solution online. However after 30 minutes of searching, I was surprised that I couldn't find one. Knowing that the solution would not take ample time to complete, I decided to stop searching and do some coding. Firstly, I needed to know what the private IP Addresses are. Wikipedia listed the following as private IP Addresses.
- 10.0.0.0 – 10.255.255.255
- 172.16.0.0 – 172.31.255.255
- 192.168.0.0 – 192.168.255.255
To implement the solution, I decided to write a couple of extension methods for the
IPAddress class. One of that does a bitwise
AND of the IP address with another address and returns a new IP Address. The second method returns a bool determining whether the IP Address is from the intranet.
public static IPAddress And(this IPAddress ipAddress, IPAddress mask)
CheckIPVersion(ipAddress, mask, out addressBytes, out maskBytes);
byte resultBytes = new byte[addressBytes.Length];
for (int i = 0; i < addressBytes.Length; ++i)
resultBytes[i] = (byte)(addressBytes[i] & maskBytes[i]);
return new IPAddress(resultBytes);
public static bool IsOnIntranet(this IPAddress ipAddress)
bool onIntranet = IPAddress.IsLoopback(ipAddress);
onIntranet = onIntranet ||
ipAddress.Equals(ipAddress.And(intranetMask1)); onIntranet = onIntranet ||
onIntranet = onIntranet || (intranetMask2.Equals(ipAddress.And(intranetMask2))
The following are the definitions of the maks I used.
private static IPAddress empty = IPAddress.Parse("0.0.0.0");
private static IPAddress intranetMask1 = IPAddress.Parse("10.255.255.255");
private static IPAddress intranetMask2 = IPAddress.Parse("172.16.0.0");
private static IPAddress intranetMask3 = IPAddress.Parse("172.31.255.255");
private static IPAddress intranetMask4 = IPAddress.Parse("192.168.255.255");
Using the Code
To use the code, simply pretend you are calling a method on the
IPAddress class. For example:
IPAddress address = IPAddress.Parse("10.20.10.5");
bool onTheIntranet = address.IsOnIntranet());
I've included some nunit tests in the code files as a check to make sure the calculations are correct. It took a little while to work out what I needed to AND together to come up with the correct result, so if I messed up be sure to let me know so I can fix up the code.
- 23rd September, 2010: Initial post