Minor tweaks to "IP Safelist". (#13283)

dotnet · Jul 15, 2019 · 620498c · 620498c
1 parent 45cc0d5
commit 620498c
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 6 deletions.
diff --git a/aspnetcore/security/ip-safelist.md b/aspnetcore/security/ip-safelist.md
@@ -17,7 +17,7 @@ This article shows three ways to implement an IP safelist (also known as a white
 * Action filters to check the remote IP address of requests for specific controllers or action methods.
 * Razor Pages filters to check the remote IP address of requests for Razor pages.
 
-The sample app illustrates both approaches. In each case, a string containing approved client IP addresses is stored in an app setting. The middleware or filter parses the string into a list and  checks if the remote IP is in the list. If not, an HTTP 403 Forbidden status code is returned.
+In each case, a string containing approved client IP addresses is stored in an app setting. The middleware or filter parses the string into a list and checks if the remote IP is in the list. If not, an HTTP 403 Forbidden status code is returned.
 
 [View or download sample code](https://github.com/aspnet/AspNetCore.Docs/tree/master/aspnetcore/security/ip-safelist/samples/2.x/ClientIpAspNetCore) ([how to download](xref:index#how-to-download-a-sample))
 
@@ -31,7 +31,7 @@ The list is configured in the *appsettings.json* file. It's a semicolon-delimite
 
 The `Configure` method adds the middleware and passes the safelist string to it in a constructor parameter.
 
-[!code-csharp[](ip-safelist/samples/2.x/ClientIpAspNetCore/Startup.cs?name=snippet_Configure&highlight=7)]
+[!code-csharp[](ip-safelist/samples/2.x/ClientIpAspNetCore/Startup.cs?name=snippet_Configure&highlight=10)]
 
 The middleware parses the string into an array and looks for the remote IP address in the array. If the remote IP address is not found, the middleware returns HTTP 401 Forbidden. This validation process is bypassed for HTTP Get requests.
 

diff --git a/aspnetcore/security/ip-safelist/samples/2.x/ClientIpAspNetCore/AdminSafeListMiddleware.cs b/aspnetcore/security/ip-safelist/samples/2.x/ClientIpAspNetCore/AdminSafeListMiddleware.cs
@@ -49,13 +49,12 @@ public async Task Invoke(HttpContext context)
                 {
                     _logger.LogInformation(
                         $"Forbidden Request from Remote IP address: {remoteIp}");
-                    context.Response.StatusCode = (int)HttpStatusCode.Forbidden;
+                    context.Response.StatusCode = 401;
                     return;
                 }
             }
 
             await _next.Invoke(context);
-
         }
     }
     #endregion

diff --git a/aspnetcore/security/ip-safelist/samples/2.x/ClientIpAspNetCore/Startup.cs b/aspnetcore/security/ip-safelist/samples/2.x/ClientIpAspNetCore/Startup.cs
@@ -55,8 +55,7 @@ public void Configure(
 
             app.UseStaticFiles();
 
-            app.UseMiddleware<AdminSafeListMiddleware>(
-                Configuration["AdminSafeList"]);
+            app.UseMiddleware<AdminSafeListMiddleware>(Configuration["AdminSafeList"]);
             app.UseMvc();
         }
         #endregion