I've got an app that I'm going to lock down access to at the webserver
level in IIS but I haven't really worked with interceptors and
security in Coldbox yet, so I wanted to also see about doing a double
check at the application level. I was wondering what the best way
would be to enforce certain criteria (in this case remote ip address)
to access events. I'm presuming it would be some sort of pre-handler
interceptor but I was hoping there was a best practices guide out
there with solid examples.
You're on the right track, go for an interceptor.
If you want user/password security, take a look at security interceptor.
If you want both then extend the security interceptor with ip-address rejection.
I'll actually be doing it only based on ip for now, it is basically a
backend to a system written in .net and we are doing data exchange
over json, so I just want to make sure that all of the calls to my
system are only being called by the people that ought to be calling
I'll take a look at the security interceptor though, thanks.
If you all calls come from the same domain, you should do a domain check.only.
So skip the security interceptor.