Deploying to the cloud is risky and public. If you’ve got sites you want to hide or restrict until they’re ready, the easiest way to do that is restricting IP addresses that can connect to the sites.
We’ve implemented a custom attribute which decorates our Actions that we need to limit. The attribute checks the IP of the request against a list maintained in Azure / Web config. The beauty in this is the ability to restrict per Action (instead of a blanket restriction).
Check out Randy Burden’s blog for a howto:
We can extended the attribute to take a key, which could be used to specify which configuration value to use for the restrictions.
If you want to restrict connectivity to your entire service, check out these links: