IP Security in IIS Express

If you're building an Azure website and you want to add IP security, there are quite a few blog posts about how to make that happen. I'm just going to summarize them here for you.

1. In your web.config, add a new element under configuration/system.webServer. The new element is security and underneath is ipSecurity. You can read up on all the various settings, but it could look something like this.
   <security>
   <ipSecurity allowUnlisted="false">
   <add allowed="true" ipAddress="127.0.0.1" /> <!-- For local debugging -->
       <add allowed="true" ipAddress="x.x.x.x" /> <!-- Fill in the IPs or ranges that you want to allow -->
   </ipSecurity>
   </security>
2. This should work fine if you deploy your Azure website, but if you want to run locally in IIS Express, you'll need to do a few more things. First, open an admin command prompt and run: "%programfiles%\IIS Express\appcmd.exe" unlock config /section:system.webserver/security/ipSecurity
3. Modify your csproj and make sure that it has this:  <UseGlobalApplicationHostFile>true</UseGlobalApplicationHostFile>. By default that element is empty.

Now you should be able to build and run locally in IIS Express.