You can restrict IP address to accessing your site by adding the code in your site's web.config file and put that file into the particular directory which you want to protect from access. The web.config file is in XML format so you have to add a <security> tag to allow or deny any IP address. Please follow the below steps to block IP address via web.config file for your asp.net app.
A sample code to block specific IP address and Allow all IP:
<security>
<ipSecurity allowUnlisted="true"> <!-- line allows everyone, except below IP-->
<clear/>
<add ipAddress="127.0.0.1" allowed="true"/>
<add ipAddress="xxx.xxx.xxx.xxx"/> <!-- blocks the specific IP -->
<add ipAddress="xxx.xxx.xxx.0" subnetMask="255.255.255.0"/> <!--blocks network xxx.xxx.xxx.0 to xxx.xxx.xxx.255-->
</ipSecurity>
</security>
Sample Code to deny all and allow specific IP address:
<security>
<ipSecurity allowUnlisted="false"> <!-- line blocks everyone, except below IP -->
<clear/>
<add ipAddress="127.0.0.1" allowed="true"/>
<add ipAddress="xxx.xxx.xxx.xxx" allowed="true"/> <!-- allow the specific IP of xxx.xxx.xxx.xxx -->
<add ipAddress="xxx.xxx.xxx.0" subnetMask="255.255.255.0" allowed="true"/> <!--allow network xxx.xxx.xxx.0 to xxx.xxx.xxx.255-->
</ipSecurity>
</security>
Note: You can add the above code to your already created web.config file after <system.webServer> tag or you can also create a new web.config file in the particular direction which you want to protect.
To create a new web.config file in the text editor you have to add the below code. As this file is an XML file then you have to start with XML tag. Your new web.config file looks like this.
<?xml version="1.0"?>
<configuration>
<system.web>
.. text ..
</system.web>
<system.webServer>
<security>
<ipSecurity allowUnlisted="true"> <!-- line blocks everyone, except below IP -->
<clear/>
<add ipAddress="xxx.xxx.xxx.xxx"/> <!-- blocks particular IP -->
<add ipAddress="xxx.xxx.xxx.0" subnetMask="255.255.255.0"/> <!--block network xxx.xxx.xxx.0 to xxx.xxx.xxx.255-->
</ipSecurity>
</security>
<modules runAllManagedModulesForAllRequests="true"/>
</system.webServer>
</configuration>