/// <summary> /// Creates an audit writer and logs the exception. /// </summary> /// <param name="filterContext">The current filter context to get the user and the action.</param> /// <param name="exception"> The exception. </param> protected void AuditFailure(ActionExecutingContext filterContext, Exception exception) { var audit = this.Audit ?? (this.Audit = this.CreateAudit()); if (audit == null) { return; } filterContext.ArgumentMustNotBeNull("filterContext"); audit.AuthenticationCheckFailed(new AuditInfo <string>(filterContext.RequestContext, exception.Message)); }
/// <summary> /// Called by the ASP.NET MVC framework before the action method executes. /// </summary> /// <param name="filterContext">The filter context.</param> protected override void InternalAuthenticationCheck(ActionExecutingContext filterContext) { this.Configuration.EnsureCorrectConfiguration(); filterContext.ArgumentMustNotBeNull("filterContext"); // to validate, we need the value of the key - have a look if we can find it. var parameters = filterContext.HttpContext.Request.Form; var containskey = parameters.Keys.OfType <string>().Contains("yubiKey"); if (!containskey) { throw new YubikeyNotPresentException(); } var otp = parameters["yubiKey"]; IYubicoResponse response; try { response = this.Client.Verify(otp); } catch (Exception ex) { throw new YubikeyInvalidResponseException(YubicoResponseStatus.BackendError, ex); } if (response == null) { throw new YubikeyNullResponseException(); } var user = filterContext.HttpContext.User; var users = this.Configuration.Users; if (users == null) { throw new InvalidOperationException("The Users property of the configuration is NULL."); } // the response must be OK // the name of the current http context identity must match, OR SkipIdentityNameCheck must be enabled if (response.Status == YubicoResponseStatus.Ok && (this.SkipIdentityNameCheck ? users.Any(x => x.ExternalId == response.PublicId) : users.Where(x => x.ExternalId == response.PublicId).Select(x => x.Name).FirstOrDefault() == user.Identity.Name)) { return; } throw new YubikeyInvalidResponseException(response.Status); }
/// <summary> /// Called by the ASP.NET MVC framework before the action method executes. /// Where we collect come information about the client request and update the statistics. We also will prevent further request processing by throwing exceptions /// if the statists do tell us that this client is an attacker. /// </summary> /// <param name="filterContext">The filter context.</param> public override void OnActionExecuting(ActionExecutingContext filterContext) { filterContext.ArgumentMustNotBeNull("filterContext"); var context = filterContext.HttpContext; if (context != null) { var instance = this.Instance; var checkStatisticGate = instance.CheckStatisticGate; // for performance reason only read this once var checkRequestGate = instance.CheckRequestGate; // for performance reason only read this once var httpRequestBase = context.Request; var gateClosed = this.ContextProcessors.Any(processor => { var clientId = processor.IdExtractor.Extract(context); return((checkStatisticGate && !instance.StatisticsGate(clientId, processor.Statistics)) || (checkRequestGate && !instance.RequestGate(clientId, httpRequestBase))); }); if (gateClosed) { if (string.IsNullOrEmpty(this.FaultAction)) { filterContext.Result = new ContentResult { Content = "client has been blocked...", }; // see 409 - http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html var response = filterContext.HttpContext.Response; response.StatusCode = (int)HttpStatusCode.Conflict; response.TrySkipIisCustomErrors = true; return; } var controller = (System.Web.Mvc.Controller)filterContext.Controller; var action = controller.Url.Action(this.FaultAction, new { FaultSource = this.GetType().Name }); filterContext.Result = new RedirectResult(action); } } base.OnActionExecuting(filterContext); }