/// <summary>
/// Occurs after the action method is invoked.
/// </summary>
public async Task AfterExecutedAsync(HttpActionExecutedContext actionExecutedContext, IContextWrapper contextWrapper, bool includeModelState, bool includeResponseBody)
{
var auditAction = contextWrapper.Get <AuditApiAction>(AuditApiActionKey);
var auditScope = contextWrapper.Get <AuditScope>(AuditApiScopeKey);
if (auditAction != null && auditScope != null)
{
auditAction.Exception = actionExecutedContext.Exception.GetExceptionInfo();
auditAction.ModelStateErrors = includeModelState ? AuditApiHelper.GetModelStateErrors(actionExecutedContext.ActionContext.ModelState) : null;
auditAction.ModelStateValid = includeModelState ? actionExecutedContext.ActionContext.ModelState?.IsValid : null;
if (actionExecutedContext.Response != null)
{
auditAction.ResponseStatus = actionExecutedContext.Response.ReasonPhrase;
auditAction.ResponseStatusCode = (int)actionExecutedContext.Response.StatusCode;
if (includeResponseBody)
{
var objContent = actionExecutedContext.Response.Content as ObjectContent;
auditAction.ResponseBody = new BodyContent
{
Type = objContent != null ? objContent.ObjectType.Name : actionExecutedContext.Response.Content?.Headers?.ContentType.ToString(),
Length = actionExecutedContext.Response.Content?.Headers.ContentLength,
Value = objContent != null ? objContent.Value : actionExecutedContext.Response.Content?.ReadAsStringAsync().Result
};
}
}
else
{
auditAction.ResponseStatusCode = 500;
auditAction.ResponseStatus = "Internal Server Error";
}
// Replace the Action field and save
(auditScope.Event as AuditEventWebApi).Action = auditAction;
await auditScope.SaveAsync();
}
}
private async Task AfterInvoke(HttpContext context, bool includeResponseBody, Exception exception)
{
var auditAction = context.Items[AuditApiHelper.AuditApiActionKey] as AuditApiAction;
var auditScope = context.Items[AuditApiHelper.AuditApiScopeKey] as AuditScope;
if (auditAction != null && auditScope != null)
{
if (exception != null)
{
auditAction.Exception = exception.GetExceptionInfo();
auditAction.ResponseStatusCode = 500;
auditAction.ResponseStatus = "Internal Server Error";
}
else if (context.Response != null)
{
var statusCode = context.Response.StatusCode;
auditAction.ResponseStatusCode = statusCode;
auditAction.ResponseStatus = AuditApiHelper.GetStatusCodeString(statusCode);
if (includeResponseBody && auditAction.ResponseBody == null)
{
auditAction.ResponseBody = new BodyContent
{
Type = context.Response.ContentType,
Length = context.Response.ContentLength,
Value = AuditApiHelper.GetResponseBody(context)
};
}
}
// Replace the Action field and save
(auditScope.Event as AuditEventWebApi).Action = auditAction;
await auditScope.SaveAsync();
}
}
private IDictionary <string, object> GetActionParameters(IDictionary <string, object> actionArguments)
{
if (SerializeActionParameters)
{
return(AuditApiHelper.SerializeParameters(actionArguments));
}
return(actionArguments);
}
/// <summary>
/// Occurs after the action method is invoked.
/// </summary>
/// <param name="context">The action executed context.</param>
private async Task AfterExecutedAsync(ActionExecutedContext context)
{
var httpContext = context.HttpContext;
var auditAction = httpContext.Items[AuditApiActionKey] as AuditApiAction;
var auditScope = httpContext.Items[AuditApiScopeKey] as AuditScope;
if (auditAction != null && auditScope != null)
{
auditAction.Exception = context.Exception.GetExceptionInfo();
auditAction.ModelStateErrors = IncludeModelState ? AuditApiHelper.GetModelStateErrors(context.ModelState) : null;
auditAction.ModelStateValid = IncludeModelState ? context.ModelState?.IsValid : null;
if (context.HttpContext.Response != null && context.Result != null)
{
var statusCode = context.Result is ObjectResult && (context.Result as ObjectResult).StatusCode.HasValue ? (context.Result as ObjectResult).StatusCode.Value
: context.Result is StatusCodeResult ? (context.Result as StatusCodeResult).StatusCode : context.HttpContext.Response.StatusCode;
auditAction.ResponseStatusCode = statusCode;
auditAction.ResponseStatus = GetStatusCodeString(auditAction.ResponseStatusCode);
if (IncludeResponseBody)
{
var bodyType = context.Result?.GetType().GetFullTypeName();
auditAction.ResponseBody = new BodyContent()
{
Type = bodyType
};
switch (context.Result?.GetType().Name)
{
case nameof(ObjectResult):
auditAction.ResponseBody.Value = (context.Result as ObjectResult).Value;
break;
case nameof(StatusCodeResult):
auditAction.ResponseBody.Value = string.Format("StatusCode ({0})", (context.Result as StatusCodeResult).StatusCode);
break;
case nameof(RedirectResult):
auditAction.ResponseBody.Value = string.Format("Redirect to {0}", (context.Result as RedirectResult).Url);
break;
default:
// TODO: Handle other result types
auditAction.ResponseBody.Value = string.Format("Result type: {0}", context.Result.GetType().GetFullTypeName());
break;
}
}
}
else
{
auditAction.ResponseStatusCode = 500;
auditAction.ResponseStatus = "Internal Server Error";
}
// Replace the Action field and save
(auditScope.Event as AuditEventWebApi).Action = auditAction;
await auditScope.SaveAsync();
}
}
/// <summary>
/// Occurs after the action method is invoked.
/// </summary>
/// <param name="context">The action executed context.</param>
private async Task AfterExecutedAsync(ActionExecutedContext context)
{
var httpContext = context.HttpContext;
var auditAction = httpContext.Items[AuditApiActionKey] as AuditApiAction;
var auditScope = httpContext.Items[AuditApiScopeKey] as AuditScope;
if (auditAction != null && auditScope != null)
{
auditAction.Exception = context.Exception.GetExceptionInfo();
auditAction.ModelStateErrors = IncludeModelState ? AuditApiHelper.GetModelStateErrors(context.ModelState) : null;
auditAction.ModelStateValid = IncludeModelState ? context.ModelState?.IsValid : null;
if (context.HttpContext.Response != null && context.Result != null)
{
var statusCode = context.Result is ObjectResult && (context.Result as ObjectResult).StatusCode.HasValue ? (context.Result as ObjectResult).StatusCode.Value
: context.Result is StatusCodeResult ? (context.Result as StatusCodeResult).StatusCode : context.HttpContext.Response.StatusCode;
auditAction.ResponseStatusCode = statusCode;
auditAction.ResponseStatus = GetStatusCodeString(auditAction.ResponseStatusCode);
if (IncludeResponseBody)
{
var bodyType = context.Result?.GetType().GetFullTypeName();
if (bodyType != null)
{
auditAction.ResponseBody = new BodyContent {
Type = bodyType
};
if (context.Result is ObjectResult or)
{
auditAction.ResponseBody.Value = or.Value;
}
else if (context.Result is StatusCodeResult sr)
{
auditAction.ResponseBody.Value = string.Format("StatusCode ({0})", sr.StatusCode);
}
else if (context.Result is RedirectResult rr)
{
auditAction.ResponseBody.Value = string.Format("Redirect to {0}", rr.Url);
}
else
{
auditAction.ResponseBody.Value = context.Result.ToString();
}
}
}
}
else
{
auditAction.ResponseStatusCode = 500;
auditAction.ResponseStatus = "Internal Server Error";
}
// Replace the Action field and save
(auditScope.Event as AuditEventWebApi).Action = auditAction;
await auditScope.SaveAsync();
}
}
private IDictionary <string, object> GetActionParameters(ControllerActionDescriptor actionDescriptor, IDictionary <string, object> actionArguments, bool serializeParams)
{
var args = actionArguments.ToDictionary(k => k.Key, v => v.Value);
foreach (var param in actionDescriptor.Parameters)
{
if ((param as ControllerParameterDescriptor)?.ParameterInfo.GetCustomAttribute <AuditIgnoreAttribute>(true) != null)
{
args.Remove(param.Name);
}
}
if (serializeParams)
{
return(AuditApiHelper.SerializeParameters(args));
}
return(args);
}
/// <summary>
/// Occurs after the action method is invoked.
/// </summary>
internal async Task AfterExecutedAsync(ActionExecutedContext context, bool includeModelState, bool includeResponseBody, bool includeResponseHeaders)
{
var httpContext = context.HttpContext;
var auditAction = httpContext.Items[AuditApiHelper.AuditApiActionKey] as AuditApiAction;
var auditScope = httpContext.Items[AuditApiHelper.AuditApiScopeKey] as AuditScope;
if (auditAction != null && auditScope != null)
{
auditAction.Exception = context.Exception.GetExceptionInfo();
auditAction.ModelStateErrors = includeModelState ? AuditApiHelper.GetModelStateErrors(context.ModelState) : null;
auditAction.ModelStateValid = includeModelState ? context.ModelState?.IsValid : null;
if (context.HttpContext.Response != null && context.Result != null)
{
var statusCode = context.Result is ObjectResult && (context.Result as ObjectResult).StatusCode.HasValue ? (context.Result as ObjectResult).StatusCode.Value
: context.Result is StatusCodeResult ? (context.Result as StatusCodeResult).StatusCode : context.HttpContext.Response.StatusCode;
auditAction.ResponseStatusCode = statusCode;
auditAction.ResponseStatus = AuditApiHelper.GetStatusCodeString(auditAction.ResponseStatusCode);
if (includeResponseBody)
{
var bodyType = context.Result.GetType().GetFullTypeName();
auditAction.ResponseBody = new BodyContent {
Type = bodyType, Value = GetResponseBody(context.ActionDescriptor, context.Result)
};
}
if (includeResponseHeaders)
{
auditAction.ResponseHeaders = AuditApiHelper.ToDictionary(httpContext.Response.Headers);
}
}
else
{
auditAction.ResponseStatusCode = 500;
auditAction.ResponseStatus = "Internal Server Error";
}
// Replace the Action field
(auditScope.Event as AuditEventWebApi).Action = auditAction;
// Save, if action was not created by middleware
if (!auditAction.IsMiddleware)
{
await auditScope.DisposeAsync();
}
}
}
private async Task <AuditApiAction> CreateOrUpdateAction(ActionExecutingContext actionContext,
bool includeHeaders, bool includeRequestBody, bool serializeParams, string eventTypeName)
{
var httpContext = actionContext.HttpContext;
var actionDescriptor = actionContext.ActionDescriptor as ControllerActionDescriptor;
AuditApiAction action = null;
if (httpContext.Items.ContainsKey(AuditApiHelper.AuditApiActionKey))
{
action = httpContext.Items[AuditApiHelper.AuditApiActionKey] as AuditApiAction;
}
if (action == null)
{
action = new AuditApiAction
{
UserName = httpContext.User?.Identity.Name,
IpAddress = httpContext.Connection?.RemoteIpAddress?.ToString(),
HttpMethod = httpContext.Request.Method,
FormVariables = AuditApiHelper.GetFormVariables(httpContext),
TraceId = httpContext.TraceIdentifier,
ActionExecutingContext = actionContext
};
}
action.RequestUrl = httpContext.Request.GetDisplayUrl();
action.ActionName = actionDescriptor != null ? actionDescriptor.ActionName : actionContext.ActionDescriptor.DisplayName;
action.ControllerName = actionDescriptor?.ControllerName;
action.ActionParameters = GetActionParameters(actionDescriptor, actionContext.ActionArguments, serializeParams);
if (includeHeaders)
{
action.Headers = AuditApiHelper.ToDictionary(httpContext.Request.Headers);
}
if (includeRequestBody && action.RequestBody == null)
{
action.RequestBody = new BodyContent
{
Type = httpContext.Request.ContentType,
Length = httpContext.Request.ContentLength,
Value = await AuditApiHelper.GetRequestBody(httpContext)
};
}
return(action);
}
private IDictionary <string, object> GetActionParameters(ReflectedHttpActionDescriptor actionDescriptor, IDictionary <string, object> actionArguments, bool serializeParams)
{
var args = actionArguments.ToDictionary(k => k.Key, v => v.Value);
if (actionDescriptor.ActionBinding?.ParameterBindings != null)
{
foreach (var param in actionDescriptor.ActionBinding.ParameterBindings)
{
var paramDescriptor = param.Descriptor as ReflectedHttpParameterDescriptor;
if (paramDescriptor?.ParameterInfo.GetCustomAttribute <AuditIgnoreAttribute>(true) != null)
{
args.Remove(paramDescriptor.ParameterName);
}
}
}
if (serializeParams)
{
return(AuditApiHelper.SerializeParameters(args));
}
return(args);
}
private IDictionary <string, object> GetActionParameters(HttpActionDescriptor actionDescriptor, IDictionary <string, object> actionArguments, bool serializeParams)
{
var args = actionArguments.ToDictionary(k => k.Key, v => v.Value);
var parameters = actionDescriptor.GetParameters();
if (parameters != null)
{
foreach (var param in parameters)
{
if (param.GetCustomAttributes <AuditIgnoreAttribute>().Any())
{
args.Remove(param.ParameterName);
}
}
}
if (serializeParams)
{
return(AuditApiHelper.SerializeParameters(args));
}
return(args);
}
private async Task AfterInvoke(HttpContext context, bool includeResponseBody, bool includeResponseHeaders, Exception exception)
{
#pragma warning disable IDE0019 // Use pattern matching
var auditAction = context.Items[AuditApiHelper.AuditApiActionKey] as AuditApiAction;
var auditScope = context.Items[AuditApiHelper.AuditApiScopeKey] as AuditScope;
#pragma warning restore IDE0019 // Use pattern matching
if (auditAction != null && auditScope != null)
{
if (exception != null)
{
auditAction.Exception = exception.GetExceptionInfo();
auditAction.ResponseStatusCode = 500;
auditAction.ResponseStatus = "Internal Server Error";
}
else if (context.Response != null)
{
var statusCode = context.Response.StatusCode;
auditAction.ResponseStatusCode = statusCode;
auditAction.ResponseStatus = AuditApiHelper.GetStatusCodeString(statusCode);
if (includeResponseBody && auditAction.ResponseBody == null)
{
auditAction.ResponseBody = new BodyContent
{
Type = context.Response.ContentType,
Length = context.Response.ContentLength,
Value = await AuditApiHelper.GetResponseBody(context)
};
}
}
if (includeResponseHeaders)
{
auditAction.ResponseHeaders = AuditApiHelper.ToDictionary(context.Response.Headers);
}
// Replace the Action field and save
(auditScope.Event as AuditEventWebApi).Action = auditAction;
await auditScope.DisposeAsync();
}
}
/// <summary>
/// Occurs after the action method is invoked.
/// </summary>
public async Task AfterExecutedAsync(ActionExecutedContext context, bool includeModelState, bool includeResponseBody)
{
var httpContext = context.HttpContext;
var auditAction = httpContext.Items[AuditApiActionKey] as AuditApiAction;
var auditScope = httpContext.Items[AuditApiScopeKey] as AuditScope;
if (auditAction != null && auditScope != null)
{
auditAction.Exception = context.Exception.GetExceptionInfo();
auditAction.ModelStateErrors = includeModelState ? AuditApiHelper.GetModelStateErrors(context.ModelState) : null;
auditAction.ModelStateValid = includeModelState ? context.ModelState?.IsValid : null;
if (context.HttpContext.Response != null && context.Result != null)
{
var statusCode = context.Result is ObjectResult && (context.Result as ObjectResult).StatusCode.HasValue ? (context.Result as ObjectResult).StatusCode.Value
: context.Result is StatusCodeResult ? (context.Result as StatusCodeResult).StatusCode : context.HttpContext.Response.StatusCode;
auditAction.ResponseStatusCode = statusCode;
auditAction.ResponseStatus = GetStatusCodeString(auditAction.ResponseStatusCode);
if (includeResponseBody)
{
var bodyType = context.Result?.GetType().GetFullTypeName();
if (bodyType != null)
{
auditAction.ResponseBody = new BodyContent {
Type = bodyType, Value = GetResponseBody(context.Result)
};
}
}
}
else
{
auditAction.ResponseStatusCode = 500;
auditAction.ResponseStatus = "Internal Server Error";
}
// Replace the Action field and save
(auditScope.Event as AuditEventWebApi).Action = auditAction;
await auditScope.SaveAsync();
}
}
private async Task BeforeInvoke(HttpContext context, bool includeHeaders, bool includeRequestBody, string eventTypeName)
{
var auditAction = new AuditApiAction
{
IsMiddleware = true,
UserName = context.User?.Identity.Name,
IpAddress = context.Connection?.RemoteIpAddress?.ToString(),
RequestUrl = context.Request.GetDisplayUrl(),
HttpMethod = context.Request.Method,
FormVariables = AuditApiHelper.GetFormVariables(context),
Headers = includeHeaders ? AuditApiHelper.ToDictionary(context.Request.Headers) : null,
ActionName = null,
ControllerName = null,
ActionParameters = null,
RequestBody = new BodyContent
{
Type = context.Request.ContentType,
Length = context.Request.ContentLength,
Value = includeRequestBody ? AuditApiHelper.GetRequestBody(context) : null
},
TraceId = context.TraceIdentifier
};
var eventType = (eventTypeName ?? "{verb} {url}").Replace("{verb}", auditAction.HttpMethod)
.Replace("{url}", auditAction.RequestUrl);
// Create the audit scope
var auditEventAction = new AuditEventWebApi()
{
Action = auditAction
};
var auditScope = await AuditScope.CreateAsync(new AuditScopeOptions()
{
EventType = eventType, AuditEvent = auditEventAction
});
context.Items[AuditApiHelper.AuditApiActionKey] = auditAction;
context.Items[AuditApiHelper.AuditApiScopeKey] = auditScope;
}
/// <summary>
/// Occurs after the action method is invoked.
/// </summary>
public async Task AfterExecutedAsync(HttpActionExecutedContext actionExecutedContext, IContextWrapper contextWrapper, bool includeModelState, bool includeResponseBody, bool includeResponseHeaders)
{
var auditAction = contextWrapper.Get <AuditApiAction>(AuditApiHelper.AuditApiActionKey);
var auditScope = contextWrapper.Get <AuditScope>(AuditApiHelper.AuditApiScopeKey);
if (auditAction != null && auditScope != null)
{
auditAction.Exception = actionExecutedContext.Exception.GetExceptionInfo();
auditAction.ModelStateErrors = includeModelState ? AuditApiHelper.GetModelStateErrors(actionExecutedContext.ActionContext.ModelState) : null;
auditAction.ModelStateValid = includeModelState ? actionExecutedContext.ActionContext.ModelState?.IsValid : null;
if (actionExecutedContext.Response != null)
{
auditAction.ResponseStatus = actionExecutedContext.Response.ReasonPhrase;
auditAction.ResponseStatusCode = (int)actionExecutedContext.Response.StatusCode;
if (includeResponseBody)
{
bool ignoreValue = IsResponseExplicitlyIgnored(actionExecutedContext);
if (actionExecutedContext.Response.Content is ObjectContent objContent)
{
auditAction.ResponseBody = new BodyContent
{
Type = objContent.ObjectType.Name,
Length = objContent.Headers?.ContentLength,
Value = ignoreValue ? null : objContent.Value
};
}
else if (actionExecutedContext.Response.Content != null)
{
var httpContent = actionExecutedContext.Response.Content;
auditAction.ResponseBody = new BodyContent
{
Value = ignoreValue ? null : httpContent.ReadAsStringAsync().Result
};
if (httpContent.Headers != null)
{
auditAction.ResponseBody.Type = httpContent.Headers.ContentType.ToString();
auditAction.ResponseBody.Length = httpContent.Headers.ContentLength;
}
}
else
{
auditAction.ResponseBody = new BodyContent();
}
}
if (includeResponseHeaders)
{
auditAction.ResponseHeaders = ToDictionary(actionExecutedContext.Response.Headers);
}
}
else
{
auditAction.ResponseStatusCode = 500;
auditAction.ResponseStatus = "Internal Server Error";
}
// Replace the Action field and save
(auditScope.Event as AuditEventWebApi).Action = auditAction;
await auditScope.DisposeAsync();
}
}
