public Audit(AuditCode code, AuditSeverity severity, string itemId, string message)
{
this.Code = code;
this.Severity = severity;
this.ItemId = itemId;
this.Message = message;
}
/// <summary>
/// Audits the generic error.
/// </summary>
/// <param name="outcomeIndicator">The outcome indicator.</param>
/// <param name="eventTypeCode">The event type code.</param>
/// <param name="eventIdentifierType">Type of the event identifier.</param>
/// <param name="exception">The exception.</param>
public override void AuditGenericError(OutcomeIndicator outcomeIndicator, AuditCode eventTypeCode, EventIdentifierType eventIdentifierType, Exception exception)
{
var audit = this.CreateBaseAudit(ActionType.Execute, eventTypeCode, eventIdentifierType, outcomeIndicator);
audit.AuditableObjects.Add(new AuditableObject
{
IDTypeCode = AuditableObjectIdType.Uri,
ObjectId = this.Context.Request.Url.ToString(),
Role = AuditableObjectRole.Resource,
Type = AuditableObjectType.SystemObject
});
if (exception != null)
{
var auditableObject = new AuditableObject
{
IDTypeCode = AuditableObjectIdType.Custom,
ObjectId = exception.GetHashCode().ToString(),
Role = AuditableObjectRole.Resource,
Type = AuditableObjectType.Other
};
auditableObject.ObjectData.Add(new ObjectDataExtension(exception.GetType().Name, ObjectToByteArray(new Error(exception))));
audit.AuditableObjects.Add(auditableObject);
}
AuditService.SendAudit(audit);
}
/// <summary>
/// Creates the base audit.
/// </summary>
/// <param name="actionType">Type of the action.</param>
/// <param name="eventTypeCode">The event type code.</param>
/// <param name="eventIdentifierType">Type of the event identifier.</param>
/// <param name="outcomeIndicator">The outcome indicator.</param>
/// <returns>Returns the created base audit data.</returns>
protected virtual AuditData CreateBaseAudit(ActionType actionType, AuditCode eventTypeCode, EventIdentifierType eventIdentifierType, OutcomeIndicator outcomeIndicator)
{
var audit = CreateBaseAudit(actionType, eventTypeCode, eventIdentifierType);
audit.Outcome = outcomeIndicator;
return(audit);
}
/// <summary>
/// Map or create a simple code
/// </summary>
private static AuditTerm MapOrCreateCode(AuditCode code)
{
if (code == null)
{
return(null);
}
return(MapOrCreateCode(new CodeValue <String>(code.Code, code.CodeSystem, code.DisplayName)));
}
public void Audit(AuditCode auditCode, string description)
{
this.Audits.Add(new Audit()
{
EntityId = auditCode.GetHashCode(),
AffectedId = this.Id,
NewValue = description
});
}
/// <summary>
/// Audit the export of data
/// </summary>
public static void AuditDataExport()
{
AuditCode eventTypeId = CreateAuditActionCode(EventTypeCodes.Export);
AuditData audit = new AuditData(DateTime.Now, ActionType.Execute, OutcomeIndicator.Success, EventIdentifierType.SecurityAlert, eventTypeId);
AddDeviceActor(audit);
AddUserActor(audit);
SendAudit(audit);
}
/// <summary>
/// Creates the base audit.
/// </summary>
/// <param name="actionType">Type of the action.</param>
/// <param name="eventTypeCode">The event type code.</param>
/// <param name="eventIdentifierType">Type of the event identifier.</param>
/// <returns>Returns the created base audit data.</returns>
protected virtual AuditData CreateBaseAudit(ActionType actionType, AuditCode eventTypeCode, EventIdentifierType eventIdentifierType)
{
return(new AuditData
{
ActionCode = actionType,
CorrelationToken = Guid.NewGuid(),
EventTypeCode = eventTypeCode,
EventIdentifier = eventIdentifierType,
Timestamp = DateTime.Now
});
}
/// <summary>
/// Get or create audit code
/// </summary>
private DbAuditCode GetOrCreateAuditCode(DataContext context, AuditCode messageCode)
{
if (messageCode == null)
{
return(null);
}
// Try to get from database
lock (this.m_lockBox)
{
var retVal = context.FirstOrDefault <DbAuditCode>(o => o.Code == messageCode.Code && o.CodeSystem == messageCode.CodeSystem);
if (retVal == null)
{
Guid codeId = Guid.NewGuid();
retVal = context.Insert(new DbAuditCode()
{
Code = messageCode.Code, CodeSystem = messageCode.CodeSystem, Key = codeId
});
}
return(retVal);
}
}
/// <summary>
/// Get or create audit code
/// </summary>
private DbAuditCode GetOrCreateAuditCode(LockableSQLiteConnection context, AuditCode messageCode)
{
if (messageCode == null)
{
return(null);
}
var existing = context.Table <DbAuditCode>().Where(o => o.Code == messageCode.Code && o.CodeSystem == messageCode.CodeSystem).FirstOrDefault();
if (existing == null)
{
byte[] codeId = Guid.NewGuid().ToByteArray();
var retVal = new DbAuditCode()
{
Code = messageCode.Code, CodeSystem = messageCode.CodeSystem, Id = codeId
};
context.Insert(retVal);
return(retVal);
}
else
{
return(existing);
}
}
/// <summary>
/// Autility utility which can be used to send a data audit
/// </summary>
public static void AuditDataAction <TData>(EventTypeCodes typeCode, ActionType action, AuditableObjectLifecycle lifecycle, EventIdentifierType eventType, OutcomeIndicator outcome, String queryPerformed, params TData[] data) where TData : IdentifiedData
{
traceSource.TraceVerbose("Create AuditDataAction audit");
AuditCode eventTypeId = CreateAuditActionCode(typeCode);
AuditData audit = new AuditData(DateTime.Now, action, outcome, eventType, eventTypeId);
AddDeviceActor(audit);
AddUserActor(audit);
AddSenderDeviceActor(audit);
// Objects
//audit.AuditableObjects = data.Select(o =>
//{
// var idTypeCode = AuditableObjectIdType.Custom;
// var roleCode = AuditableObjectRole.Resource;
// var objType = AuditableObjectType.Other;
// if (o is Patient)
// {
// idTypeCode = AuditableObjectIdType.PatientNumber;
// roleCode = AuditableObjectRole.Patient;
// objType = AuditableObjectType.Person;
// }
// else if (o is UserEntity || o is Provider)
// {
// idTypeCode = AuditableObjectIdType.UserIdentifier;
// objType = AuditableObjectType.Person;
// roleCode = AuditableObjectRole.Provider;
// }
// else if (o is Entity)
// idTypeCode = AuditableObjectIdType.EnrolleeNumber;
// else if (o is Act)
// {
// idTypeCode = AuditableObjectIdType.EncounterNumber;
// roleCode = AuditableObjectRole.Report;
// }
// else if (o is SecurityUser)
// {
// idTypeCode = AuditableObjectIdType.UserIdentifier;
// roleCode = AuditableObjectRole.SecurityUser;
// objType = AuditableObjectType.SystemObject;
// }
// return new AuditableObject()
// {
// IDTypeCode = idTypeCode,
// CustomIdTypeCode = idTypeCode == AuditableObjectIdType.Custom ? new AuditCode(o.GetType().Name, "OpenIZTable") : null,
// LifecycleType = lifecycle,
// ObjectId = o.Key?.ToString(),
// Role = roleCode,
// Type = objType
// };
//}).ToList();
// Query performed
if (!String.IsNullOrEmpty(queryPerformed))
{
audit.AuditableObjects.Add(new AuditableObject()
{
IDTypeCode = AuditableObjectIdType.SearchCritereon,
LifecycleType = AuditableObjectLifecycle.Access,
QueryData = queryPerformed,
Role = AuditableObjectRole.Query,
Type = AuditableObjectType.SystemObject
});
}
SendAudit(audit);
}
/// <summary>
/// A utility which can be used to send a data audit
/// </summary>
public static void AuditDataAction <TData>(EventTypeCodes typeCode, ActionType action, AuditableObjectLifecycle lifecycle, EventIdentifierType eventType, OutcomeIndicator outcome, String queryPerformed, params TData[] data) where TData : IdentifiedData
{
AuditCode eventTypeId = CreateAuditActionCode(typeCode);
AuditData audit = new AuditData(DateTime.Now, action, outcome, eventType, eventTypeId);
AddDeviceActor(audit);
AddUserActor(audit);
// Objects
audit.AuditableObjects = data.Select(o => {
var idTypeCode = AuditableObjectIdType.Custom;
var roleCode = AuditableObjectRole.Resource;
var objType = AuditableObjectType.Other;
if (o is Patient)
{
idTypeCode = AuditableObjectIdType.PatientNumber;
roleCode = AuditableObjectRole.Patient;
objType = AuditableObjectType.Person;
}
else if (o is UserEntity || o is Provider)
{
idTypeCode = AuditableObjectIdType.UserIdentifier;
objType = AuditableObjectType.Person;
roleCode = AuditableObjectRole.Provider;
}
else if (o is Entity)
{
idTypeCode = AuditableObjectIdType.EnrolleeNumber;
}
else if (o is Act)
{
idTypeCode = AuditableObjectIdType.EncounterNumber;
roleCode = AuditableObjectRole.Report;
}
else if (o is SecurityUser)
{
idTypeCode = AuditableObjectIdType.UserIdentifier;
roleCode = AuditableObjectRole.SecurityUser;
objType = AuditableObjectType.SystemObject;
}
return(new AuditableObject()
{
IDTypeCode = idTypeCode,
CustomIdTypeCode = idTypeCode == AuditableObjectIdType.Custom ? new AuditCode(o.GetType().Name, "OpenIZTable") : null,
LifecycleType = lifecycle,
ObjectId = o.Key?.ToString(),
Role = roleCode,
Type = objType
});
}).ToList();
// Query performed
if (!String.IsNullOrEmpty(queryPerformed))
{
audit.AuditableObjects.Add(new AuditableObject()
{
IDTypeCode = AuditableObjectIdType.SearchCritereon,
LifecycleType = AuditableObjectLifecycle.Access,
ObjectId = typeof(TData).Name,
QueryData = queryPerformed,
Role = AuditableObjectRole.Query,
Type = AuditableObjectType.SystemObject
});
}
AddAncillaryObject(audit);
SendAudit(audit);
}
/// <summary> /// Audits the generic error. /// </summary> /// <param name="outcomeIndicator">The outcome indicator.</param> /// <param name="eventTypeCode">The event type code.</param> /// <param name="eventIdentifierType">Type of the event identifier.</param> /// <param name="exception">The exception.</param> public abstract void AuditGenericError(OutcomeIndicator outcomeIndicator, AuditCode eventTypeCode, EventIdentifierType eventIdentifierType, Exception exception);
/// <summary>
/// Creates the base audit.
/// </summary>
/// <param name="actionType">Type of the action.</param>
/// <param name="eventTypeCode">The event type code.</param>
/// <param name="eventIdentifierType">Type of the event identifier.</param>
/// <param name="outcomeIndicator">The outcome indicator.</param>
/// <returns>Returns the created base audit data.</returns>
protected override AuditData CreateBaseAudit(ActionType actionType, AuditCode eventTypeCode, EventIdentifierType eventIdentifierType, OutcomeIndicator outcomeIndicator)
{
var audit = base.CreateBaseAudit(actionType, eventTypeCode, eventIdentifierType, outcomeIndicator);
var remoteIp = GetLocalIPAddress();
try
{
// attempt to get the remote IP address
remoteIp = this.Context.Request.ServerVariables["REMOTE_ADDR"];
}
catch (Exception e)
{
Trace.TraceError($"Unable to retrieve remote IP address for auditing purposes: {e}");
}
var userIdentifier = string.Empty;
try
{
userIdentifier = this.Context.Request.Url.Host;
}
catch (Exception e)
{
Trace.TraceError($"Unable to retrieve request host URL for auditing purposes: {e}");
}
// add the receiver
audit.Actors.Add(new AuditActorData
{
UserName = Environment.UserName,
UserIdentifier = userIdentifier,
NetworkAccessPointId = Dns.GetHostName(),
NetworkAccessPointType = NetworkAccessPointType.MachineName,
AlternativeUserId = Process.GetCurrentProcess().Id.ToString(),
ActorRoleCode = new List <AuditCode>
{
new AuditCode("110152", "DCM")
}
});
// add the sender
audit.Actors.Add(new AuditActorData
{
UserIdentifier = remoteIp,
NetworkAccessPointId = remoteIp,
NetworkAccessPointType = NetworkAccessPointType.IPAddress,
ActorRoleCode = new List <AuditCode>
{
new AuditCode("110153", "DCM")
},
UserIsRequestor = true
});
// add the user if this is an authenticated request
if (this.Context.User?.Identity?.IsAuthenticated == true)
{
audit.Actors.Add(new AuditActorData
{
UserIdentifier = this.Context.User.Identity.Name,
UserIsRequestor = true,
NetworkAccessPointId = remoteIp,
NetworkAccessPointType = NetworkAccessPointType.IPAddress,
ActorRoleCode = new List <AuditCode>
{
new AuditCode("6", "AuditableObjectRole")
}
});
}
else
{
// add the anonymous actor if the request isn't authenticated
audit.Actors.Add(new AuditActorData
{
UserIdentifier = "Anonymous",
UserIsRequestor = true,
NetworkAccessPointId = remoteIp,
NetworkAccessPointType = NetworkAccessPointType.IPAddress,
ActorRoleCode = new List <AuditCode>
{
new AuditCode("6", "AuditableObjectRole")
}
});
}
try
{
if (outcomeIndicator != OutcomeIndicator.Success)
{
// add the object detail
using (var memoryStream = new MemoryStream())
{
var detail = new ObjectDataExtension
{
Key = "HTTPMessage"
};
using (var streamWriter = new StreamWriter(memoryStream, Encoding.UTF8))
{
streamWriter.WriteLine("<?xml version=\"1.0\"?><Request><![CDATA[");
streamWriter.WriteLine("{0} {1} HTTP/1.1", this.Context.Request.HttpMethod, this.Context.Request.Url);
for (var i = 0; i < this.Context.Request.Headers.Keys.Count; i++)
{
streamWriter.WriteLine("{0} : {1}", this.Context.Request.Headers.Keys[i], this.Context.Request.Headers[i]);
}
// Only output if request is not sensitive
if (!this.IsRequestSensitive)
{
using (var sr = new StreamReader(this.Context.Request.InputStream))
{
streamWriter.WriteLine("\r\n{0}", sr.ReadToEnd());
}
}
else
{
streamWriter.WriteLine("*********** SENSITIVE REQUEST REDACTED ***********");
}
streamWriter.WriteLine("]]></Request>");
streamWriter.Flush();
detail.Value = memoryStream.GetBuffer().Take((int)memoryStream.Length).ToArray();
}
var auditableObject = new AuditableObject
{
IDTypeCode = AuditableObjectIdType.Uri,
ObjectId = this.Context.Request.Url.ToString(),
Role = AuditableObjectRole.Query,
Type = AuditableObjectType.SystemObject
};
auditableObject.ObjectData.Add(detail);
audit.AuditableObjects.Add(auditableObject);
}
}
}
catch (Exception e)
{
Trace.TraceError($"Unable to add object detail to audit message: {e}");
}
return(audit);
}
/// <summary>
/// Creates the security resource delete audit.
/// </summary>
/// <param name="securityEntity">The security entity.</param>
/// <param name="eventTypeCode">The event type code.</param>
/// <param name="outcomeIndicator">The outcome indicator.</param>
/// <returns>Returns the created audit.</returns>
protected virtual AuditData CreateSecurityResourceDeleteAudit(T securityEntity, AuditCode eventTypeCode, OutcomeIndicator outcomeIndicator)
{
var audit = this.CreateBaseAudit(ActionType.Delete, eventTypeCode, EventIdentifierType.ApplicationActivity, outcomeIndicator);
if (typeof(T) == typeof(SecurityUser))
{
audit.AuditableObjects.Add(this.CreateBaseAuditableObject(AuditableObjectIdType.UserIdentifier, AuditableObjectLifecycle.LogicalDeletion, securityEntity.Key.ToString(), AuditableObjectRole.SecurityUser, AuditableObjectType.Person));
}
else if (typeof(T) == typeof(SecurityRole))
{
audit.AuditableObjects.Add(this.CreateBaseAuditableObject(AuditableObjectIdType.UserIdentifier, AuditableObjectLifecycle.LogicalDeletion, securityEntity.Key.ToString(), AuditableObjectRole.SecurityGroup, AuditableObjectType.Other));
}
else
{
audit.AuditableObjects.Add(this.CreateBaseAuditableObject(AuditableObjectIdType.UserIdentifier, AuditableObjectLifecycle.LogicalDeletion, securityEntity.Key.ToString(), AuditableObjectRole.SecurityResource, AuditableObjectType.Other));
}
return(audit);
}
/// <summary>
/// Creates the security resource query audit.
/// </summary>
/// <param name="eventTypeCode">The event type code.</param>
/// <param name="outcomeIndicator">The outcome indicator.</param>
/// <returns>Returns the created audit.</returns>
protected virtual AuditData CreateSecurityResourceQueryAudit(AuditCode eventTypeCode, OutcomeIndicator outcomeIndicator)
{
return(this.CreateBaseAudit(ActionType.Read, eventTypeCode, EventIdentifierType.ApplicationActivity, outcomeIndicator));
}
