Esempio n. 1
0
        private void DisableWeakTLSForIncoming()
        {
            // Regarding ensuring that TLS1.2 or higher is used for incoming traffic,
            // when hosted in Standard Azure... without more infrastructure around it...
            // then the answer is ... you can't.
            // https://feedback.azure.com/forums/169385-web-apps/suggestions/11533680-disable-tls-1-0-in-azure-website-to-pass-pci-compl
            // And requires you to move up to a premium layout:
            // https://blogs.msdn.microsoft.com/benjaminperkins/2017/04/11/how-to-disable-tls-1-0-on-an-azure-app-service-web-app/
            // Or install and configure an Application Gateway:
            // https://www.leowkahman.com/2017/07/04/how-to-disable-tls-1-0-on-an-azure-app-service/
            // Other relevent threads are:
            // https://forums.asp.net/t/2069611.aspx?I+need+to+disable+TLS+1+0+via+code+Is+it+possible+
            // As per Microsoft's response:
            // "we can't disable TLS 1.0 in azure web app at currently,
            // please submit a feedback in azure feedback
            // forum: http://feedback.azure.com/forums/34192--general-feedback,
            // if disable TLS 1.0 is your requirement, please try to use
            // azure cloud service web role to host your application."


            _configurationStepService
            .Register(
                ConfigurationStepType.Security,
                ConfigurationStepStatus.Orange,
                "TLS",
                "Limiting to > TLS 1.0 for incoming is dependent on host environment. Azure's mininum is 1.1. Default for new App Services is 1.2.");
        }
Esempio n. 2
0
        void RegisterActionFilters(HttpFilterCollection filters)
        {
            using (var elapsedTime = new ElapsedTime())
            {
                // A difference between MVC and WebAPI Filters is that you cannot specify order
                // But inspecting the framework's code it *appears* to be run in the order they
                // are added.

                filters.Add(
                    new SessionOperationWebApiActionFilterAttribute(
                        this._principalService,
                        _sessionManagmentService,
                        this._sessionOperationLogService,
                        this._diagnosticsTracingService
                        ));
                _configurationStepService
                .Register(
                    ConfigurationStepType.Security,
                    ConfigurationStepStatus.White,
                    "SessionOperation (WebAPI)",
                    "WebAPI Filter installed to record all operations (includig View).");


                // Apply a custom Filter to intercept WebAPI requests and return errors (no redirection).
                filters.Add(new RequireHttpsWebApiFilterAttribute());
                _configurationStepService
                .Register(
                    ConfigurationStepType.Security,
                    ConfigurationStepStatus.White,
                    "HTTPS Required (WebAPI)",
                    "WebAPI Filter installed to redirect HTTP requests to HTTPS.");


                filters.Add(new WebApiAppAuthorizeAttribute());

                _configurationStepService.Register(
                    ConfigurationStepType.Security,
                    ConfigurationStepStatus.White,
                    "WebAPI Filter: Authorization",
                    "WebAPI Filter installed to ensure Authorization is enforced by default.");



                // LAST!!!!
                filters.Add(new
                            DbContextCommitWebApiActionFilterAttribute(
                                this._diagnosticsTracingService,
                                this._sessionOperationLogService,
                                this._contextService));
                _configurationStepService
                .Register(
                    ConfigurationStepType.General,
                    ConfigurationStepStatus.White,
                    "DbContext Commit at end of commands.",
                    $"WebApi Filter installed to automatically commit all pending changes. Took {elapsedTime.ElapsedText}");
            }
        }
Esempio n. 3
0
        /// <summary>
        /// Configures the specified application builder.
        /// <para>
        /// Invoked from <see cref="StartupExtended.Configure"/>
        /// </para>
        /// </summary>
        /// <param name="appBuilder">The application builder.</param>
        public void Configure(IAppBuilder appBuilder)
        {
            using (var elapsedTime = new ElapsedTime())
            {
                var scopes = ScanForAllModulesRequiredScopeDefinitions();

                var authorisationConfiguration = this._keyVaultService.GetObject <AuthorisationConfiguration>();
                var demoType = authorisationConfiguration.AuthorisationType;

                switch (demoType)
                {
                case AuthorisationType.AadUsingOidcAndCookies:
                    AppDependencyLocator.Current.GetInstance <AadV2ForOidcCookiesConfiguration>()
                    .Configure(appBuilder);
                    break;

                case AuthorisationType.B2CUsingOidcAndCookies:
                    AppDependencyLocator.Current.GetInstance <B2CAuthCookieBasedAuthenticationConfig>()
                    .Configure(appBuilder, scopes);
                    break;

                case AuthorisationType.B2CUsingOidcAndBearerTokens:
                    AppDependencyLocator.Current.GetInstance <AuthBearerTokenAuthenticationConfiguration>()
                    .Configure(appBuilder);
                    break;

                case AuthorisationType.B2CUsingOidcAndCookiesAndBearerTokens:
                    AppDependencyLocator.Current.GetInstance <AuthBearerTokenAuthenticationConfiguration>()
                    .Configure(appBuilder);
                    AppDependencyLocator.Current.GetInstance <B2CAuthCookieBasedAuthenticationConfig>()
                    .Configure(appBuilder, scopes);
                    break;
                }
                // 11.0836463 secs
                var color = ConfigurationStepStatus.Green;
                if (elapsedTime.Elapsed.TotalMilliseconds > 5000)
                {
                    color = ConfigurationStepStatus.Orange;
                }
                if (elapsedTime.Elapsed.TotalMilliseconds > 10000)
                {
                    color = ConfigurationStepStatus.Red;
                }

                _configurationStepService
                .Register(
                    ConfigurationStepType.Performance,
                    color,
                    "Telemetry",
                    $"OIDC configuration. Took {elapsedTime.ElapsedText}.");
            }
        }
Esempio n. 4
0
        /// <summary>
        /// Configures the specified application builder.
        /// <para>
        /// Invoked from <see cref="StartupExtended.Configure"/>
        /// </para>
        /// </summary>
        /// <param name="appBuilder">The application builder.</param>
        public void Configure(IAppBuilder appBuilder)
        {
            using (var elapsedTime = new ElapsedTime())
            {
                // SETUP STEP: Remove the X-AspNetMvc-Version Header disclosing too much:
                MvcHandler.DisableMvcResponseHeader = true;

                _configurationStepService
                .Register(
                    ConfigurationStepType.Security,
                    ConfigurationStepStatus.White,
                    "Verbose Headers",
                    $"X-AspNetMvc-Version removed. Took {elapsedTime.ElapsedText}");
            }
        }
Esempio n. 5
0
        /// <summary>
        /// <para>
        /// Invoked from <see cref="StartupConfigure.Configure"/>
        /// </para>
        /// <para>
        /// Must be invoked before ServiceLocatorConfig is invoked.
        /// </para>
        /// </summary>
        /// <param name="appBuilder"></param>
        public void Configure(IAppBuilder appBuilder)
        {
            using (var elapsedTime = new ElapsedTime())
            {
                // This will be a first integration call...
                var analyticsConfiguration = this._keyVaultService
                                             .GetObject <ApplicationInsightsConfigurationSettings>();

                //Seriously WTF?
                TelemetryConfiguration.Active.DisableTelemetry = !analyticsConfiguration.Enabled;

                if (!TelemetryConfiguration.Active.DisableTelemetry)
                {
                    if (string.IsNullOrWhiteSpace(analyticsConfiguration.Key))
                    {
                        throw new ConfigurationErrorsException(
                                  $"Missing app setting '{App.Core.Shared.Constants.ConfigurationKeys.AppCoreIntegrationAzureApplicationInsightsInstrumentationKey}' used for Application Insights.");
                    }
                    TelemetryConfiguration.Active.InstrumentationKey = analyticsConfiguration.Key;
                    Trace.Listeners.Add(new ApplicationInsightsTraceListener(analyticsConfiguration.Key));
                }


                var color = ConfigurationStepStatus.White;
                if (elapsedTime.Elapsed.TotalMilliseconds > 5000)
                {
                    color = ConfigurationStepStatus.Orange;
                }
                if (elapsedTime.Elapsed.TotalMilliseconds > 10000)
                {
                    color = ConfigurationStepStatus.Red;
                }

                _configurationStepService
                .Register(
                    ConfigurationStepType.General,
                    color,
                    "Telemetry",
                    $"Telemetry configured. Took {elapsedTime.ElapsedText}.");
            }
        }