Esempio n. 1
0
        /// <summary>
        /// Generates a "User Authentication" login event in the audit log, according to DICOM Supplement 95,
        /// and a "Security Alert" event if the operation failed.
        /// </summary>
        /// <param name="username">The username or asserted username of the account that was logged in.</param>
        /// <param name="authenticationServer">The authentication server against which the operation was performed.</param>
        /// <param name="eventResult">The result of the operation.</param>
        public static void LogLogin(string username, EventSource authenticationServer, EventResult eventResult)
        {
            if (!AuditingEnabled)
            {
                return;
            }

            try
            {
                var currentProcess = EventSource.GetUserEventSource(LocalHostname);                 // record that the current process is the one that identified the authentication event
                var auditHelper    = new UserAuthenticationAuditHelper(currentProcess, eventResult, UserAuthenticationEventType.Login);
                auditHelper.AddUserParticipant(new AuditPersonActiveParticipant(username, string.Empty, username));
                if (authenticationServer != null)
                {
                    auditHelper.AddNode(authenticationServer);
                }

                Log(auditHelper);

                if (eventResult != EventResult.Success)
                {
                    var alertAuditHelper = new SecurityAlertAuditHelper(currentProcess, eventResult, SecurityAlertEventTypeCodeEnum.NodeAuthentication);
                    alertAuditHelper.AddReportingUser(currentProcess);
                    alertAuditHelper.AddActiveParticipant(new AuditPersonActiveParticipant(username, string.Empty, username));
                    Log(alertAuditHelper);
                }
            }
            catch (Exception ex)
            {
                Platform.Log(LogLevel.Warn, ex, _messageAuditFailed);
            }
        }
Esempio n. 2
0
        protected void LoginClicked(object sender, EventArgs e)
        {
            if (SessionManager.Current != null)
            {
                // already logged in. Maybe from different page
                HttpContext.Current.Response.Redirect(FormsAuthentication.GetRedirectUrl(SessionManager.Current.Credentials.UserName, false), true);
            } 

            try
            {
                SessionManager.InitializeSession(UserName.Text, Password.Text);

				UserAuthenticationAuditHelper audit = new UserAuthenticationAuditHelper(ServerPlatform.AuditSource,
					EventIdentificationContentsEventOutcomeIndicator.Success, UserAuthenticationEventType.Login);
				audit.AddUserParticipant(new AuditPersonActiveParticipant(UserName.Text, null, SessionManager.Current.Credentials.DisplayName));
				ServerPlatform.LogAuditMessage(audit);
			}
            catch (PasswordExpiredException)
            {
                Platform.Log(LogLevel.Info, "Password for {0} has expired. Requesting new password.",UserName.Text);
                PasswordExpiredDialog.Show(UserName.Text, Password.Text);

				UserAuthenticationAuditHelper audit = new UserAuthenticationAuditHelper(ServerPlatform.AuditSource,
					EventIdentificationContentsEventOutcomeIndicator.Success, UserAuthenticationEventType.Login);
				audit.AddUserParticipant(new AuditPersonActiveParticipant(UserName.Text, null, null));
				ServerPlatform.LogAuditMessage(audit);
			}
            catch (UserAccessDeniedException ex)
            {
                Platform.Log(LogLevel.Error, ex, ex.Message);
                ShowError(ErrorMessages.UserAccessDenied);
                UserName.Focus();

                UserAuthenticationAuditHelper audit = new UserAuthenticationAuditHelper(ServerPlatform.AuditSource,
                    EventIdentificationContentsEventOutcomeIndicator.SeriousFailureActionTerminated, UserAuthenticationEventType.Login);
                audit.AddUserParticipant(new AuditPersonActiveParticipant(UserName.Text, null, null));
                ServerPlatform.LogAuditMessage(audit);
            }
            catch (CommunicationException ex)
            {
                Platform.Log(LogLevel.Error, ex, "Unable to contact A/A server");
                ShowError(ErrorMessages.CannotContactEnterpriseServer);

				UserAuthenticationAuditHelper audit = new UserAuthenticationAuditHelper(ServerPlatform.AuditSource,
					EventIdentificationContentsEventOutcomeIndicator.MajorFailureActionMadeUnavailable, UserAuthenticationEventType.Login);
				audit.AddUserParticipant(new AuditPersonActiveParticipant(UserName.Text, null, null));
				ServerPlatform.LogAuditMessage(audit);
			}
            catch (Exception ex)
            {
                Platform.Log(LogLevel.Error, ex, "Login error:");
                ShowError(ex.Message);

				UserAuthenticationAuditHelper audit = new UserAuthenticationAuditHelper(ServerPlatform.AuditSource,
					EventIdentificationContentsEventOutcomeIndicator.MajorFailureActionMadeUnavailable, UserAuthenticationEventType.Login);
				audit.AddUserParticipant(new AuditPersonActiveParticipant(UserName.Text, null, null));
				ServerPlatform.LogAuditMessage(audit);
			}
        }
Esempio n. 3
0
        /// <summary>
        /// Generates a "User Authentication" logout event in the audit log, according to DICOM Supplement 95.
        /// </summary>
        /// <param name="username">The username or asserted username of the account that was logged out.</param>
        /// <param name="authenticationServer">The authentication server against which the operation was performed.</param>
        /// <param name="eventResult">The result of the operation.</param>
        /// <param name="sessionId">The ID of the session that is being logged out.</param>
        public static void LogLogout(string username, string sessionId, EventSource authenticationServer, EventResult eventResult)
        {
            if (!AuditingEnabled)
                return;

            try
            {
                var currentProcess = EventSource.GetUserEventSource(LocalHostname); // record that the current process is the one that identified the authentication event
                var auditHelper = new UserAuthenticationAuditHelper(currentProcess, eventResult, UserAuthenticationEventType.Logout);
                auditHelper.AddUserParticipant(new AuditPersonActiveParticipant(username, string.Empty, username));
                if (authenticationServer != null)
                    auditHelper.AddNode(authenticationServer);

                Log(auditHelper, username, sessionId);
            }
            catch (Exception ex)
            {
                Platform.Log(LogLevel.Warn, ex, _messageAuditFailed);
            }
        }
Esempio n. 4
0
        public static void SignOut(SessionInfo session)
        {

            FormsAuthentication.SignOut();
            
            if (session != null)
            {
                try
                {
                    ForceOtherPagesToLogout(session);

                    using (LoginService service = new LoginService())
                    {
                        service.Logout(session.Credentials.SessionToken.Id);
                    }
                }
                catch (NotSupportedException)
                {
                    //ignore this.
                }
                catch (Exception e)
                {
                    Platform.Log(LogLevel.Warn, e, "Failed to log user out.");
                }

                UserAuthenticationAuditHelper audit = new UserAuthenticationAuditHelper(
                    ServerPlatform.AuditSource,
                    EventIdentificationContentsEventOutcomeIndicator.Success,
                    UserAuthenticationEventType.Logout);
                audit.AddUserParticipant(new AuditPersonActiveParticipant(
                                             session.Credentials.UserName,
                                             null,
                                             session.Credentials.DisplayName));
                ServerPlatform.LogAuditMessage(audit);
            }
            

        
        }
Esempio n. 5
0
		public static void AuditLogout(string userName, string displayName, string sessionId)
		{
			var audit = new UserAuthenticationAuditHelper(_auditSource,
					EventIdentificationContentsEventOutcomeIndicator.Success, UserAuthenticationEventType.Logout);
			audit.AddUserParticipant(new AuditPersonActiveParticipant(userName, null, displayName));
			LogAuditMessage(audit, userName, sessionId);
		}
Esempio n. 6
0
		public static void AuditFailure(string userId)
		{
			var audit = new UserAuthenticationAuditHelper(_auditSource,
					EventIdentificationContentsEventOutcomeIndicator.SeriousFailureActionTerminated, UserAuthenticationEventType.Login);
			audit.AddUserParticipant(new AuditPersonActiveParticipant(userId, null, null));
			LogAuditMessage(audit, userId);
		}