public override bool Evaluate(RulesEvaluationContext baseContext) { ClientAccessRulesEvaluationContext clientAccessRulesEvaluationContext = (ClientAccessRulesEvaluationContext)baseContext; ClientAccessProtocol protocol = clientAccessRulesEvaluationContext.Protocol; return(this.ProtocolList.Contains(protocol)); }
internal static bool ShouldBlockConnection(OrganizationId organizationId, string username, ClientAccessProtocol protocol, IPEndPoint remoteEndpoint, ClientAccessAuthenticationMethod authenticationType, IReadOnlyPropertyBag propertyBag, Action <ClientAccessRulesEvaluationContext> blockLoggerDelegate, Action <double> latencyLoggerDelegate) { DateTime utcNow = DateTime.UtcNow; bool shouldBlock = false; long ticks = utcNow.Ticks; if (organizationId == null) { ExTraceGlobals.ClientAccessRulesTracer.TraceDebug(ticks, "[Client Access Rules] ShouldBlockConnection assuming OrganizationId.ForestWideOrgId for null OrganizationId"); organizationId = OrganizationId.ForestWideOrgId; } if (remoteEndpoint != null) { ExTraceGlobals.ClientAccessRulesTracer.TraceDebug(ticks, "[Client Access Rules] ShouldBlockConnection - Initializing context to run rules"); ClientAccessRuleCollection collection = ClientAccessRulesCache.Instance.GetCollection(organizationId); ClientAccessRulesEvaluationContext context = new ClientAccessRulesEvaluationContext(collection, username, remoteEndpoint, protocol, authenticationType, propertyBag, ObjectSchema.GetInstance <ClientAccessRulesRecipientFilterSchema>(), delegate(ClientAccessRulesEvaluationContext evaluationContext) { shouldBlock = true; blockLoggerDelegate(evaluationContext); }, null, ticks); collection.Run(context); } ClientAccessRulesPerformanceCounters.TotalClientAccessRulesEvaluationCalls.Increment(); if (shouldBlock) { ClientAccessRulesPerformanceCounters.TotalConnectionsBlockedByClientAccessRules.Increment(); } double totalMilliseconds = (DateTime.UtcNow - utcNow).TotalMilliseconds; latencyLoggerDelegate(totalMilliseconds); if (totalMilliseconds > 50.0) { ClientAccessRulesPerformanceCounters.TotalClientAccessRulesEvaluationCallsOver50ms.Increment(); } if (totalMilliseconds > 10.0) { ClientAccessRulesPerformanceCounters.TotalClientAccessRulesEvaluationCallsOver10ms.Increment(); } ExTraceGlobals.ClientAccessRulesTracer.TraceDebug(ticks, string.Format("[Client Access Rules] ShouldBlockConnection - Evaluate - Org: {0} - Protocol: {1} - Username: {2} - IP: {3} - Port: {4} - Auth Type: {5} - Blocked: {6} - Latency: {7}", new object[] { organizationId.ToString(), protocol.ToString(), username.ToString(), remoteEndpoint.Address.ToString(), remoteEndpoint.Port.ToString(), authenticationType.ToString(), shouldBlock.ToString(), totalMilliseconds.ToString() })); return(shouldBlock); }
internal static bool ShouldBlockConnection(OrganizationId organizationId, string username, ClientAccessProtocol protocol, IPEndPoint remoteEndpoint, ClientAccessAuthenticationMethod authenticationType, Action <ClientAccessRulesEvaluationContext> blockLoggerDelegate, Action <double> latencyLoggerDelegate) { return(ClientAccessRulesUtils.ShouldBlockConnection(organizationId, username, protocol, remoteEndpoint, authenticationType, null, blockLoggerDelegate, latencyLoggerDelegate)); }
public ClientAccessRulesEvaluationContext(RuleCollection rules, string username, IPEndPoint remoteEndpoint, ClientAccessProtocol protocol, ClientAccessAuthenticationMethod authenticationType, IReadOnlyPropertyBag userPropertyBag, ObjectSchema userSchema, Action <ClientAccessRulesEvaluationContext> denyAccessDelegate, Action <Rule, ClientAccessRulesAction> whatIfActionDelegate, long traceId) : base(rules) { this.AuthenticationType = authenticationType; this.UserName = username; this.RemoteEndpoint = remoteEndpoint; this.Protocol = protocol; this.User = userPropertyBag; this.UserSchema = userSchema; this.DenyAccessDelegate = denyAccessDelegate; this.WhatIfActionDelegate = whatIfActionDelegate; this.WhatIf = (whatIfActionDelegate != null); base.Tracer = new ClientAccessRulesTracer(traceId); }