/// <summary>Clears the history.</summary> /// <returns>A view confirming the clearing on the users history.</returns> public ActionResult ClearHistory() { try { int id = Convert.ToInt32(Encryption.UnprotectString(this.Request.Cookies[Convert.ToString(WebConfigurationManager.AppSettings["ApplicationName"]) + ".User"]["Id"], new string[] { "Cookie" }, true)); var picolContext = new PicolEntities(); var utilityContext = new UtilityEntities(); var user = (from u in picolContext.Users where u.Id == id select u).Single(); var histories = from h in utilityContext.ApplicationHistories where h.UserName == user.Email select h; utilityContext.ApplicationHistories.RemoveRange(histories); utilityContext.SaveChanges(); this.ViewBag.SelectedLink = "Account.ClearHistory"; return(this.View(histories)); } catch (Exception e) { // Signal the error to be logged by elmah ErrorSignal.FromCurrentContext().Raise(e); return(this.Redirect("~/Message/Error/LoadFailed")); } }
/// <summary>Controller to run when invoked to track history</summary> /// <param name="filterContext">An ActionExecutingContext passed by the invoked controllers</param> public override void OnActionExecuting(ActionExecutingContext filterContext) { try { // We retrieve the user info cookie if it exists HttpCookie userCookie = filterContext.HttpContext.Request.Cookies[Convert.ToString(WebConfigurationManager.AppSettings["ApplicationName"]) + ".User"]; // We build our database context var accountContext = new UtilityEntities(); // We create a new history object and start hoovering in data ApplicationHistory record = new ApplicationHistory(); record.Application = "Picol"; // We use Convert.ToString() on anything in a object so in the event that the object is null we get an empty string instead of an exception record.Path = Convert.ToString(HttpContext.Current.Request.Url.AbsoluteUri); // Set the IP address to the x forwarded IP, then test if it is empty record.IpAddress = HttpContext.Current.Request.ServerVariables["HTTP_X_FORWARDED_FOR"]; // If X forwarded is empty, check remote address and host address if (string.IsNullOrEmpty(record.IpAddress)) { record.IpAddress = HttpContext.Current.Request.ServerVariables["REMOTE_ADDR"]; if (string.IsNullOrEmpty(record.IpAddress)) { record.IpAddress = Convert.ToString(HttpContext.Current.Request.UserHostAddress); } } else { // Using X-Forwarded-For last address record.IpAddress = record.IpAddress.Split(',').Last().Trim(); } // For each key in a form we convert it into a comma delimmited string foreach (var f in HttpContext.Current.Request.Form.AllKeys) { // Add the name of the key to the string record.Form += f + ":"; // If contains sensitive data redact, otherwise record if (f.ToLower().Contains("password") || f.ToLower().Contains("ssn") || f.ToLower().Contains("birthdate") || f.ToLower().Contains("sms") || f.ToLower().Contains("externalemail") || f.ToLower().Contains("response") || f.ToLower().Contains("answer")) { record.Form += "********" + ","; } else { // Add non-password data record.Form += HttpContext.Current.Request.Form[f] + ","; } } // Foreach querystring variable we convert it into a comma delimmited string foreach (var q in HttpContext.Current.Request.QueryString.AllKeys) { if (q == null) { continue; } // If contains sensitive data redact, otherwise record if (q.ToLower().Contains("password") || q.ToLower().Contains("ssn") || q.ToLower().Contains("birthdate") || q.ToLower().Contains("sms") || q.ToLower().Contains("externalemail") || q.ToLower().Contains("response") || q.ToLower().Contains("answer")) { record.QueryString += "********" + ","; } else { record.QueryString += HttpContext.Current.Request.QueryString[q] + ","; } } // If the user info cookie exists we assign the username if (userCookie != null) { record.UserName = Encryption.UnprotectString(userCookie["Email"], new string[] { "Cookie" }, true); } // Create out history entry record.Created = DateTime.Now; accountContext.ApplicationHistories.Add(record); accountContext.SaveChanges(); return; } catch (Exception e) { // Signal the error to be logged by elmah ErrorSignal.FromCurrentContext().Raise(e); // Don't redirect on failure because we don't want to disrupt use of the site return; } }