/// <summary>
/// Construct audit data
/// </summary>
/// <returns></returns>
private AuditData ConstructAuditData(ActionType action, EventIdentifierType identifier)
{
AuditData audit = new AuditData(DateTime.Now, action, OutcomeIndicator.Success, identifier, null);
audit.Actors.Add(new AuditActorData()
{
NetworkAccessPointId = OperationContext.Current.IncomingMessageHeaders.To.ToString(),
NetworkAccessPointType = NetworkAccessPointType.IPAddress,
UserName = Environment.UserName,
UserIdentifier = Environment.UserName,
UserIsRequestor = false,
ActorRoleCode = new List <CodeValue>()
{
new CodeValue("110152", "DCM")
{
DisplayName = "Destination"
}
},
});
audit.Actors.Add(new AuditActorData()
{
NetworkAccessPointId = (OperationContext.Current.IncomingMessageProperties[RemoteEndpointMessageProperty.Name] as RemoteEndpointMessageProperty).Address,
NetworkAccessPointType = NetworkAccessPointType.IPAddress,
UserIsRequestor = true,
UserIdentifier = (OperationContext.Current.IncomingMessageProperties[RemoteEndpointMessageProperty.Name] as RemoteEndpointMessageProperty).Address,
ActorRoleCode = new List <CodeValue>()
{
new CodeValue("110153", "DCM")
{
DisplayName = "Source"
}
},
});
return(audit);
}
/// <summary>
/// Initializes a new instance of the <see cref="EventInfo"/> class.
/// </summary>
/// <param name="eventType">Type of the Loop Event.</param>
/// <param name="identifierType">Loop Event Identifier type.</param>
/// <param name="identifer">The Loop Event Identifer.</param>
/// <param name="timestamp">When the event occurred.</param>
public EventInfo(string eventType, EventIdentifierType identifierType, string identifer, DateTime?timestamp = null)
{
if (identifer == null)
{
throw new ArgumentNullException(nameof(identifer));
}
EventData["event"] = eventType ?? throw new ArgumentNullException(nameof(eventType));
switch (identifierType)
{
case EventIdentifierType.IBeacon:
EventData["identifier"] = $"iBeac#{identifer}";
break;
case EventIdentifierType.EddystoneUID:
EventData["identifier"] = $"eddyUID#{identifer}";
break;
case EventIdentifierType.BlueCatsID:
EventData["identifier"] = $"bcId#{identifer}";
break;
case EventIdentifierType.BluetoothAddress:
EventData["identifier"] = $"btAddr#{identifer}";
break;
default:
throw new ArgumentOutOfRangeException(nameof(identifierType), identifierType, null);
}
EventData["ts"] = (timestamp?.ToUniversalTime() ?? DateTime.UtcNow).ToString(Constants.TIMESTAMP_FORMAT);
}
/// <summary>
/// Initializes a new instance of the <see cref="AuditData"/> class.
/// </summary>
/// <param name="timeStamp">The time stamp.</param>
/// <param name="actionCode">The action code.</param>
/// <param name="outcome">The outcome.</param>
/// <param name="eventIdentifier">The event identifier.</param>
/// <param name="eventTypeCode">The event type code.</param>
public AuditData(DateTimeOffset timeStamp, ActionType actionCode, OutcomeIndicator outcome,
EventIdentifierType eventIdentifier, AuditCode eventTypeCode)
: this()
{
this.Timestamp = timeStamp;
this.ActionCode = actionCode;
this.Outcome = outcome;
this.EventIdentifier = eventIdentifier;
this.EventTypeCode = eventTypeCode;
this.Actors = new List <AuditActorData>();
this.AuditableObjects = new List <AuditableObject>();
}
/// <summary>
/// Autility utility which can be used to send a data audit
/// </summary>
public static void AuditDataAction <TData>(EventTypeCodes typeCode, ActionType action, AuditableObjectLifecycle lifecycle, EventIdentifierType eventType, OutcomeIndicator outcome, String queryPerformed, params TData[] data) where TData : IdentifiedData
{
traceSource.TraceVerbose("Create AuditDataAction audit");
AuditCode eventTypeId = CreateAuditActionCode(typeCode);
AuditData audit = new AuditData(DateTime.Now, action, outcome, eventType, eventTypeId);
AddDeviceActor(audit);
AddUserActor(audit);
AddSenderDeviceActor(audit);
// Objects
//audit.AuditableObjects = data.Select(o =>
//{
// var idTypeCode = AuditableObjectIdType.Custom;
// var roleCode = AuditableObjectRole.Resource;
// var objType = AuditableObjectType.Other;
// if (o is Patient)
// {
// idTypeCode = AuditableObjectIdType.PatientNumber;
// roleCode = AuditableObjectRole.Patient;
// objType = AuditableObjectType.Person;
// }
// else if (o is UserEntity || o is Provider)
// {
// idTypeCode = AuditableObjectIdType.UserIdentifier;
// objType = AuditableObjectType.Person;
// roleCode = AuditableObjectRole.Provider;
// }
// else if (o is Entity)
// idTypeCode = AuditableObjectIdType.EnrolleeNumber;
// else if (o is Act)
// {
// idTypeCode = AuditableObjectIdType.EncounterNumber;
// roleCode = AuditableObjectRole.Report;
// }
// else if (o is SecurityUser)
// {
// idTypeCode = AuditableObjectIdType.UserIdentifier;
// roleCode = AuditableObjectRole.SecurityUser;
// objType = AuditableObjectType.SystemObject;
// }
// return new AuditableObject()
// {
// IDTypeCode = idTypeCode,
// CustomIdTypeCode = idTypeCode == AuditableObjectIdType.Custom ? new AuditCode(o.GetType().Name, "OpenIZTable") : null,
// LifecycleType = lifecycle,
// ObjectId = o.Key?.ToString(),
// Role = roleCode,
// Type = objType
// };
//}).ToList();
// Query performed
if (!String.IsNullOrEmpty(queryPerformed))
{
audit.AuditableObjects.Add(new AuditableObject()
{
IDTypeCode = AuditableObjectIdType.SearchCritereon,
LifecycleType = AuditableObjectLifecycle.Access,
QueryData = queryPerformed,
Role = AuditableObjectRole.Query,
Type = AuditableObjectType.SystemObject
});
}
SendAudit(audit);
}
/// <summary>
/// Create the audit
/// </summary>
private static AuditMessage CreateAudit(ActionType action, OutcomeIndicator outcome, EventIdentifierType eventId, CodeValue <String> eventType, IMessage message, String remoteEndpoint)
{
var retVal = new AuditMessage(
DateTime.Now, action, outcome, eventId, eventType);
Terser mTerser = new Terser(message);
retVal.Actors = new List <AuditActorData>()
{
new AuditActorData()
{
UserIdentifier = String.Format("{0}|{1}", mTerser.Get("/MSH-3"), mTerser.Get("/MSH-4")),
AlternativeUserId = Process.GetCurrentProcess().Id.ToString(),
ActorRoleCode = new List <CodeValue <string> >()
{
new CodeValue <String>("110153", "DCM")
{
DisplayName = "Source"
}
},
NetworkAccessPointType = NetworkAccessPointType.MachineName,
NetworkAccessPointTypeSpecified = true,
NetworkAccessPointId = Dns.GetHostName()
},
new AuditActorData()
{
UserIdentifier = String.Format("{0}|{1}", mTerser.Get("/MSH-5"), mTerser.Get("/MSH-6")),
ActorRoleCode = new List <CodeValue <string> >()
{
new CodeValue <String>("110152", "DCM")
{
DisplayName = "Desintation"
}
},
NetworkAccessPointType = NetworkAccessPointType.MachineName,
NetworkAccessPointTypeSpecified = true,
NetworkAccessPointId = remoteEndpoint
}
};
// Human?
WindowsIdentity identity = WindowsIdentity.GetCurrent();
if (Environment.UserInteractive)
{
retVal.Actors.Add(new AuditActorData()
{
UserIdentifier = identity.Name,
AlternativeUserId = String.Format("{0}\\{1}", Environment.UserDomainName, Environment.UserName),
ActorRoleCode = identity.Groups.Select(o => new CodeValue <String>(o.Translate(typeof(NTAccount)).Value, Environment.UserDomainName)).ToList()
});
}
// Audit source
retVal.SourceIdentification = new List <AuditSourceIdentificationType>()
{
new AuditSourceIdentificationType()
{
AuditEnterpriseSiteID = ConfigurationManager.AppSettings["giis_device_id_oid"],
AuditSourceID = String.Format("{0}\\{1}", Environment.UserDomainName, Environment.MachineName),
AuditSourceTypeCode = new List <CodeValue <AuditSourceType> >()
{
new CodeValue <AuditSourceType>(AuditSourceType.EndUserInterface)
}
}
};
return(retVal);
}
/// <summary>
/// A utility which can be used to send a data audit
/// </summary>
public static void AuditDataAction <TData>(EventTypeCodes typeCode, ActionType action, AuditableObjectLifecycle lifecycle, EventIdentifierType eventType, OutcomeIndicator outcome, String queryPerformed, params TData[] data) where TData : IdentifiedData
{
AuditCode eventTypeId = CreateAuditActionCode(typeCode);
AuditData audit = new AuditData(DateTime.Now, action, outcome, eventType, eventTypeId);
AddDeviceActor(audit);
AddUserActor(audit);
// Objects
audit.AuditableObjects = data.Select(o => {
var idTypeCode = AuditableObjectIdType.Custom;
var roleCode = AuditableObjectRole.Resource;
var objType = AuditableObjectType.Other;
if (o is Patient)
{
idTypeCode = AuditableObjectIdType.PatientNumber;
roleCode = AuditableObjectRole.Patient;
objType = AuditableObjectType.Person;
}
else if (o is UserEntity || o is Provider)
{
idTypeCode = AuditableObjectIdType.UserIdentifier;
objType = AuditableObjectType.Person;
roleCode = AuditableObjectRole.Provider;
}
else if (o is Entity)
{
idTypeCode = AuditableObjectIdType.EnrolleeNumber;
}
else if (o is Act)
{
idTypeCode = AuditableObjectIdType.EncounterNumber;
roleCode = AuditableObjectRole.Report;
}
else if (o is SecurityUser)
{
idTypeCode = AuditableObjectIdType.UserIdentifier;
roleCode = AuditableObjectRole.SecurityUser;
objType = AuditableObjectType.SystemObject;
}
return(new AuditableObject()
{
IDTypeCode = idTypeCode,
CustomIdTypeCode = idTypeCode == AuditableObjectIdType.Custom ? new AuditCode(o.GetType().Name, "OpenIZTable") : null,
LifecycleType = lifecycle,
ObjectId = o.Key?.ToString(),
Role = roleCode,
Type = objType
});
}).ToList();
// Query performed
if (!String.IsNullOrEmpty(queryPerformed))
{
audit.AuditableObjects.Add(new AuditableObject()
{
IDTypeCode = AuditableObjectIdType.SearchCritereon,
LifecycleType = AuditableObjectLifecycle.Access,
ObjectId = typeof(TData).Name,
QueryData = queryPerformed,
Role = AuditableObjectRole.Query,
Type = AuditableObjectType.SystemObject
});
}
AddAncillaryObject(audit);
SendAudit(audit);
}
/// <summary> /// Audits the generic error. /// </summary> /// <param name="outcomeIndicator">The outcome indicator.</param> /// <param name="eventTypeCode">The event type code.</param> /// <param name="eventIdentifierType">Type of the event identifier.</param> /// <param name="exception">The exception.</param> public abstract void AuditGenericError(OutcomeIndicator outcomeIndicator, EventTypeCode eventTypeCode, EventIdentifierType eventIdentifierType, Exception exception);
/// <summary>
/// Creates the base audit.
/// </summary>
/// <param name="actionType">Type of the action.</param>
/// <param name="eventTypeCode">The event type code.</param>
/// <param name="eventIdentifierType">Type of the event identifier.</param>
/// <param name="outcomeIndicator">The outcome indicator.</param>
/// <returns>Returns the created base audit data.</returns>
protected virtual AuditData CreateBaseAudit(ActionType actionType, EventTypeCode eventTypeCode, EventIdentifierType eventIdentifierType, OutcomeIndicator outcomeIndicator)
{
return(this.CreateBaseAudit(actionType, CreateAuditCode(eventTypeCode), eventIdentifierType, outcomeIndicator));
}
/// <summary>
/// Creates the base audit.
/// </summary>
/// <param name="actionType">Type of the action.</param>
/// <param name="eventTypeCode">The event type code.</param>
/// <param name="eventIdentifierType">Type of the event identifier.</param>
/// <param name="outcomeIndicator">The outcome indicator.</param>
/// <returns>Returns the created base audit data.</returns>
protected virtual AuditData CreateBaseAudit(ActionType actionType, AuditCode eventTypeCode, EventIdentifierType eventIdentifierType, OutcomeIndicator outcomeIndicator)
{
var audit = CreateBaseAudit(actionType, eventTypeCode, eventIdentifierType);
audit.Outcome = outcomeIndicator;
return(audit);
}
/// <summary>
/// Creates the base audit.
/// </summary>
/// <param name="actionType">Type of the action.</param>
/// <param name="eventTypeCode">The event type code.</param>
/// <param name="eventIdentifierType">Type of the event identifier.</param>
/// <returns>Returns the created base audit data.</returns>
protected virtual AuditData CreateBaseAudit(ActionType actionType, AuditCode eventTypeCode, EventIdentifierType eventIdentifierType)
{
return(new AuditData
{
ActionCode = actionType,
CorrelationToken = Guid.NewGuid(),
EventTypeCode = eventTypeCode,
EventIdentifier = eventIdentifierType,
Timestamp = DateTime.Now
});
}
/// <summary>
/// Audits the generic error.
/// </summary>
/// <param name="outcomeIndicator">The outcome indicator.</param>
/// <param name="eventTypeCode">The event type code.</param>
/// <param name="eventIdentifierType">Type of the event identifier.</param>
/// <param name="exception">The exception.</param>
public override void AuditGenericError(OutcomeIndicator outcomeIndicator, AuditCode eventTypeCode, EventIdentifierType eventIdentifierType, Exception exception)
{
var audit = this.CreateBaseAudit(ActionType.Execute, eventTypeCode, eventIdentifierType, outcomeIndicator);
audit.AuditableObjects.Add(new AuditableObject
{
IDTypeCode = AuditableObjectIdType.Uri,
ObjectId = this.Context.Request.Url.ToString(),
Role = AuditableObjectRole.Resource,
Type = AuditableObjectType.SystemObject
});
if (exception != null)
{
var auditableObject = new AuditableObject
{
IDTypeCode = AuditableObjectIdType.Custom,
ObjectId = exception.GetHashCode().ToString(),
Role = AuditableObjectRole.Resource,
Type = AuditableObjectType.Other
};
auditableObject.ObjectData.Add(new ObjectDataExtension(exception.GetType().Name, ObjectToByteArray(new Error(exception))));
audit.AuditableObjects.Add(auditableObject);
}
AuditService.SendAudit(audit);
}
/// <summary>
/// Creates the base audit.
/// </summary>
/// <param name="actionType">Type of the action.</param>
/// <param name="eventTypeCode">The event type code.</param>
/// <param name="eventIdentifierType">Type of the event identifier.</param>
/// <param name="outcomeIndicator">The outcome indicator.</param>
/// <returns>Returns the created base audit data.</returns>
protected override AuditData CreateBaseAudit(ActionType actionType, AuditCode eventTypeCode, EventIdentifierType eventIdentifierType, OutcomeIndicator outcomeIndicator)
{
var audit = base.CreateBaseAudit(actionType, eventTypeCode, eventIdentifierType, outcomeIndicator);
var remoteIp = GetLocalIPAddress();
try
{
// attempt to get the remote IP address
remoteIp = this.Context.Request.ServerVariables["REMOTE_ADDR"];
}
catch (Exception e)
{
Trace.TraceError($"Unable to retrieve remote IP address for auditing purposes: {e}");
}
var userIdentifier = string.Empty;
try
{
userIdentifier = this.Context.Request.Url.Host;
}
catch (Exception e)
{
Trace.TraceError($"Unable to retrieve request host URL for auditing purposes: {e}");
}
// add the receiver
audit.Actors.Add(new AuditActorData
{
UserName = Environment.UserName,
UserIdentifier = userIdentifier,
NetworkAccessPointId = Dns.GetHostName(),
NetworkAccessPointType = NetworkAccessPointType.MachineName,
AlternativeUserId = Process.GetCurrentProcess().Id.ToString(),
ActorRoleCode = new List <AuditCode>
{
new AuditCode("110152", "DCM")
}
});
// add the sender
audit.Actors.Add(new AuditActorData
{
UserIdentifier = remoteIp,
NetworkAccessPointId = remoteIp,
NetworkAccessPointType = NetworkAccessPointType.IPAddress,
ActorRoleCode = new List <AuditCode>
{
new AuditCode("110153", "DCM")
},
UserIsRequestor = true
});
// add the user if this is an authenticated request
if (this.Context.User?.Identity?.IsAuthenticated == true)
{
audit.Actors.Add(new AuditActorData
{
UserIdentifier = this.Context.User.Identity.Name,
UserIsRequestor = true,
NetworkAccessPointId = remoteIp,
NetworkAccessPointType = NetworkAccessPointType.IPAddress,
ActorRoleCode = new List <AuditCode>
{
new AuditCode("6", "AuditableObjectRole")
}
});
}
else
{
// add the anonymous actor if the request isn't authenticated
audit.Actors.Add(new AuditActorData
{
UserIdentifier = "Anonymous",
UserIsRequestor = true,
NetworkAccessPointId = remoteIp,
NetworkAccessPointType = NetworkAccessPointType.IPAddress,
ActorRoleCode = new List <AuditCode>
{
new AuditCode("6", "AuditableObjectRole")
}
});
}
try
{
if (outcomeIndicator != OutcomeIndicator.Success)
{
// add the object detail
using (var memoryStream = new MemoryStream())
{
var detail = new ObjectDataExtension
{
Key = "HTTPMessage"
};
using (var streamWriter = new StreamWriter(memoryStream, Encoding.UTF8))
{
streamWriter.WriteLine("<?xml version=\"1.0\"?><Request><![CDATA[");
streamWriter.WriteLine("{0} {1} HTTP/1.1", this.Context.Request.HttpMethod, this.Context.Request.Url);
for (var i = 0; i < this.Context.Request.Headers.Keys.Count; i++)
{
streamWriter.WriteLine("{0} : {1}", this.Context.Request.Headers.Keys[i], this.Context.Request.Headers[i]);
}
// Only output if request is not sensitive
if (!this.IsRequestSensitive)
{
using (var sr = new StreamReader(this.Context.Request.InputStream))
{
streamWriter.WriteLine("\r\n{0}", sr.ReadToEnd());
}
}
else
{
streamWriter.WriteLine("*********** SENSITIVE REQUEST REDACTED ***********");
}
streamWriter.WriteLine("]]></Request>");
streamWriter.Flush();
detail.Value = memoryStream.GetBuffer().Take((int)memoryStream.Length).ToArray();
}
var auditableObject = new AuditableObject
{
IDTypeCode = AuditableObjectIdType.Uri,
ObjectId = this.Context.Request.Url.ToString(),
Role = AuditableObjectRole.Query,
Type = AuditableObjectType.SystemObject
};
auditableObject.ObjectData.Add(detail);
audit.AuditableObjects.Add(auditableObject);
}
}
}
catch (Exception e)
{
Trace.TraceError($"Unable to add object detail to audit message: {e}");
}
return(audit);
}
/// <summary>
/// Audits the generic error.
/// </summary>
/// <param name="outcomeIndicator">The outcome indicator.</param>
/// <param name="eventTypeCode">The event type code.</param>
/// <param name="eventIdentifierType">Type of the event identifier.</param>
/// <param name="exception">The exception.</param>
public override void AuditGenericError(OutcomeIndicator outcomeIndicator, EventTypeCode eventTypeCode, EventIdentifierType eventIdentifierType, Exception exception)
{
this.AuditGenericError(outcomeIndicator, CreateAuditCode(eventTypeCode), eventIdentifierType, exception);
}
/// <summary>
/// Event identiifer set
/// </summary>
public static AuditData WithEventIdentifier(this AuditData me, EventIdentifierType identifier)
{
me.EventIdentifier = identifier;
return(me);
}
