private Dictionary <string, string> BuildTokenDictionary(AuditableAction action) { LapsAuthorizationResponse lapsAuthZResponse = action.AuthzResponse as LapsAuthorizationResponse; JitAuthorizationResponse jitAuthZResponse = action.AuthzResponse as JitAuthorizationResponse; Dictionary <string, string> pairs = new Dictionary <string, string>(StringComparer.OrdinalIgnoreCase) { { "{user.SamAccountName}", action.User?.SamAccountName }, { "{user.MsDsPrincipalName}", action.User?.MsDsPrincipalName }, { "{user.DisplayName}", action.User?.DisplayName }, { "{user.UserPrincipalName}", action.User?.UserPrincipalName }, { "{user.Sid}", action.User?.Sid?.ToString() }, { "{user.DistinguishedName}", action.User?.DistinguishedName }, { "{user.Description}", action.User?.Description }, { "{user.EmailAddress}", action.User?.EmailAddress }, { "{user.Guid}", action.User?.Guid?.ToString() }, { "{user.GivenName}", action.User?.GivenName }, { "{user.Surname}", action.User?.Surname }, { "{computer.SamAccountName}", action.Computer?.SamAccountName }, { "{computer.MsDsPrincipalName}", action.Computer?.MsDsPrincipalName }, { "{computer.DistinguishedName}", action.Computer?.DistinguishedName }, { "{computer.Description}", action.Computer?.Description }, { "{computer.DisplayName}", action.Computer?.DisplayName }, { "{computer.Guid}", action.Computer?.Guid?.ToString() }, { "{computer.Sid}", action.Computer?.Sid?.ToString() }, { "{request.ComputerName}", action.RequestedComputerName }, { "{request.Reason}", action.RequestReason ?? "(not provided)" }, { "{AuthzResult.NotificationChannels}", string.Join(",", action.AuthzResponse?.NotificationChannels ?? new List <string>()) }, { "{AuthzResult.MatchedRuleDescription}", action.AuthzResponse?.MatchedRuleDescription }, { "{AuthzResult.MatchedRule}", action.AuthzResponse?.MatchedRule }, { "{AuthzResult.ExpireAfter}", (lapsAuthZResponse?.ExpireAfter ?? jitAuthZResponse?.ExpireAfter)?.ToString() }, { "{AuthzResult.ResponseCode}", action.AuthzResponse?.Code.ToString() }, { "{AuthzResult.AccessType}", action.AuthzResponse?.EvaluatedAccess.ToString() }, { "{AuthzResult.AccessTypeDescription}", action.EvaluatedAccess ?? action.AuthzResponse?.EvaluatedAccess.ToDescription() }, { "{AuthZResult.AccessExpiryDate}", action.AccessExpiryDate }, { "{message}", action.Message }, { "{request.IPAddress}", httpContextAccessor.HttpContext?.Connection?.RemoteIpAddress?.ToString() }, { "{request.Hostname}", this.TryResolveHostName(httpContextAccessor.HttpContext?.Connection?.RemoteIpAddress) }, { "{datetime}", DateTime.Now.ToString(CultureInfo.CurrentCulture) }, { "{datetimeutc}", DateTime.UtcNow.ToString(CultureInfo.CurrentCulture) }, { "{computer.LapsExpiryDate}", action.AccessExpiryDate }, //deprecated }; return(pairs); }
private IActionResult GrantJitAccess(AccessRequestModel model, IUser user, IComputer computer, JitAuthorizationResponse authResponse) { Action undo = null; try { TimeSpan grantedAccessLength = this.jitAccessProvider.GrantJitAccess(this.directory.GetGroup(authResponse.AuthorizingGroup), user, authResponse.AllowExtension, authResponse.ExpireAfter, out undo); DateTime expiryDate = DateTime.Now.Add(grantedAccessLength); this.reporting.GenerateAuditEvent(new AuditableAction { AuthzResponse = authResponse, RequestedComputerName = model.ComputerName, RequestReason = model.UserRequestReason, IsSuccess = true, User = user, Computer = computer, EventID = EventIDs.ComputerJitAccessGranted, ComputerExpiryDate = expiryDate.ToString(CultureInfo.CurrentCulture) }); var jitDetails = new JitDetailsModel(computer.MsDsPrincipalName, user.MsDsPrincipalName, expiryDate); return(this.View("Jit", jitDetails)); } catch (Exception ex) { if (undo != null) { this.logger.LogEventWarning(EventIDs.JitRollbackInProgress, LogMessages.JitRollbackInProgress, ex); try { undo(); } catch (Exception ex2) { this.logger.LogEventError(EventIDs.JitRollbackFailed, LogMessages.JitRollbackFailed, ex2); } } this.logger.LogEventError(EventIDs.JitError, string.Format(LogMessages.JitError, computer.MsDsPrincipalName, user.MsDsPrincipalName), ex); ErrorModel errorModel = new ErrorModel { Heading = UIMessages.UnableToGrantAccess, Message = UIMessages.JitError }; return(this.View("Error", errorModel)); } }