/// <summary>
/// Creates an audit writer and logs the exception.
/// </summary>
/// <param name="filterContext">The current filter context to get the user and the action.</param>
/// <param name="exception"> The exception. </param>
protected void AuditFailure(ActionExecutingContext filterContext, Exception exception)
{
var audit = this.Audit ?? (this.Audit = this.CreateAudit());
if (audit == null)
{
return;
}
filterContext.ArgumentMustNotBeNull("filterContext");
audit.AuthenticationCheckFailed(new AuditInfo <string>(filterContext.RequestContext, exception.Message));
}
/// <summary>
/// Called by the ASP.NET MVC framework before the action method executes.
/// </summary>
/// <param name="filterContext">The filter context.</param>
protected override void InternalAuthenticationCheck(ActionExecutingContext filterContext)
{
this.Configuration.EnsureCorrectConfiguration();
filterContext.ArgumentMustNotBeNull("filterContext");
// to validate, we need the value of the key - have a look if we can find it.
var parameters = filterContext.HttpContext.Request.Form;
var containskey = parameters.Keys.OfType <string>().Contains("yubiKey");
if (!containskey)
{
throw new YubikeyNotPresentException();
}
var otp = parameters["yubiKey"];
IYubicoResponse response;
try
{
response = this.Client.Verify(otp);
}
catch (Exception ex)
{
throw new YubikeyInvalidResponseException(YubicoResponseStatus.BackendError, ex);
}
if (response == null)
{
throw new YubikeyNullResponseException();
}
var user = filterContext.HttpContext.User;
var users = this.Configuration.Users;
if (users == null)
{
throw new InvalidOperationException("The Users property of the configuration is NULL.");
}
// the response must be OK
// the name of the current http context identity must match, OR SkipIdentityNameCheck must be enabled
if (response.Status == YubicoResponseStatus.Ok &&
(this.SkipIdentityNameCheck
? users.Any(x => x.ExternalId == response.PublicId)
: users.Where(x => x.ExternalId == response.PublicId).Select(x => x.Name).FirstOrDefault() == user.Identity.Name))
{
return;
}
throw new YubikeyInvalidResponseException(response.Status);
}
/// <summary>
/// Called by the ASP.NET MVC framework before the action method executes.
/// Where we collect come information about the client request and update the statistics. We also will prevent further request processing by throwing exceptions
/// if the statists do tell us that this client is an attacker.
/// </summary>
/// <param name="filterContext">The filter context.</param>
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
filterContext.ArgumentMustNotBeNull("filterContext");
var context = filterContext.HttpContext;
if (context != null)
{
var instance = this.Instance;
var checkStatisticGate = instance.CheckStatisticGate; // for performance reason only read this once
var checkRequestGate = instance.CheckRequestGate; // for performance reason only read this once
var httpRequestBase = context.Request;
var gateClosed = this.ContextProcessors.Any(processor =>
{
var clientId = processor.IdExtractor.Extract(context);
return((checkStatisticGate && !instance.StatisticsGate(clientId, processor.Statistics)) ||
(checkRequestGate && !instance.RequestGate(clientId, httpRequestBase)));
});
if (gateClosed)
{
if (string.IsNullOrEmpty(this.FaultAction))
{
filterContext.Result = new ContentResult
{
Content = "client has been blocked...",
};
// see 409 - http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
var response = filterContext.HttpContext.Response;
response.StatusCode = (int)HttpStatusCode.Conflict;
response.TrySkipIisCustomErrors = true;
return;
}
var controller = (System.Web.Mvc.Controller)filterContext.Controller;
var action = controller.Url.Action(this.FaultAction, new { FaultSource = this.GetType().Name });
filterContext.Result = new RedirectResult(action);
}
}
base.OnActionExecuting(filterContext);
}
