public override bool Evaluate(RulesEvaluationContext baseContext)
{
ClientAccessRulesEvaluationContext clientAccessRulesEvaluationContext = (ClientAccessRulesEvaluationContext)baseContext;
ClientAccessAuthenticationMethod authenticationType = clientAccessRulesEvaluationContext.AuthenticationType;
return(this.AuthenticationTypeList.Contains(authenticationType));
}
internal static bool ShouldBlockConnection(OrganizationId organizationId, string username, ClientAccessProtocol protocol, IPEndPoint remoteEndpoint, ClientAccessAuthenticationMethod authenticationType, IReadOnlyPropertyBag propertyBag, Action <ClientAccessRulesEvaluationContext> blockLoggerDelegate, Action <double> latencyLoggerDelegate)
{
DateTime utcNow = DateTime.UtcNow;
bool shouldBlock = false;
long ticks = utcNow.Ticks;
if (organizationId == null)
{
ExTraceGlobals.ClientAccessRulesTracer.TraceDebug(ticks, "[Client Access Rules] ShouldBlockConnection assuming OrganizationId.ForestWideOrgId for null OrganizationId");
organizationId = OrganizationId.ForestWideOrgId;
}
if (remoteEndpoint != null)
{
ExTraceGlobals.ClientAccessRulesTracer.TraceDebug(ticks, "[Client Access Rules] ShouldBlockConnection - Initializing context to run rules");
ClientAccessRuleCollection collection = ClientAccessRulesCache.Instance.GetCollection(organizationId);
ClientAccessRulesEvaluationContext context = new ClientAccessRulesEvaluationContext(collection, username, remoteEndpoint, protocol, authenticationType, propertyBag, ObjectSchema.GetInstance <ClientAccessRulesRecipientFilterSchema>(), delegate(ClientAccessRulesEvaluationContext evaluationContext)
{
shouldBlock = true;
blockLoggerDelegate(evaluationContext);
}, null, ticks);
collection.Run(context);
}
ClientAccessRulesPerformanceCounters.TotalClientAccessRulesEvaluationCalls.Increment();
if (shouldBlock)
{
ClientAccessRulesPerformanceCounters.TotalConnectionsBlockedByClientAccessRules.Increment();
}
double totalMilliseconds = (DateTime.UtcNow - utcNow).TotalMilliseconds;
latencyLoggerDelegate(totalMilliseconds);
if (totalMilliseconds > 50.0)
{
ClientAccessRulesPerformanceCounters.TotalClientAccessRulesEvaluationCallsOver50ms.Increment();
}
if (totalMilliseconds > 10.0)
{
ClientAccessRulesPerformanceCounters.TotalClientAccessRulesEvaluationCallsOver10ms.Increment();
}
ExTraceGlobals.ClientAccessRulesTracer.TraceDebug(ticks, string.Format("[Client Access Rules] ShouldBlockConnection - Evaluate - Org: {0} - Protocol: {1} - Username: {2} - IP: {3} - Port: {4} - Auth Type: {5} - Blocked: {6} - Latency: {7}", new object[]
{
organizationId.ToString(),
protocol.ToString(),
username.ToString(),
remoteEndpoint.Address.ToString(),
remoteEndpoint.Port.ToString(),
authenticationType.ToString(),
shouldBlock.ToString(),
totalMilliseconds.ToString()
}));
return(shouldBlock);
}
internal static bool ShouldBlockConnection(OrganizationId organizationId, string username, ClientAccessProtocol protocol, IPEndPoint remoteEndpoint, ClientAccessAuthenticationMethod authenticationType, Action <ClientAccessRulesEvaluationContext> blockLoggerDelegate, Action <double> latencyLoggerDelegate)
{
return(ClientAccessRulesUtils.ShouldBlockConnection(organizationId, username, protocol, remoteEndpoint, authenticationType, null, blockLoggerDelegate, latencyLoggerDelegate));
}
internal ClientAccessRulesLogEvent(OrganizationId orgId, string username, IPEndPoint endpoint, ClientAccessAuthenticationMethod authenticationType, string blockingRuleName, double latency, bool blocked)
{
ActivityContext.ActivityId.FormatForLog();
this.datapointProperties = new Dictionary <string, object>
{
{
"ORGID",
orgId.ToString()
},
{
"USER",
username
},
{
"IP",
endpoint.Address.ToString()
},
{
"PORT",
endpoint.Port.ToString()
},
{
"AUTHTYPE",
authenticationType.ToString()
},
{
"RULE",
blockingRuleName
},
{
"LATENCY",
latency.ToString()
},
{
"BLOCKED",
blocked.ToString()
}
};
}
public ClientAccessRulesEvaluationContext(RuleCollection rules, string username, IPEndPoint remoteEndpoint, ClientAccessProtocol protocol, ClientAccessAuthenticationMethod authenticationType, IReadOnlyPropertyBag userPropertyBag, ObjectSchema userSchema, Action <ClientAccessRulesEvaluationContext> denyAccessDelegate, Action <Rule, ClientAccessRulesAction> whatIfActionDelegate, long traceId) : base(rules)
{
this.AuthenticationType = authenticationType;
this.UserName = username;
this.RemoteEndpoint = remoteEndpoint;
this.Protocol = protocol;
this.User = userPropertyBag;
this.UserSchema = userSchema;
this.DenyAccessDelegate = denyAccessDelegate;
this.WhatIfActionDelegate = whatIfActionDelegate;
this.WhatIf = (whatIfActionDelegate != null);
base.Tracer = new ClientAccessRulesTracer(traceId);
}
internal bool HasAuthenticationMethodPredicate(ClientAccessAuthenticationMethod authenticationMethod)
{
return((this.AnyOfAuthenticationTypes != null && this.AnyOfAuthenticationTypes.Contains(authenticationMethod)) || (this.ExceptAnyOfAuthenticationTypes != null && this.ExceptAnyOfAuthenticationTypes.Contains(authenticationMethod)));
}
