private void RunClientAccessRules()
{
long ticks = DateTime.UtcNow.Ticks;
ClientAccessRuleCollection clientAccessRuleCollection = this.FetchClientAccessRulesCollection();
ADRawEntry adrawEntry = this.FetchADRawEntry(this.User);
string usernameFromADRawEntry = ClientAccessRulesUtils.GetUsernameFromADRawEntry(adrawEntry);
base.WriteVerbose(RulesTasksStrings.TestClientAccessRuleFoundUsername(usernameFromADRawEntry));
ClientAccessRulesEvaluationContext context = new ClientAccessRulesEvaluationContext(clientAccessRuleCollection, usernameFromADRawEntry, new IPEndPoint(this.RemoteAddress, this.RemotePort), this.Protocol, this.AuthenticationType, adrawEntry, ObjectSchema.GetInstance <ClientAccessRulesRecipientFilterSchema>(), delegate(ClientAccessRulesEvaluationContext evaluationContext)
{
}, delegate(Rule rule, ClientAccessRulesAction action)
{
ObjectId identity = null;
ClientAccessRule clientAccessRule = rule as ClientAccessRule;
if (clientAccessRule != null)
{
identity = clientAccessRule.Identity;
}
this.WriteResult(new ClientAccessRulesEvaluationResult
{
Identity = identity,
Name = rule.Name,
Action = action
});
}, ticks);
clientAccessRuleCollection.Run(context);
}
internal static bool ShouldBlockConnection(OrganizationId organizationId, string username, ClientAccessProtocol protocol, IPEndPoint remoteEndpoint, ClientAccessAuthenticationMethod authenticationType, IReadOnlyPropertyBag propertyBag, Action <ClientAccessRulesEvaluationContext> blockLoggerDelegate, Action <double> latencyLoggerDelegate)
{
DateTime utcNow = DateTime.UtcNow;
bool shouldBlock = false;
long ticks = utcNow.Ticks;
if (organizationId == null)
{
ExTraceGlobals.ClientAccessRulesTracer.TraceDebug(ticks, "[Client Access Rules] ShouldBlockConnection assuming OrganizationId.ForestWideOrgId for null OrganizationId");
organizationId = OrganizationId.ForestWideOrgId;
}
if (remoteEndpoint != null)
{
ExTraceGlobals.ClientAccessRulesTracer.TraceDebug(ticks, "[Client Access Rules] ShouldBlockConnection - Initializing context to run rules");
ClientAccessRuleCollection collection = ClientAccessRulesCache.Instance.GetCollection(organizationId);
ClientAccessRulesEvaluationContext context = new ClientAccessRulesEvaluationContext(collection, username, remoteEndpoint, protocol, authenticationType, propertyBag, ObjectSchema.GetInstance <ClientAccessRulesRecipientFilterSchema>(), delegate(ClientAccessRulesEvaluationContext evaluationContext)
{
shouldBlock = true;
blockLoggerDelegate(evaluationContext);
}, null, ticks);
collection.Run(context);
}
ClientAccessRulesPerformanceCounters.TotalClientAccessRulesEvaluationCalls.Increment();
if (shouldBlock)
{
ClientAccessRulesPerformanceCounters.TotalConnectionsBlockedByClientAccessRules.Increment();
}
double totalMilliseconds = (DateTime.UtcNow - utcNow).TotalMilliseconds;
latencyLoggerDelegate(totalMilliseconds);
if (totalMilliseconds > 50.0)
{
ClientAccessRulesPerformanceCounters.TotalClientAccessRulesEvaluationCallsOver50ms.Increment();
}
if (totalMilliseconds > 10.0)
{
ClientAccessRulesPerformanceCounters.TotalClientAccessRulesEvaluationCallsOver10ms.Increment();
}
ExTraceGlobals.ClientAccessRulesTracer.TraceDebug(ticks, string.Format("[Client Access Rules] ShouldBlockConnection - Evaluate - Org: {0} - Protocol: {1} - Username: {2} - IP: {3} - Port: {4} - Auth Type: {5} - Blocked: {6} - Latency: {7}", new object[]
{
organizationId.ToString(),
protocol.ToString(),
username.ToString(),
remoteEndpoint.Address.ToString(),
remoteEndpoint.Port.ToString(),
authenticationType.ToString(),
shouldBlock.ToString(),
totalMilliseconds.ToString()
}));
return(shouldBlock);
}
