public async Task Invoke(HttpContext context)
{
try
{
await _next(context);
}
finally
{
var statusCode = (HttpStatusCode)context.Response.StatusCode;
// Since authorization filters runs first before any other filters, if the authorization fails,
// the AuditLoggingFilterAttribute, which is where the audit logging would normally happen, will not be executed.
// This middleware will log any Unauthorized or Forbidden request if it hasn't been logged yet.
if (_fhirRequestContextAccessor.FhirRequestContext.RouteName == null &&
(statusCode == HttpStatusCode.Unauthorized || statusCode == HttpStatusCode.Forbidden))
{
RouteData routeData = context.GetRouteData();
routeData.Values.TryGetValue("controller", out object controllerName);
routeData.Values.TryGetValue("action", out object actionName);
routeData.Values.TryGetValue(KnownActionParameterNames.ResourceType, out object resourceType);
_auditHelper.LogExecuted(
controllerName?.ToString(),
actionName?.ToString(),
statusCode,
resourceType?.ToString());
}
}
}
public override void OnResultExecuted(ResultExecutedContext context)
{
EnsureArg.IsNotNull(context, nameof(context));
_auditHelper.LogExecuted(context.HttpContext, _claimsExtractor);
base.OnResultExecuted(context);
}
/// <summary>
/// Override to check if the forbidden request is part of a bundle (batch/transaction). If it is, then set the status code of the internal request.
/// </summary>
/// <param name="properties">The authentication properties</param>
/// <returns>Returns internal HandleForbiddenAsync Task.</returns>
protected override async Task HandleForbiddenAsync(AuthenticationProperties properties)
{
if (_bundleHttpContextAccessor.HttpContext != null)
{
_bundleHttpContextAccessor.HttpContext.Response.StatusCode = 403;
_auditHelper.LogExecuted(_bundleHttpContextAccessor.HttpContext, _claimsExtractor);
}
await base.HandleForbiddenAsync(properties);
}
public async Task Invoke(HttpContext context)
{
try
{
await _next(context);
}
finally
{
_auditHelper.LogExecuted(context, _claimsExtractor, true);
}
}
public override void OnResultExecuted(ResultExecutedContext context)
{
EnsureArg.IsNotNull(context, nameof(context));
// The status code of 403 is only ever encountered here in the case of a failed bundle sub operation.
// All other 403s will be thrown before the attributes are executed and audited in the middleware.
if ((HttpStatusCode)context.HttpContext.Response.StatusCode != HttpStatusCode.Forbidden)
{
_auditHelper.LogExecuted(context.HttpContext, _claimsExtractor);
}
base.OnResultExecuted(context);
}
public override void OnResultExecuted(ResultExecutedContext context)
{
EnsureArg.IsNotNull(context, nameof(context));
var actionDescriptor = context.ActionDescriptor as ControllerActionDescriptor;
Debug.Assert(actionDescriptor != null, "The ActionDescriptor must be ControllerActionDescriptor.");
var fhirResult = context.Result as FhirResult;
_auditHelper.LogExecuted(
actionDescriptor.ControllerName,
actionDescriptor.ActionName,
(HttpStatusCode)context.HttpContext.Response.StatusCode,
fhirResult?.Result?.TypeName);
base.OnResultExecuted(context);
}
public async Task Invoke(HttpContext context)
{
try
{
await _next(context);
}
finally
{
var statusCode = (HttpStatusCode)context.Response.StatusCode;
// Since authorization filters runs first before any other filters, if the authorization fails,
// the AuditLoggingFilterAttribute, which is where the audit logging would normally happen, will not be executed.
// This middleware will log any Unauthorized request if it hasn't been logged yet.
if (statusCode == HttpStatusCode.Unauthorized)
{
_auditHelper.LogExecuted(context, _claimsExtractor);
}
}
}
public override void OnResultExecuted(ResultExecutedContext context)
{
EnsureArg.IsNotNull(context, nameof(context));
var actionDescriptor = context.ActionDescriptor as ControllerActionDescriptor;
Debug.Assert(actionDescriptor != null, "The ActionDescriptor must be ControllerActionDescriptor.");
// The result can either be a FhirResult or an OperationOutcomeResult which both extend BaseActionResult.
var result = context.Result as IBaseActionResult;
_auditHelper.LogExecuted(
actionDescriptor.ControllerName,
actionDescriptor.ActionName,
(HttpStatusCode)context.HttpContext.Response.StatusCode,
result?.GetResultTypeName());
base.OnResultExecuted(context);
}