/// <summary> /// Creates the object data extension. /// </summary> /// <param name="detail">The detail.</param> /// <param name="enforceType">Type of the enforce.</param> /// <param name="name">The name.</param> /// <returns>Returns the created <see cref="ObjectDataExtension" /> instance.</returns> protected ObjectDataExtension CreateObjectDataExtension(object detail, Type enforceType = null, string name = null) { var retVal = new ObjectDataExtension(); enforceType = enforceType ?? detail.GetType(); if (enforceType.Namespace == "System.Data.Entity.DynamicProxies") { enforceType = enforceType.BaseType; } using (var ms = new MemoryStream()) { var writer = XmlWriter.Create(ms); writer.WriteStartElement(name ?? enforceType.Name); this.WriteObject(writer, detail); writer.WriteEndDocument(); writer.Close(); retVal.Value = ms.GetBuffer().Take((int)ms.Length).ToArray(); } retVal.Key = name ?? enforceType.AssemblyQualifiedName; return(retVal); }
/// <summary> /// Creates the base audit. /// </summary> /// <param name="actionType">Type of the action.</param> /// <param name="eventTypeCode">The event type code.</param> /// <param name="eventIdentifierType">Type of the event identifier.</param> /// <param name="outcomeIndicator">The outcome indicator.</param> /// <returns>Returns the created base audit data.</returns> protected override AuditData CreateBaseAudit(ActionType actionType, AuditCode eventTypeCode, EventIdentifierType eventIdentifierType, OutcomeIndicator outcomeIndicator) { var audit = base.CreateBaseAudit(actionType, eventTypeCode, eventIdentifierType, outcomeIndicator); var remoteIp = GetLocalIPAddress(); try { // attempt to get the remote IP address remoteIp = this.Context.Request.ServerVariables["REMOTE_ADDR"]; } catch (Exception e) { Trace.TraceError($"Unable to retrieve remote IP address for auditing purposes: {e}"); } var userIdentifier = string.Empty; try { userIdentifier = this.Context.Request.Url.Host; } catch (Exception e) { Trace.TraceError($"Unable to retrieve request host URL for auditing purposes: {e}"); } // add the receiver audit.Actors.Add(new AuditActorData { UserName = Environment.UserName, UserIdentifier = userIdentifier, NetworkAccessPointId = Dns.GetHostName(), NetworkAccessPointType = NetworkAccessPointType.MachineName, AlternativeUserId = Process.GetCurrentProcess().Id.ToString(), ActorRoleCode = new List <AuditCode> { new AuditCode("110152", "DCM") } }); // add the sender audit.Actors.Add(new AuditActorData { UserIdentifier = remoteIp, NetworkAccessPointId = remoteIp, NetworkAccessPointType = NetworkAccessPointType.IPAddress, ActorRoleCode = new List <AuditCode> { new AuditCode("110153", "DCM") }, UserIsRequestor = true }); // add the user if this is an authenticated request if (this.Context.User?.Identity?.IsAuthenticated == true) { audit.Actors.Add(new AuditActorData { UserIdentifier = this.Context.User.Identity.Name, UserIsRequestor = true, NetworkAccessPointId = remoteIp, NetworkAccessPointType = NetworkAccessPointType.IPAddress, ActorRoleCode = new List <AuditCode> { new AuditCode("6", "AuditableObjectRole") } }); } else { // add the anonymous actor if the request isn't authenticated audit.Actors.Add(new AuditActorData { UserIdentifier = "Anonymous", UserIsRequestor = true, NetworkAccessPointId = remoteIp, NetworkAccessPointType = NetworkAccessPointType.IPAddress, ActorRoleCode = new List <AuditCode> { new AuditCode("6", "AuditableObjectRole") } }); } try { if (outcomeIndicator != OutcomeIndicator.Success) { // add the object detail using (var memoryStream = new MemoryStream()) { var detail = new ObjectDataExtension { Key = "HTTPMessage" }; using (var streamWriter = new StreamWriter(memoryStream, Encoding.UTF8)) { streamWriter.WriteLine("<?xml version=\"1.0\"?><Request><![CDATA["); streamWriter.WriteLine("{0} {1} HTTP/1.1", this.Context.Request.HttpMethod, this.Context.Request.Url); for (var i = 0; i < this.Context.Request.Headers.Keys.Count; i++) { streamWriter.WriteLine("{0} : {1}", this.Context.Request.Headers.Keys[i], this.Context.Request.Headers[i]); } // Only output if request is not sensitive if (!this.IsRequestSensitive) { using (var sr = new StreamReader(this.Context.Request.InputStream)) { streamWriter.WriteLine("\r\n{0}", sr.ReadToEnd()); } } else { streamWriter.WriteLine("*********** SENSITIVE REQUEST REDACTED ***********"); } streamWriter.WriteLine("]]></Request>"); streamWriter.Flush(); detail.Value = memoryStream.GetBuffer().Take((int)memoryStream.Length).ToArray(); } var auditableObject = new AuditableObject { IDTypeCode = AuditableObjectIdType.Uri, ObjectId = this.Context.Request.Url.ToString(), Role = AuditableObjectRole.Query, Type = AuditableObjectType.SystemObject }; auditableObject.ObjectData.Add(detail); audit.AuditableObjects.Add(auditableObject); } } } catch (Exception e) { Trace.TraceError($"Unable to add object detail to audit message: {e}"); } return(audit); }