/// <summary>
/// Creates the object data extension.
/// </summary>
/// <param name="detail">The detail.</param>
/// <param name="enforceType">Type of the enforce.</param>
/// <param name="name">The name.</param>
/// <returns>Returns the created <see cref="ObjectDataExtension" /> instance.</returns>
protected ObjectDataExtension CreateObjectDataExtension(object detail, Type enforceType = null, string name = null)
{
var retVal = new ObjectDataExtension();
enforceType = enforceType ?? detail.GetType();
if (enforceType.Namespace == "System.Data.Entity.DynamicProxies")
{
enforceType = enforceType.BaseType;
}
using (var ms = new MemoryStream())
{
var writer = XmlWriter.Create(ms);
writer.WriteStartElement(name ?? enforceType.Name);
this.WriteObject(writer, detail);
writer.WriteEndDocument();
writer.Close();
retVal.Value = ms.GetBuffer().Take((int)ms.Length).ToArray();
}
retVal.Key = name ?? enforceType.AssemblyQualifiedName;
return(retVal);
}
/// <summary>
/// Creates the base audit.
/// </summary>
/// <param name="actionType">Type of the action.</param>
/// <param name="eventTypeCode">The event type code.</param>
/// <param name="eventIdentifierType">Type of the event identifier.</param>
/// <param name="outcomeIndicator">The outcome indicator.</param>
/// <returns>Returns the created base audit data.</returns>
protected override AuditData CreateBaseAudit(ActionType actionType, AuditCode eventTypeCode, EventIdentifierType eventIdentifierType, OutcomeIndicator outcomeIndicator)
{
var audit = base.CreateBaseAudit(actionType, eventTypeCode, eventIdentifierType, outcomeIndicator);
var remoteIp = GetLocalIPAddress();
try
{
// attempt to get the remote IP address
remoteIp = this.Context.Request.ServerVariables["REMOTE_ADDR"];
}
catch (Exception e)
{
Trace.TraceError($"Unable to retrieve remote IP address for auditing purposes: {e}");
}
var userIdentifier = string.Empty;
try
{
userIdentifier = this.Context.Request.Url.Host;
}
catch (Exception e)
{
Trace.TraceError($"Unable to retrieve request host URL for auditing purposes: {e}");
}
// add the receiver
audit.Actors.Add(new AuditActorData
{
UserName = Environment.UserName,
UserIdentifier = userIdentifier,
NetworkAccessPointId = Dns.GetHostName(),
NetworkAccessPointType = NetworkAccessPointType.MachineName,
AlternativeUserId = Process.GetCurrentProcess().Id.ToString(),
ActorRoleCode = new List <AuditCode>
{
new AuditCode("110152", "DCM")
}
});
// add the sender
audit.Actors.Add(new AuditActorData
{
UserIdentifier = remoteIp,
NetworkAccessPointId = remoteIp,
NetworkAccessPointType = NetworkAccessPointType.IPAddress,
ActorRoleCode = new List <AuditCode>
{
new AuditCode("110153", "DCM")
},
UserIsRequestor = true
});
// add the user if this is an authenticated request
if (this.Context.User?.Identity?.IsAuthenticated == true)
{
audit.Actors.Add(new AuditActorData
{
UserIdentifier = this.Context.User.Identity.Name,
UserIsRequestor = true,
NetworkAccessPointId = remoteIp,
NetworkAccessPointType = NetworkAccessPointType.IPAddress,
ActorRoleCode = new List <AuditCode>
{
new AuditCode("6", "AuditableObjectRole")
}
});
}
else
{
// add the anonymous actor if the request isn't authenticated
audit.Actors.Add(new AuditActorData
{
UserIdentifier = "Anonymous",
UserIsRequestor = true,
NetworkAccessPointId = remoteIp,
NetworkAccessPointType = NetworkAccessPointType.IPAddress,
ActorRoleCode = new List <AuditCode>
{
new AuditCode("6", "AuditableObjectRole")
}
});
}
try
{
if (outcomeIndicator != OutcomeIndicator.Success)
{
// add the object detail
using (var memoryStream = new MemoryStream())
{
var detail = new ObjectDataExtension
{
Key = "HTTPMessage"
};
using (var streamWriter = new StreamWriter(memoryStream, Encoding.UTF8))
{
streamWriter.WriteLine("<?xml version=\"1.0\"?><Request><![CDATA[");
streamWriter.WriteLine("{0} {1} HTTP/1.1", this.Context.Request.HttpMethod, this.Context.Request.Url);
for (var i = 0; i < this.Context.Request.Headers.Keys.Count; i++)
{
streamWriter.WriteLine("{0} : {1}", this.Context.Request.Headers.Keys[i], this.Context.Request.Headers[i]);
}
// Only output if request is not sensitive
if (!this.IsRequestSensitive)
{
using (var sr = new StreamReader(this.Context.Request.InputStream))
{
streamWriter.WriteLine("\r\n{0}", sr.ReadToEnd());
}
}
else
{
streamWriter.WriteLine("*********** SENSITIVE REQUEST REDACTED ***********");
}
streamWriter.WriteLine("]]></Request>");
streamWriter.Flush();
detail.Value = memoryStream.GetBuffer().Take((int)memoryStream.Length).ToArray();
}
var auditableObject = new AuditableObject
{
IDTypeCode = AuditableObjectIdType.Uri,
ObjectId = this.Context.Request.Url.ToString(),
Role = AuditableObjectRole.Query,
Type = AuditableObjectType.SystemObject
};
auditableObject.ObjectData.Add(detail);
audit.AuditableObjects.Add(auditableObject);
}
}
}
catch (Exception e)
{
Trace.TraceError($"Unable to add object detail to audit message: {e}");
}
return(audit);
}
