Stop logging username/token
Fixes https://github.com/aspnet/Security/issues/1259
This commit is contained in:
Hao Kung
parent
dde7671c06
commit
ba1eb281d1
|
|
@ -110,7 +110,7 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
|
|||
}
|
||||
catch (Exception ex)
|
||||
{
|
||||
Logger.TokenValidationFailed(token, ex);
|
||||
Logger.TokenValidationFailed(ex);
|
||||
|
||||
// Refresh the configuration for exceptions that may be caused by key rollovers. The user can also request a refresh in the event.
|
||||
if (Options.RefreshOnIssuerKeyNotFound && Options.ConfigurationManager != null
|
||||
|
|
|
|||
|
|
@ -7,16 +7,16 @@ namespace Microsoft.Extensions.Logging
|
|||
{
|
||||
internal static class LoggingExtensions
|
||||
{
|
||||
private static Action<ILogger, string, Exception> _tokenValidationFailed;
|
||||
private static Action<ILogger, Exception> _tokenValidationFailed;
|
||||
private static Action<ILogger, Exception> _tokenValidationSucceeded;
|
||||
private static Action<ILogger, Exception> _errorProcessingMessage;
|
||||
|
||||
static LoggingExtensions()
|
||||
{
|
||||
_tokenValidationFailed = LoggerMessage.Define<string>(
|
||||
_tokenValidationFailed = LoggerMessage.Define(
|
||||
eventId: 1,
|
||||
logLevel: LogLevel.Information,
|
||||
formatString: "Failed to validate the token {Token}");
|
||||
formatString: "Failed to validate the token.");
|
||||
_tokenValidationSucceeded = LoggerMessage.Define(
|
||||
eventId: 2,
|
||||
logLevel: LogLevel.Information,
|
||||
|
|
@ -27,19 +27,13 @@ namespace Microsoft.Extensions.Logging
|
|||
formatString: "Exception occurred while processing message.");
|
||||
}
|
||||
|
||||
public static void TokenValidationFailed(this ILogger logger, string token, Exception ex)
|
||||
{
|
||||
_tokenValidationFailed(logger, token, ex);
|
||||
}
|
||||
public static void TokenValidationFailed(this ILogger logger, Exception ex)
|
||||
=> _tokenValidationFailed(logger, ex);
|
||||
|
||||
public static void TokenValidationSucceeded(this ILogger logger)
|
||||
{
|
||||
_tokenValidationSucceeded(logger, null);
|
||||
}
|
||||
=> _tokenValidationSucceeded(logger, null);
|
||||
|
||||
public static void ErrorProcessingMessage(this ILogger logger, Exception ex)
|
||||
{
|
||||
_errorProcessingMessage(logger, ex);
|
||||
}
|
||||
=> _errorProcessingMessage(logger, ex);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -98,37 +98,15 @@ namespace Microsoft.AspNetCore.Authorization
|
|||
var result = _evaluator.Evaluate(authContext);
|
||||
if (result.Succeeded)
|
||||
{
|
||||
_logger.UserAuthorizationSucceeded(GetUserNameForLogging(user));
|
||||
_logger.UserAuthorizationSucceeded();
|
||||
}
|
||||
else
|
||||
{
|
||||
_logger.UserAuthorizationFailed(GetUserNameForLogging(user));
|
||||
_logger.UserAuthorizationFailed();
|
||||
}
|
||||
return result;
|
||||
}
|
||||
|
||||
private string GetUserNameForLogging(ClaimsPrincipal user)
|
||||
{
|
||||
var identity = user?.Identity;
|
||||
if (identity != null)
|
||||
{
|
||||
var name = identity.Name;
|
||||
if (name != null)
|
||||
{
|
||||
return name;
|
||||
}
|
||||
return GetClaimValue(identity, "sub")
|
||||
?? GetClaimValue(identity, ClaimTypes.Name)
|
||||
?? GetClaimValue(identity, ClaimTypes.NameIdentifier);
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
private static string GetClaimValue(IIdentity identity, string claimsType)
|
||||
{
|
||||
return (identity as ClaimsIdentity)?.FindFirst(claimsType)?.Value;
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Checks if a user meets a specific authorization policy.
|
||||
/// </summary>
|
||||
|
|
|
|||
|
|
@ -7,29 +7,25 @@ namespace Microsoft.Extensions.Logging
|
|||
{
|
||||
internal static class LoggingExtensions
|
||||
{
|
||||
private static Action<ILogger, string, Exception> _userAuthorizationFailed;
|
||||
private static Action<ILogger, string, Exception> _userAuthorizationSucceeded;
|
||||
private static Action<ILogger, Exception> _userAuthorizationFailed;
|
||||
private static Action<ILogger, Exception> _userAuthorizationSucceeded;
|
||||
|
||||
static LoggingExtensions()
|
||||
{
|
||||
_userAuthorizationSucceeded = LoggerMessage.Define<string>(
|
||||
_userAuthorizationSucceeded = LoggerMessage.Define(
|
||||
eventId: 1,
|
||||
logLevel: LogLevel.Information,
|
||||
formatString: "Authorization was successful for user: {UserName}.");
|
||||
_userAuthorizationFailed = LoggerMessage.Define<string>(
|
||||
formatString: "Authorization was successful.");
|
||||
_userAuthorizationFailed = LoggerMessage.Define(
|
||||
eventId: 2,
|
||||
logLevel: LogLevel.Information,
|
||||
formatString: "Authorization failed for user: {UserName}.");
|
||||
formatString: "Authorization failed.");
|
||||
}
|
||||
|
||||
public static void UserAuthorizationSucceeded(this ILogger logger, string userName)
|
||||
{
|
||||
_userAuthorizationSucceeded(logger, userName, null);
|
||||
}
|
||||
public static void UserAuthorizationSucceeded(this ILogger logger)
|
||||
=> _userAuthorizationSucceeded(logger, null);
|
||||
|
||||
public static void UserAuthorizationFailed(this ILogger logger, string userName)
|
||||
{
|
||||
_userAuthorizationFailed(logger, userName, null);
|
||||
}
|
||||
public static void UserAuthorizationFailed(this ILogger logger)
|
||||
=> _userAuthorizationFailed(logger, null);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue