Stop logging username/token
Fixes https://github.com/aspnet/Security/issues/1259
This commit is contained in:
parent
dde7671c06
commit
ba1eb281d1
|
|
@ -110,7 +110,7 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
|
||||||
}
|
}
|
||||||
catch (Exception ex)
|
catch (Exception ex)
|
||||||
{
|
{
|
||||||
Logger.TokenValidationFailed(token, ex);
|
Logger.TokenValidationFailed(ex);
|
||||||
|
|
||||||
// Refresh the configuration for exceptions that may be caused by key rollovers. The user can also request a refresh in the event.
|
// Refresh the configuration for exceptions that may be caused by key rollovers. The user can also request a refresh in the event.
|
||||||
if (Options.RefreshOnIssuerKeyNotFound && Options.ConfigurationManager != null
|
if (Options.RefreshOnIssuerKeyNotFound && Options.ConfigurationManager != null
|
||||||
|
|
|
||||||
|
|
@ -7,16 +7,16 @@ namespace Microsoft.Extensions.Logging
|
||||||
{
|
{
|
||||||
internal static class LoggingExtensions
|
internal static class LoggingExtensions
|
||||||
{
|
{
|
||||||
private static Action<ILogger, string, Exception> _tokenValidationFailed;
|
private static Action<ILogger, Exception> _tokenValidationFailed;
|
||||||
private static Action<ILogger, Exception> _tokenValidationSucceeded;
|
private static Action<ILogger, Exception> _tokenValidationSucceeded;
|
||||||
private static Action<ILogger, Exception> _errorProcessingMessage;
|
private static Action<ILogger, Exception> _errorProcessingMessage;
|
||||||
|
|
||||||
static LoggingExtensions()
|
static LoggingExtensions()
|
||||||
{
|
{
|
||||||
_tokenValidationFailed = LoggerMessage.Define<string>(
|
_tokenValidationFailed = LoggerMessage.Define(
|
||||||
eventId: 1,
|
eventId: 1,
|
||||||
logLevel: LogLevel.Information,
|
logLevel: LogLevel.Information,
|
||||||
formatString: "Failed to validate the token {Token}");
|
formatString: "Failed to validate the token.");
|
||||||
_tokenValidationSucceeded = LoggerMessage.Define(
|
_tokenValidationSucceeded = LoggerMessage.Define(
|
||||||
eventId: 2,
|
eventId: 2,
|
||||||
logLevel: LogLevel.Information,
|
logLevel: LogLevel.Information,
|
||||||
|
|
@ -27,19 +27,13 @@ namespace Microsoft.Extensions.Logging
|
||||||
formatString: "Exception occurred while processing message.");
|
formatString: "Exception occurred while processing message.");
|
||||||
}
|
}
|
||||||
|
|
||||||
public static void TokenValidationFailed(this ILogger logger, string token, Exception ex)
|
public static void TokenValidationFailed(this ILogger logger, Exception ex)
|
||||||
{
|
=> _tokenValidationFailed(logger, ex);
|
||||||
_tokenValidationFailed(logger, token, ex);
|
|
||||||
}
|
|
||||||
|
|
||||||
public static void TokenValidationSucceeded(this ILogger logger)
|
public static void TokenValidationSucceeded(this ILogger logger)
|
||||||
{
|
=> _tokenValidationSucceeded(logger, null);
|
||||||
_tokenValidationSucceeded(logger, null);
|
|
||||||
}
|
|
||||||
|
|
||||||
public static void ErrorProcessingMessage(this ILogger logger, Exception ex)
|
public static void ErrorProcessingMessage(this ILogger logger, Exception ex)
|
||||||
{
|
=> _errorProcessingMessage(logger, ex);
|
||||||
_errorProcessingMessage(logger, ex);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -98,37 +98,15 @@ namespace Microsoft.AspNetCore.Authorization
|
||||||
var result = _evaluator.Evaluate(authContext);
|
var result = _evaluator.Evaluate(authContext);
|
||||||
if (result.Succeeded)
|
if (result.Succeeded)
|
||||||
{
|
{
|
||||||
_logger.UserAuthorizationSucceeded(GetUserNameForLogging(user));
|
_logger.UserAuthorizationSucceeded();
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
_logger.UserAuthorizationFailed(GetUserNameForLogging(user));
|
_logger.UserAuthorizationFailed();
|
||||||
}
|
}
|
||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
|
|
||||||
private string GetUserNameForLogging(ClaimsPrincipal user)
|
|
||||||
{
|
|
||||||
var identity = user?.Identity;
|
|
||||||
if (identity != null)
|
|
||||||
{
|
|
||||||
var name = identity.Name;
|
|
||||||
if (name != null)
|
|
||||||
{
|
|
||||||
return name;
|
|
||||||
}
|
|
||||||
return GetClaimValue(identity, "sub")
|
|
||||||
?? GetClaimValue(identity, ClaimTypes.Name)
|
|
||||||
?? GetClaimValue(identity, ClaimTypes.NameIdentifier);
|
|
||||||
}
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
|
|
||||||
private static string GetClaimValue(IIdentity identity, string claimsType)
|
|
||||||
{
|
|
||||||
return (identity as ClaimsIdentity)?.FindFirst(claimsType)?.Value;
|
|
||||||
}
|
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
/// Checks if a user meets a specific authorization policy.
|
/// Checks if a user meets a specific authorization policy.
|
||||||
/// </summary>
|
/// </summary>
|
||||||
|
|
|
||||||
|
|
@ -7,29 +7,25 @@ namespace Microsoft.Extensions.Logging
|
||||||
{
|
{
|
||||||
internal static class LoggingExtensions
|
internal static class LoggingExtensions
|
||||||
{
|
{
|
||||||
private static Action<ILogger, string, Exception> _userAuthorizationFailed;
|
private static Action<ILogger, Exception> _userAuthorizationFailed;
|
||||||
private static Action<ILogger, string, Exception> _userAuthorizationSucceeded;
|
private static Action<ILogger, Exception> _userAuthorizationSucceeded;
|
||||||
|
|
||||||
static LoggingExtensions()
|
static LoggingExtensions()
|
||||||
{
|
{
|
||||||
_userAuthorizationSucceeded = LoggerMessage.Define<string>(
|
_userAuthorizationSucceeded = LoggerMessage.Define(
|
||||||
eventId: 1,
|
eventId: 1,
|
||||||
logLevel: LogLevel.Information,
|
logLevel: LogLevel.Information,
|
||||||
formatString: "Authorization was successful for user: {UserName}.");
|
formatString: "Authorization was successful.");
|
||||||
_userAuthorizationFailed = LoggerMessage.Define<string>(
|
_userAuthorizationFailed = LoggerMessage.Define(
|
||||||
eventId: 2,
|
eventId: 2,
|
||||||
logLevel: LogLevel.Information,
|
logLevel: LogLevel.Information,
|
||||||
formatString: "Authorization failed for user: {UserName}.");
|
formatString: "Authorization failed.");
|
||||||
}
|
}
|
||||||
|
|
||||||
public static void UserAuthorizationSucceeded(this ILogger logger, string userName)
|
public static void UserAuthorizationSucceeded(this ILogger logger)
|
||||||
{
|
=> _userAuthorizationSucceeded(logger, null);
|
||||||
_userAuthorizationSucceeded(logger, userName, null);
|
|
||||||
}
|
|
||||||
|
|
||||||
public static void UserAuthorizationFailed(this ILogger logger, string userName)
|
public static void UserAuthorizationFailed(this ILogger logger)
|
||||||
{
|
=> _userAuthorizationFailed(logger, null);
|
||||||
_userAuthorizationFailed(logger, userName, null);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue