Add some basic logging to AuthZ/N

2015-10-20 13:47:59 -07:00 · 2015-10-20 13:47:59 -07:00 · e0464c9508
parent fd54c5af21
commit e0464c9508
3 changed files with 37 additions and 2 deletions
--- a/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs
@ -104,6 +104,7 @@ namespace Microsoft.AspNet.Authentication
                if (ticket?.Principal != null)
                {
                    Context.User = SecurityHelper.MergeUserPrincipal(Context.User, ticket.Principal);
+                    Logger.LogInformation(0, "HttContext.User merged via AutomaticAuthentication from authenticationScheme: {scheme}.", Options.AuthenticationScheme);
                }
            }
        }
@ -209,11 +210,13 @@ namespace Microsoft.AspNet.Authentication
                    if (ticket?.Principal != null)
                    {
                        context.Authenticated(ticket.Principal, ticket.Properties.Items, Options.Description.Items);
+                        Logger.LogInformation(1, "AuthenticationScheme: {scheme} was successfully authenticated.", Options.AuthenticationScheme);
                        handled = true;
                    }
                    else
                    {
                        context.NotAuthenticated();
+                        Logger.LogVerbose(2, "AuthenticationScheme: {scheme} was not authenticated.", Options.AuthenticationScheme);
                    }
                }
            }
@ -241,6 +244,7 @@ namespace Microsoft.AspNet.Authentication
            {
                SignInAccepted = true;
                await HandleSignInAsync(context);
+                Logger.LogInformation(3, "AuthenticationScheme: {scheme} signed in.", Options.AuthenticationScheme);
                context.Accept();
            }
            else if (PriorHandler != null)
@ -260,6 +264,7 @@ namespace Microsoft.AspNet.Authentication
            {
                SignOutAccepted = true;
                await HandleSignOutAsync(context);
+                Logger.LogInformation(4, "AuthenticationScheme: {scheme} signed out.", Options.AuthenticationScheme);
                context.Accept();
            }
            else if (PriorHandler != null)
@ -310,9 +315,11 @@ namespace Microsoft.AspNet.Authentication
                        goto case ChallengeBehavior.Unauthorized;
                    case ChallengeBehavior.Unauthorized:
                        handled = await HandleUnauthorizedAsync(context);
+                        Logger.LogInformation(5, "AuthenticationScheme: {scheme} was challenged.", Options.AuthenticationScheme);
                        break;
                    case ChallengeBehavior.Forbidden:
                        handled = await HandleForbiddenAsync(context);
+                        Logger.LogInformation(6, "AuthenticationScheme: {scheme} was forbidden.", Options.AuthenticationScheme);
                        break;
                }
                context.Accept();
--- a/src/Microsoft.AspNet.Authorization/DefaultAuthorizationService.cs
+++ b/src/Microsoft.AspNet.Authorization/DefaultAuthorizationService.cs
@ -6,6 +6,7 @@ using System.Collections.Generic;
 using System.Linq;
 using System.Security.Claims;
 using System.Threading.Tasks;
+using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.OptionsModel;

 namespace Microsoft.AspNet.Authorization
@ -14,13 +15,29 @@ namespace Microsoft.AspNet.Authorization
    {
        private readonly IList<IAuthorizationHandler> _handlers;
        private readonly AuthorizationOptions _options;
+        private readonly ILogger _logger;

-        public DefaultAuthorizationService(IOptions<AuthorizationOptions> options, IEnumerable<IAuthorizationHandler> handlers)
+        public DefaultAuthorizationService(IOptions<AuthorizationOptions> options, IEnumerable<IAuthorizationHandler> handlers, ILogger<DefaultAuthorizationService> logger)
        {
+            if (options == null)
+            {
+                throw new ArgumentNullException(nameof(options));
+            }
+            if (handlers == null)
+            {
+                throw new ArgumentNullException(nameof(handlers));
+            }
+            if (logger == null)
+            {
+                throw new ArgumentNullException(nameof(logger));
+            }
+
            _handlers = handlers.ToArray();
            _options = options.Value;
+            _logger = logger;
        }

+
        public async Task<bool> AuthorizeAsync(ClaimsPrincipal user, object resource, IEnumerable<IAuthorizationRequirement> requirements)
        {
            if (requirements == null)
@ -33,7 +50,17 @@ namespace Microsoft.AspNet.Authorization
            {
                await handler.HandleAsync(authContext);
            }
-            return authContext.HasSucceeded;
+
+            if (authContext.HasSucceeded)
+            {
+                _logger.LogInformation(0, "Authorization was successful for user: {userName}.", user?.Identity?.Name);
+                return true;
+            }
+            else
+            {
+                _logger.LogInformation(1, "Authorization failed for user: {userName}.", user?.Identity?.Name);
+                return false;
+            }
        }

        public Task<bool> AuthorizeAsync(ClaimsPrincipal user, object resource, string policyName)
--- a/test/Microsoft.AspNet.Authorization.Test/DefaultAuthorizationServiceTests.cs
+++ b/test/Microsoft.AspNet.Authorization.Test/DefaultAuthorizationServiceTests.cs
@ -17,6 +17,7 @@ namespace Microsoft.AspNet.Authorization.Test
        {
            var services = new ServiceCollection();
            services.AddAuthorization();
+            services.AddLogging();
            if (setupServices != null)
            {
                setupServices(services);