From e0464c950853909aa3491c65b519db47bb22679f Mon Sep 17 00:00:00 2001 From: Hao Kung Date: Tue, 20 Oct 2015 13:47:59 -0700 Subject: [PATCH] Add some basic logging to AuthZ/N --- .../AuthenticationHandler.cs | 7 +++++ .../DefaultAuthorizationService.cs | 31 +++++++++++++++++-- .../DefaultAuthorizationServiceTests.cs | 1 + 3 files changed, 37 insertions(+), 2 deletions(-) diff --git a/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs index c55dc50d77..dcdf0badf7 100644 --- a/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs +++ b/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs @@ -104,6 +104,7 @@ namespace Microsoft.AspNet.Authentication if (ticket?.Principal != null) { Context.User = SecurityHelper.MergeUserPrincipal(Context.User, ticket.Principal); + Logger.LogInformation(0, "HttContext.User merged via AutomaticAuthentication from authenticationScheme: {scheme}.", Options.AuthenticationScheme); } } } @@ -209,11 +210,13 @@ namespace Microsoft.AspNet.Authentication if (ticket?.Principal != null) { context.Authenticated(ticket.Principal, ticket.Properties.Items, Options.Description.Items); + Logger.LogInformation(1, "AuthenticationScheme: {scheme} was successfully authenticated.", Options.AuthenticationScheme); handled = true; } else { context.NotAuthenticated(); + Logger.LogVerbose(2, "AuthenticationScheme: {scheme} was not authenticated.", Options.AuthenticationScheme); } } } @@ -241,6 +244,7 @@ namespace Microsoft.AspNet.Authentication { SignInAccepted = true; await HandleSignInAsync(context); + Logger.LogInformation(3, "AuthenticationScheme: {scheme} signed in.", Options.AuthenticationScheme); context.Accept(); } else if (PriorHandler != null) @@ -260,6 +264,7 @@ namespace Microsoft.AspNet.Authentication { SignOutAccepted = true; await HandleSignOutAsync(context); + Logger.LogInformation(4, "AuthenticationScheme: {scheme} signed out.", Options.AuthenticationScheme); context.Accept(); } else if (PriorHandler != null) @@ -310,9 +315,11 @@ namespace Microsoft.AspNet.Authentication goto case ChallengeBehavior.Unauthorized; case ChallengeBehavior.Unauthorized: handled = await HandleUnauthorizedAsync(context); + Logger.LogInformation(5, "AuthenticationScheme: {scheme} was challenged.", Options.AuthenticationScheme); break; case ChallengeBehavior.Forbidden: handled = await HandleForbiddenAsync(context); + Logger.LogInformation(6, "AuthenticationScheme: {scheme} was forbidden.", Options.AuthenticationScheme); break; } context.Accept(); diff --git a/src/Microsoft.AspNet.Authorization/DefaultAuthorizationService.cs b/src/Microsoft.AspNet.Authorization/DefaultAuthorizationService.cs index 9730ba0d9f..2e2702ff6a 100644 --- a/src/Microsoft.AspNet.Authorization/DefaultAuthorizationService.cs +++ b/src/Microsoft.AspNet.Authorization/DefaultAuthorizationService.cs @@ -6,6 +6,7 @@ using System.Collections.Generic; using System.Linq; using System.Security.Claims; using System.Threading.Tasks; +using Microsoft.Extensions.Logging; using Microsoft.Extensions.OptionsModel; namespace Microsoft.AspNet.Authorization @@ -14,13 +15,29 @@ namespace Microsoft.AspNet.Authorization { private readonly IList _handlers; private readonly AuthorizationOptions _options; + private readonly ILogger _logger; - public DefaultAuthorizationService(IOptions options, IEnumerable handlers) + public DefaultAuthorizationService(IOptions options, IEnumerable handlers, ILogger logger) { + if (options == null) + { + throw new ArgumentNullException(nameof(options)); + } + if (handlers == null) + { + throw new ArgumentNullException(nameof(handlers)); + } + if (logger == null) + { + throw new ArgumentNullException(nameof(logger)); + } + _handlers = handlers.ToArray(); _options = options.Value; + _logger = logger; } + public async Task AuthorizeAsync(ClaimsPrincipal user, object resource, IEnumerable requirements) { if (requirements == null) @@ -33,7 +50,17 @@ namespace Microsoft.AspNet.Authorization { await handler.HandleAsync(authContext); } - return authContext.HasSucceeded; + + if (authContext.HasSucceeded) + { + _logger.LogInformation(0, "Authorization was successful for user: {userName}.", user?.Identity?.Name); + return true; + } + else + { + _logger.LogInformation(1, "Authorization failed for user: {userName}.", user?.Identity?.Name); + return false; + } } public Task AuthorizeAsync(ClaimsPrincipal user, object resource, string policyName) diff --git a/test/Microsoft.AspNet.Authorization.Test/DefaultAuthorizationServiceTests.cs b/test/Microsoft.AspNet.Authorization.Test/DefaultAuthorizationServiceTests.cs index fbf67ec15a..3ee2e547c5 100644 --- a/test/Microsoft.AspNet.Authorization.Test/DefaultAuthorizationServiceTests.cs +++ b/test/Microsoft.AspNet.Authorization.Test/DefaultAuthorizationServiceTests.cs @@ -17,6 +17,7 @@ namespace Microsoft.AspNet.Authorization.Test { var services = new ServiceCollection(); services.AddAuthorization(); + services.AddLogging(); if (setupServices != null) { setupServices(services);