Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to get authenticated user's name, IP address, and the controller action being called from an HTTP Filter?

I'm trying to audit my action events on the controller. I want to keep track of authenticated user's name, his IP address, and controller action being called.

My filter code:

public class AuditAttribute : System.Web.Http.Filters.ActionFilterAttribute
    {
        public override void OnActionExecuting(HttpActionContext filterContext)
        {
            var request = filterContext.Request;
            // get user name + ip address + controlleraction 
            base.OnActionExecuting(filterContext);
        }

I was searching on the internet only to see examples of how to do it for Mvc but not for HTTP. For instance, this link here talks about how to audit events for Mvc: http://rion.io/2013/03/03/implementing-audit-trails-using-asp-net-mvc-actionfilters/

This link however talks about how to capture IP address for HTTP web app: Capture request IP Address in Web API Authentication Filter But I'm struggling to follow it. Not sure where exactly to put this code in.

Appreciate your help.

like image 678
90abyss Avatar asked Dec 06 '16 09:12

90abyss


People also ask

How do I use action filter in Web API?

Action filters contain logic that is executed before and after a controller action executes. You can use an action filter, for instance, to modify the view data that a controller action returns. Result filters contain logic that is executed before and after a view result is executed.

What is authentication filter in MVC?

ASP.NET MVC filters are used to add extra logic at the different levels of MVC Framework request processing. Authentication Filter runs before any other filter or action method. Authentication confirms if you are a valid or invalid user.


2 Answers

Try using below code.

UPDATE: For asp.net web api, please try this

public class AuditAttribute : ActionFilterAttribute
    {
        public override void OnActionExecuting(HttpActionContext actionContext)
        {
            var context = actionContext.RequestContext;
            var user = context.Principal.Identity.IsAuthenticated ? context.Principal.Identity.Name : string.Empty;
            var ip = GetClientIpAddress(actionContext.Request);
            var action = actionContext.ActionDescriptor.ActionName;
            var controller = actionContext.ActionDescriptor.ControllerDescriptor.ControllerName;

            base.OnActionExecuting(actionContext);
        }

        private string GetClientIpAddress(HttpRequestMessage request)
        {
            if (request.Properties.ContainsKey("MS_HttpContext"))
            {
                return IPAddress.Parse(((HttpContextBase)request.Properties["MS_HttpContext"]).Request.UserHostAddress).ToString();
            }
            if (request.Properties.ContainsKey("MS_OwinContext"))
            {
                return IPAddress.Parse(((OwinContext)request.Properties["MS_OwinContext"]).Request.RemoteIpAddress).ToString();
            }
            return String.Empty;
        }

    }

And for asp.net MVC, you can try this

public class AuditAttribute : ActionFilterAttribute
{
    public override void OnActionExecuting(ActionExecutingContext filterContext)
    {

        // get user name + ip address + controlleraction 
        var controller = filterContext.ActionDescriptor.ControllerDescriptor.ControllerName;
        var action = filterContext.ActionDescriptor.ActionName;
        var ip = filterContext.HttpContext.Request.UserHostAddress;
        var dateTime = filterContext.HttpContext.Timestamp;
        var user = GetUserName(filterContext.HttpContext);
    }


    private string GetUserName(HttpContext httpContext)
    {
        var userName = string.Empty;
        var context = httpContext.Current;
        if (context != null && context.User != null && context.User.Identity.IsAuthenticated)
        {
            userName = context.User.Identity.Name;
        }
        else
        {
            var threadPincipal = Thread.CurrentPrincipal;
            if (threadPincipal != null && threadPincipal.Identity.IsAuthenticated)
            {
                userName = threadPincipal.Identity.Name;
            }
        }
        return userName;
    }
}

Update 2 : Retrieving Client IP address is always a tricky business because there are lot of factors that has to be considered. How are clients accessing the application? Are they coming thru a proxy server? IP addresses can be spoofed, so there is no 100% reliable way. Looking at the Http Headers will provide you some level of success in both web api and mvc. But you always have to consider the fact that there will be cases where client IP is not valid.

How can I get the client's IP address in ASP.NET MVC?

like image 185
Vinod Avatar answered Nov 01 '22 00:11

Vinod


try this

using System.Web;

and use this

HttpContext.Current.Request.UserHostAddress
like image 44
Opt Prutal Avatar answered Nov 01 '22 00:11

Opt Prutal