public struct Interactions : System.ValueType
public struct Interactions : System.ValueType
<script src="@Url.Content(Links.UserEndpointJavaScript)"></script>
[HttpGet]
[Route(Links.UserEndpointJavaScript)]
[AllowAnonymous, Ignore(Walter.Web.FireWall.Filters.FireWallGuardActions.EmbeddedResources)]
[NoCache]
public FileContentResult ValidateUser()
{
//use the ID to force reloading the script after the user has logged in or logged off//as the firewall will create a different script for logged in users.try
{
if (_fireWall.TryGetValidateUserJavaScript(page: _page, out var javaScript))
{
var file = File(fileContents: javaScript, contentType: "text/javascript");
file.LastModified = Inverse.Clock().UtcNow;
file.FileDownloadName = _page.OriginalUrl.AbsoluteUri;
return file;
}
else
{
_logger?.Lazy().LogWarning("ValidateUser javascript generation failed for {Page}", _page.ToString());
javaScript = System.Text.UTF8Encoding.UTF8.GetBytes($"console.log('could not generate userValidation')");
return File(fileContents: javaScript, contentType: "text/javascript");
}
}
catch (ArgumentException e)
{
_page.Exception = e;
_fireWall.LogException<RunTimeErrors>(RunTimeErrors.ArgumentNullException, e, "Missing a configuration element or using wrong release for your deployment");
var javaScript = System.Diagnostics.Debugger.IsAttached
? System.Text.UTF8Encoding.UTF8.GetBytes($"console.log('could not generate userValidation due to {e.Message}')")
: System.Text.UTF8Encoding.UTF8.GetBytes($"//Validate log {Inverse.Clock().Now} for errors and update settings");
return File(fileContents: javaScript, contentType: "text/javascript");
}
catch (Exception e)
{
_page.Exception = e;
_fireWall.LogException<RunTimeErrors>(RunTimeErrors.ArgumentNullException, e, $"User type discovery will not work as good as it could please fix {e.Message}");
var javaScript = System.Text.UTF8Encoding.UTF8.GetBytes($"console.log('could not generate userValidation due to {e.Message}')");
return File(fileContents: javaScript, contentType: "text/javascript");
}
finally
{
_logger?.Lazy().LogDebug("ValidateUser called");
}
}
[HttpPost, Route(Links.BeaconPoint), AllowAnonymous]
[CrossSite, Ignore(skip: FireWallGuardActions.ALL & ~FireWallGuardActions.RejectCrossSiteRequests)]
[ModelFilter(associations : RequestersAssociations.InCurrentPage
, generateIncident : false
, pageGroupPropertyName :Walter.Web.FireWall.Beacon.PageRequestGroupIdModelCode)]
public StatusCodeResult Beacon(string model)
{
if (!ModelState.IsValid)
{
_logger?.Lazy().LogInformation("beacon: failed has {errors} errors", ModelState.ErrorCount);
return this.Ok();//no need to make a fuss
}
if (!string.IsNullOrEmpty(model))
{
var beacon = JsonConvert.DeserializeObject<Beacon>(model);
_fireWall.ModelIsValid(pageContext: _page, model: beacon, out var errors);
if (errors.Sum(s => s.BlockingSeverityScore) < 100)
{
_fireWall.LogPageRequest(beacon, _page);
}
else
{
foreach (var error in errors)
{
_logger?.Lazy().LogInformation("beacon: {warn}", error);
}
}
}
return this.Ok();
}
[HttpPost]
[AllowAnonymous]
[Route(Links.IsUserEndpoint)]
[CrossSite, Ignore(skip: FireWallGuardActions.ALL & ~FireWallGuardActions.RejectCrossSiteRequests)]
[ModelFilter(Associations = RequestersAssociations.InCurrentPage, GenerateIncident = false)]
public StatusCodeResult UserDiscovery([FromBody] Discovery model)
{
if (model is null)
{
_logger?.Lazy().LogDebug("user discovery called but the model field or data types are not compatible, please wait, update the model to fix the users discovery javascript");
return this.NoContent();
}
else
{
_fireWall.ModelIsValid(pageContext: _page, model: model, out var errors);
if (errors.Sum(s => s.BlockingSeverityScore) < 100)
{
_fireWall.LogPageRequest(model, _page);
return Ok();
}
else
{
_logger?.Lazy().LogInformation("An attempt was made to send a tampered model to {url}", _page.OriginalUrl.AbsoluteUri);
if (errors.Sum(s => s.BlockingSeverityScore) > 100)
{
var fwu = _page.User.AsFirewallUser();
using (var scope = _logger?.BeginScope<string>($"User {fwu.Id} from {fwu.IPAddress} tampered with the model send back to {Links.IsUserEndpoint} and triggered {errors.Count} warnings"))
{
for (var i = 0; i < errors.Count; i++)
{
_logger?.Lazy().LogInformation("incident:{count} reason:{reason} context:{context} weight:{weight}", i + 1, errors[i].Reason, errors[i].BlockingContext, errors[i].BlockingSeverityScore);
}
}
//tamper detected so return a 404
return this.NotFound();
}
//model data is not valid, could be tampered but could also just be not containing required values
return this.BadRequest();
}
}
}
[HttpPost, Route(Links.SiteMapEndPoint)]
[CrossSite(useDefaultRedirect: false), Ignore(skip: FireWallGuardActions.ALL & ~FireWallGuardActions.RejectCrossSiteRequests)]
[ModelFilter(Associations = RequestersAssociations.InCurrentPage, GenerateIncident =false)]
public StatusCodeResult SiteMap([FromBody] SiteMapDiscovery model)
{
_logger?.Lazy().LogDebug("Url SiteMapDiscovery called ");
//return await base.SiteMap(model);if (model is null)return NoContent();else
{
//The firewall will use predictive navigation for user as well as use it in web-statistics to show choices made by the user
_fireWall.LogSiteMap(_page, model);
return Ok();
}
}
System.Object
System.ValueType
Walter.Web.FireWall.Interactions
Target Platforms: Windows 7, Windows Vista SP1 or later, Windows XP SP3, Windows Server 2008 (Server Core not supported), Windows Server 2008 R2 (Server Core supported with SP1 or later), Windows Server 2003 SP2