I am using ABP version 3.8.2. I have enabled ABP Audit Logging and it's working fine.
Is there any way to substitute or mask Audit Log value with a different value in order to hide sensitive information like Password, Credit Card details, etc.? Maybe by extending ABP's Audited attribute.
Kindly suggest.
Yes, you can substitute or mask audited values in order to hide sensitive information.
Implement MaskableAuditSerializer:
public class MaskableAuditSerializer : IAuditSerializer, ITransientDependency
{
private readonly IAuditingConfiguration _configuration;
public MaskableJsonNetAuditSerializer(IAuditingConfiguration configuration)
{
_configuration = configuration;
}
public string Serialize(object obj)
{
var options = new JsonSerializerSettings
{
ContractResolver = new MaskableAuditingContractResolver(_configuration.IgnoredTypes)
};
return JsonConvert.SerializeObject(obj, options);
}
}
Implement MaskableAuditingContractResolver by inheriting AuditingContractResolver:
public class MaskableAuditingContractResolver : AuditingContractResolver
{
public MaskableAuditingContractResolver(List<Type> ignoredTypes)
: base(ignoredTypes)
{
}
protected override JsonProperty CreateProperty(MemberInfo member, MemberSerialization memberSerialization)
{
var property = base.CreateProperty(member, memberSerialization);
if (member.IsDefined(typeof(MaskedAuditedAttribute)))
{
property.ValueProvider = new MaskedValueProvider();
}
return property;
}
}
Implement MaskedValueProvider:
public class MaskedValueProvider : IValueProvider
{
public object GetValue(object target)
{
return "***";
}
public void SetValue(object target, object value)
{
throw new NotImplementedException();
}
}
Implement MaskedAuditedAttribute by inheriting AuditedAttribute:
public class MaskedAuditedAttribute : AuditedAttribute
{
}
Usage
public class LoginViewModel
{
[MaskedAudited]
public string Password { get; set; }
// ...
}
Related
I have an API with multiple endpoints. I'd like to add a property to all endpoint responses, without adding it to each endpoint response model individually.
Ex:
public class MyClass
{
public string MyProperty { get; set; } = "Hello";
}
public class MyOtherClass
{
public string MyOtherProperty { get; set; } = "World";
}
public class MyController : ControllerBase
{
[HttpPost]
public async Task<ActionResult<MyClass>> EndpointOne(POSTData data)
{
// implementation omitted
}
[HttpPost]
public async Task<ActionResult<MyOtherClass>> EndpointTwo(POSTOtherData otherData)
{
// implementation omitted
}
}
Calling either endpoint returns a JSON representation of MyClass or MyOtherClass as appropriate - i.e.
{ "MyProperty":"Hello" } or { "MyOtherProperty":"World" }
I want to add a property, say a string ApiName, to all endpoints in the API, so that the result of the above code would be either (as appropriate)
{ "MyProperty":"Hello", "ApiName":"My awesome API" }
or
{ "MyOtherProperty":"World", "ApiName":"My awesome API" }
Is there a way to hook into the JSON-stringified result just before returning and add a top-level property like that? If so, I presume I'd have to wire it up in startup.cs, so I've been looking at app.UseEndpoints(...) methods, but haven't found anything that's worked so far. Either it's not added the property, or it's replaced the original result with the new property.
Thanks in advance!
Use Newtonsoft.Json in your net web api
Register a custom contract resolver in Startup.cs:
builder.Services.AddControllers()
.AddNewtonsoftJson(options => options.SerializerSettings.ContractResolver = CustomContractResolver.Instance);
The implementation:
public class CustomContractResolver : DefaultContractResolver {
public static CustomContractResolver Instance { get; } = new CustomContractResolver();
protected override IList<JsonProperty> CreateProperties(Type type, MemberSerialization memberSerialization)
{
var properties = base.CreateProperties(type, memberSerialization);
// add new property
...
properties.Add(newProp);
return properties;
}}
See more Json.net Add property to every class containing of a certain type
You can add a base class with the shared property. Should work for both XML and JSON.
public class MyApiClass
{
public string ApiName => "MyAwesomeApi";
}
public class MyClass : MyApiClass
{
public string MyProperty { get; set; } = "Hello";
}
public class MyOtherClass : MyApiClass
{
public string MyOtherProperty { get; set; } = "World";
}
public class MyController : ControllerBase
{
[HttpPost]
public async Task<ActionResult<MyClass>> EndpointOne(POSTData data)
{
// implementation omitted
}
[HttpPost]
public async Task<ActionResult<MyOtherClass>> EndpointTwo(POSTOtherData otherData)
{
// implementation omitted
}
}
My 0.02 cents says to implement an abstract base class.
Abstract class inheritance look similar to a standard inheritance.
public class MyClass:MyAbstractClass
{
[JsonPropertyName("Class Property")]
public string MyProperty { get; set; } = "Hello";
}
public class MyOtherClass:MyAbstractClass
{
[JsonPropertyName("Class Property")]
public string MyOtherProperty { get; set; } = "World";
}
However the abstract class will allow you to implement additional features in the event you need them in the future.
public abstract class MyAbstractClass{
[JsonPropertyName("API Name")]
public string ApiName{get;set;}="My Aweomse API";
//Just a thought if you want to keep track of the end point names
//while keeping your object names the same
[JsonIgnore(Condition = JsonIgnoreCondition.Always)]
public string EndPointName{
get{
return get_endpoint_name();
}}
private string get_endpoint_name(){
return this.GetType().Name;
}
//May as well make it easy to grab the JSON
[JsonIgnore(Condition = JsonIgnoreCondition.Always)]
public string As_JSON{
get {
return to_json();
}}
private string to_json(){
object _myObject = this;
string _out;
JsonSerializerOptions options =
new JsonSerializerOptions {
WriteIndented = true };
_out =
JsonSerializer.Serialize(_myObject, options);
return _out;
}
}
Probably should have implemented a generic return object, then you could just loop through the task results. I suppose you still can if you have the task return only the JSON string.
public static void run(){
Task<MyClass> _t0 = task0();
Task<MyOtherClass> _t1 = task1();
Task[] _tasks = new Task[]{_t0,_t1};
Task.WhenAll(_tasks).Wait();
Console.WriteLine(""
+$"{_t1.Result.ApiName}:\n"
+$"End Point: {_t1.Result.EndPointName}:\n"
+$"JSON:\n{_t1.Result.As_JSON}");
Console.WriteLine(""
+$"{_t0.Result.ApiName}:\n"
+$"End Point: {_t0.Result.EndPointName}:\n"
+$"JSON:\n{_t0.Result.As_JSON}");
}
private static Task<MyClass> task0(){
return Task.Run(()=>{
Console.WriteLine("Task 0 Doing Something");
return new MyClass();
});
}
private static Task<MyOtherClass> task1(){
return Task.Run(()=>{
Console.WriteLine("Task 1 Doing Something");
return new MyOtherClass();
});
}
And of course the aweosome...awesome:-) results:
Another thought is that you could implement your two different tasks as abstract methods, but that's a different conversation all together.
In addition to all of the great answers, I prefer to use Action Filter and ExpandoObject.
In Program File you should add your custom action Filter.
builder.Services.AddControllers(opt =>
{
opt.Filters.Add<ResponseHandler>();
});
and ResponseHandler acts like below:
public class ResponseHandler : IActionFilter
{
public void OnActionExecuted(ActionExecutedContext context)
{
IDictionary<string, object> expando = new ExpandoObject();
foreach (var propertyInfo in (context.Result as ObjectResult).Value.GetType().GetProperties())
{
var currentValue = propertyInfo.GetValue((context.Result as ObjectResult).Value);
expando.Add(propertyInfo.Name, currentValue);
}
dynamic result = expando as ExpandoObject;
result.ApiName = context.ActionDescriptor.RouteValues["action"].ToString();
context.Result = new ObjectResult(result);
}
public void OnActionExecuting(ActionExecutingContext context)
{
}
}
I created a custom validation attribute that I want to use for my API controller DTOs. This attribute needs values from the configured options, that's why I'm injecting them in the constructor, so that I can use the options service later on in the IsValid and FormatErrorMessage method.
internal class MyValidationAttribute : ValidationAttribute
{
private readonly IOptionsMonitor<MyOptions> myOptionsMonitor;
public MyValidationAttribute(IOptionsMonitor<MyOptions> myOptionsMonitor)
{
this.myOptionsMonitor = myOptionsMonitor;
}
public override bool IsValid(object value)
{
// ... use myOptionsMonitor here ...
return false;
}
public override string FormatErrorMessage(string name)
{
// ... use myOptionsMonitor here ...
return string.Empty;
}
}
Unfortunately when I want to use this as an attribute in my DTO
internal class MyDTO
{
[MyValidationAttribute]
public string Foo { get; set; }
}
I get the error message
There is no argument given that corresponds to the required formal
parameter 'myOptionsMonitor' of
'MyValidationAttribute.MyValidationAttribute(IOptionsMonitor)'
Is there a way I can use dependency injection for validation attributes? I know that I can use the ValidationContext like so
internal class MyValidationAttribute : ValidationAttribute
{
protected override ValidationResult IsValid(object value, ValidationContext validationContext)
{
if (value != null)
{
IOptionsMonitor<MyOptions> myOptionsMonitor = validationContext.GetService<IOptionsMonitor<MyOptions>>();
// ...
return ValidationResult.Success;
}
return new ValidationResult("Something failed");
}
}
But I want to use the FormatErrorMessage method from the base class and this has no access to the options service.
My current solution
For now, this is the code I'm using
[AttributeUsage(AttributeTargets.Field | AttributeTargets.Property)]
internal class CustomValidationAttribute : ValidationAttribute
{
protected override ValidationResult IsValid(object value, ValidationContext validationContext)
{
IOptionsMonitor<MyOptions> myOptionsMonitor = validationContext.GetService<IOptionsMonitor<MyOptions>>();
Dictionary<string, string> myMap = myOptionsMonitor.CurrentValue.MyMap;
string key = value.ToString() ?? string.Empty;
if (myMap.ContainsKey(key))
return ValidationResult.Success;
string[] formattedKeys = myMap.Keys.Select(key => $"'{key}'").ToArray();
string keysText = string.Join(" / ", formattedKeys);
string errorMessage = $"Invalid value. Valid ones are {keysText}";
return new ValidationResult(errorMessage);
}
}
Attributes are not designed for this purpose. But you can use action filters instead.
Let`s make your attribute as simple as it can be, we don't need any validation logic there.
[AttributeUsage(AttributeTargets.Property)]
public class CustomValidationAttribute : Attribute
{ }
For my example I created service that we are going to inject
public class SomeService
{
public bool IsValid(string str)
{
return str == "Valid";
}
}
and a class that we are going to validate
public class ClassToValidate
{
[CustomValidation]
public string ValidStr { get; set; } = "Valid";
[CustomValidation]
public string InvalidStr { get; set; } = "Invalid";
}
Now we can finally create action filter to validate our properties. In the snippet below, we hook into ASP.NET Core pipeline to execute code just before our controller action executes. Here I get action arguments and try to find CustomValidationAttribute on any property. If it is there, grab the value from the property, cast to type (I simply invoke .ToString()) and pass to your service. Based on value that is returned from service, we continue execution or add error to ModelState dictionary.
public class CustomValidationActionFilter : ActionFilterAttribute
{
private readonly SomeService someService;
public CustomValidationActionFilter(SomeService someService)
{
this.someService = someService;
}
public override void OnActionExecuting(ActionExecutingContext context)
{
var actionArguments = context.ActionArguments;
foreach (var actionArgument in actionArguments)
{
var propertiesWithAttributes = actionArgument.Value
.GetType()
.GetProperties()
.Where(x => x.GetCustomAttributes(true).Any(y => y.GetType() == typeof(CustomValidationAttribute)))
.ToList();
foreach (var property in propertiesWithAttributes)
{
var value = property.GetValue(actionArgument.Value).ToString();
if (someService.IsValid(value))
continue;
else
context.ModelState.AddModelError(property.Name, "ModelState is invalid!!!");
}
}
base.OnActionExecuting(context);
}
}
Don't forget to add your filter to the pipeline in Startup.cs!
services.AddMvc(x =>
{
x.Filters.Add(typeof(CustomValidationActionFilter));
});
Update:
If you strictly want to use dependency injection inside attribute, you could use service locator anti-pattern. For that we need to emulate DependencyResolver.Current from ASP.NET MVC
public class CustomValidationAttribute : ValidationAttribute
{
private IServiceProvider serviceProvider;
public CustomValidationAttribute()
{
serviceProvider = AppDependencyResolver.Current.GetService<IServiceProvider>();
}
public override bool IsValid(object value)
{
// scope is required for scoped services
using (var scope = serviceProvider.CreateScope())
{
var service = scope.ServiceProvider.GetService<SomeService>();
return base.IsValid(value);
}
}
}
public class AppDependencyResolver
{
private static AppDependencyResolver _resolver;
public static AppDependencyResolver Current
{
get
{
if (_resolver == null)
throw new Exception("AppDependencyResolver not initialized. You should initialize it in Startup class");
return _resolver;
}
}
public static void Init(IServiceProvider services)
{
_resolver = new AppDependencyResolver(services);
}
private readonly IServiceProvider _serviceProvider;
public object GetService(Type serviceType)
{
return _serviceProvider.GetService(serviceType);
}
public T GetService<T>()
{
return (T)_serviceProvider.GetService(typeof(T));
}
private AppDependencyResolver(IServiceProvider serviceProvider)
{
_serviceProvider = serviceProvider;
}
}
It should be initialized in Startup.cs
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
AppDependencyResolver.Init(app.ApplicationServices);
// other code
}
I'm writing a simple windows service, and I want to use a Dependency Injection.
On service start, the app read the JSON string from file, and deserialize it to object.
One of property in JSON is list of 'Bar' objects, and in 'Bar' constructor I want to inject FooService.
I suspected that following code will works, but 'service' in 'Bar' constructor is null.
Can anyone expalin me, why this code not working, and how to change it to works?
That's my code:
NinjectBinding.cs
class NinjectBindings : Ninject.Modules.NinjectModule
{
public override void Load()
{
Bind<IFooService>().To<FooService>();
Bind<Bar>().ToSelf().WithConstructorArgument("service", ctx => ctx.Kernel.Get<IFooService>());
}
}
Deserializator.cs
internal class Deserializator
{
internal static void GetFilePaths()
{
var json = JsonConvert.DeserializeObject<Deserializator>("{}");///... Read from JSON File
}
public List<Bar> BarList { get; set; }
}
Bar.cs
public class Bar {
private readonly IFooService _fooService;
public Bar (IFooService service){
// here service is null
using (var kernel = new StandardKernel(new NinjectBindings())){
var kernelService = kernel.Get<IFooService>();
// here kernelService is NOT null
}
}
}
UPDATE
I found solution on https://www.newtonsoft.com/json/help/html/DeserializeWithDependencyInjection.htm
I've added NinjectResolver.cs
class NinjectResolver : DefaultContractResolver
{
private readonly IKernel _container;
public NinjectResolver(IKernel container)
{
_container = container;
}
protected override JsonObjectContract CreateObjectContract(Type objectType)
{
if (_container.TryGet(objectType) != null)
{
JsonObjectContract contract = ResolveContact(objectType);
contract.DefaultCreator = () => _container.Get(objectType);
return contract;
}
return base.CreateObjectContract(objectType);
}
private JsonObjectContract ResolveContact(Type objectType)
{
return base.CreateObjectContract(objectType);
}
}
remove Bind from NinjectBindings, and change SerializationMethod to:
var json = JsonConvert.DeserializeObject<Deserializator>("{}", new
JsonSerializerSettings()
{
ContractResolver = new NinjectResolver(new StandardKernel(new NinjectBindings()))
});
And now - it works.
Just going to lay out all the info i have:
In short, I am looking for something exactly (literally) like this but compatible with ASP Core (2.2) and the C# MongoDB Driver (2.7).
This seems like such a common requirement, I am very surprised i can't find anything already built.
Here is what i have so far:
Model:
public class Patient
{
//comes from the client as XXXXXXXXX, RegEx: "([0-9]{9})"
//[MongoEncrypt]
public EncryptedString SocialSecurityNumber { get; set; }
}
Attribute:
[AttributeUsage(AttributeTargets.Property)]
public class MongoEncryptAttribute : BsonSerializerAttribute
{
public MongoEncryptAttribute()
{
SerializerType = typeof(MongoEncryptSerializer);
}
}
Custom Serializer:
public interface IMongoEncryptSerializer : IBsonSerializer<EncryptedString>{ }
public class MongoEncryptSerializer : SerializerBase<EncryptedString>, IMongoEncryptSerializer
{
private readonly string _encryptionKey;
public MongoEncryptSerializer(IConfiguration configuration)
{
_encryptionKey = configuration.GetSection("MongoDb")["EncryptionKey"];
}
public override EncryptedString Deserialize(BsonDeserializationContext context, BsonDeserializationArgs args)
{
var encryptedString = context.Reader.ReadString();
return AesThenHmac.SimpleDecryptWithPassword(encryptedString, _encryptionKey);
}
public override void Serialize(BsonSerializationContext context, BsonSerializationArgs args, EncryptedString value)
{
var encryptedString = AesThenHmac.SimpleEncryptWithPassword(value, _encryptionKey);
context.Writer.WriteString(encryptedString);
}
}
Open Items:
Use DI (vanilla .net core DI) to get the Serializer. thinking of something like BsonSerializer.RegisterSerializer(type,serializer) in a bootstrap method where i can access the service collection and do a GetInstance but then i would need string SocialSecurityNumber to use a custom type (maybe SecureString?)
Went with a custom type,EncryptedString, with implicit string conversion
Use DI in the serializer to get the key (initially from IConfiguration/appsettings.json and then ultimately from Azure KeyVault (whole new can of worms for me)) and the EncryptionProvider
deterministic encryption for searching. AesThenHmac comes from this popular post. I can store and retrieve data back fine in its current implementation. But in order to search for SSNs, I need deterministic encryption which this lib does not provide.
My Solution:
Model:
public class Patient
{
//comes from the client as XXXXXXXXX, RegEx: "([0-9]{9})"
public EncryptedString SocialSecurityNumber { get; set; }
}
Custom Type:
public class EncryptedString
{
private readonly string _value;
public EncryptedString(string value)
{
_value = value;
}
public static implicit operator string(EncryptedString s)
{
return s._value;
}
public static implicit operator EncryptedString(string value)
{
if (value == null)
return null;
return new EncryptedString(value);
}
}
Serializer(using Deterministic Encryption):
public interface IEncryptedStringSerializer : IBsonSerializer<EncryptedString> {}
public class EncryptedStringSerializer : SerializerBase<EncryptedString>, IEncryptedStringSerializer
{
private readonly IDeterministicEncrypter _encrypter;
private readonly string _encryptionKey;
public EncryptedStringSerializer(IConfiguration configuration, IDeterministicEncrypter encrypter)
{
_encrypter = encrypter;
_encryptionKey = configuration.GetSection("MongoDb")["EncryptionKey"];
}
public override EncryptedString Deserialize(BsonDeserializationContext context, BsonDeserializationArgs args)
{
var encryptedString = context.Reader.ReadString();
return _encrypter.DecryptStringWithPassword(encryptedString, _encryptionKey);
}
public override void Serialize(BsonSerializationContext context, BsonSerializationArgs args, EncryptedString value)
{
var encryptedString = _encrypter.EncryptStringWithPassword(value, _encryptionKey);
context.Writer.WriteString(encryptedString);
}
}
Registering the serializer:
collection.AddScoped<IEncryptedStringSerializer, EncryptedStringSerializer>();
//then later...
BsonSerializer.RegisterSerializer<EncryptedString>(sp.GetService<IEncryptedStringSerializer>());
I have some problems accessing contextual data in a custom UITypeEditor. I'm using a PropertyGrid to display some settings using Windows Forms. The SelectedObject of the PropertyGrid contains a List<A>. Type A has a property for which I have created a custom editor that needs some external information to be able to customize it for different instances of PropertyGrid.
I've attempted the approach of using the IServiceProvider passed to EditValue to access a custom service that contains the data. It was suggested by ironic in an answer here Passing objects to a UITypeEditor but I haven't managed to get it to work. GetService always returns null inside EditValue. I think my problem is that the ISite I set as PropertyGrid.Site isn't reachable in the nested UITypeEditor where the information is needed (when I attempt to get the service using GetService inside the list's editor's EditValue method it works).
Does anyone know how to make my ISite propagate to nested UITypeEditors?
Some pseudo code:
public interface IMyService {
object GetUserData();
}
public class MyService : IMyService {
private object userData;
public MyService(object ud) {
userData = ud;
}
public object GetUserData() {
return userData ;
}
}
public class MySite : ISite {
private object userData;
public MySite(object ud) {
userData = o;
}
...
public object GetService(Type serviceType) {
if (serviceType == typeof(IMyService))
{
return (IMyService) new MyService(userData);
}
else
{
return null;
}
}
}
public class A {
[Editor(typeof(EditorA), typeof(UITypeEditor)]
public object SomeEditedProperty { ... }
}
public EditorA : UITypeEditor {
...
public override UITypeEditorEditStyle GetEditStyle(ITypeDescriptorContext context)
{
return UITypeEditorEditStyle.Modal;
}
...
public override object EditValue(ITypeDescriptorContext c, IServiceProvider p, object v) {
// This always returns null!
object myService = p.GetService(typeof(IMyService));
...
object myData = myService.GetUserData();
...
}
}
public class EditedObject {
[Editor(...)]
public List<A> Stuff { ... }
}
// somewhere
object userData = new object();
propertyGrid.Site = new MySite(userData);
EditedObject objectToEdit = new EditedObject();
...
propertyGrid.SelectedObject = objectToEdit;