DataDog · anna-git · Feb 25, 2025 · Feb 21, 2025 · Feb 21, 2025 · Feb 24, 2025
@@ -71,15 +71,16 @@ internal static void TrackUserLoginSuccessEvent(string userId, IDictionary<strin
             }
         }
 
-        FillUp(internalSpan, userId: userId);
+        RunSecurityChecksAndReport(internalSpan, userId: userId, loginSuccess: true);
     }
 
     /// <summary>
     /// Biggest part of this method will only work in a web context
     /// </summary>
     /// <param name="span">span</param>
     /// <param name="userId">userid</param>
-    private static void FillUp(Span span, string userId = null)
+    /// <param name="loginSuccess">whether it's a login success</param>
+    private static void RunSecurityChecksAndReport(Span span, string userId = null, bool loginSuccess = false)
     {
         if (span is null)
         {
@@ -106,9 +107,12 @@ private static void FillUp(Span span, string userId = null)
         void RunWafAndCollectHeaders()
         {
             securityCoordinator.Value.Reporter.CollectHeaders();
-            // confluence [ADDENDUM 2024-12-18] In both login success and failure, the field usr.login must be passed to the WAF. The value of this field must be sourced from either the user object when available, or copied from the value of the mandatory user ID.
-            var result = securityCoordinator.Value.RunWafForUser(userId: userId, userLogin: userId, fromSdk: true);
-            securityCoordinator.Value.BlockAndReport(result);
+            if (userId is not null)
+            {
+                // confluence [ADDENDUM 2024-12-18] In both login success and failure, the field usr.login must be passed to the WAF. The value of this field must be sourced from either the user object when available, or copied from the value of the mandatory user ID.
+                var result = securityCoordinator.Value.RunWafForUser(userId: userId, userLogin: userId, fromSdk: true, otherTags: new() { { loginSuccess ? AddressesConstants.UserBusinessLoginSuccess : AddressesConstants.UserBusinessLoginFailure, string.Empty } });
+                securityCoordinator.Value.BlockAndReport(result);
+            }
         }
     }
 
@@ -169,7 +173,7 @@ internal static void TrackUserLoginFailureEvent(string userId, bool exists, IDic
             }
         }
 
-        FillUp(spanInternal, userId: userId);
+        RunSecurityChecksAndReport(spanInternal, userId: userId, loginSuccess: false);
     }
 
     /// <summary>
@@ -222,6 +226,6 @@ internal static void TrackCustomEvent(string eventName, IDictionary<string, stri
             }
         }
 
-        FillUp(internalSpan);
+        RunSecurityChecksAndReport(internalSpan);
     }
 }
@@ -16,7 +16,7 @@
 using Xunit;
 using Xunit.Abstractions;
 
-namespace Datadog.Trace.Security.IntegrationTests
+namespace Datadog.Trace.Security.IntegrationTests.UserEvents
 {
     public abstract class AspNetCore5AutoUserEvents : AspNetBase, IClassFixture<AspNetCoreTestFixture>
     {
@@ -30,7 +30,6 @@ protected AspNetCore5AutoUserEvents(AspNetCoreTestFixture fixture, ITestOutputHe
             _enableSecurity = enableSecurity;
             _fixture.SetOutput(outputHelper);
             EnableRasp(false);
-
             if (userTrackingMode != null)
             {
                 if (userTrackingMode is "ident" or "anon")
@@ -129,7 +128,7 @@ protected async Task TestLoginWithSdk(string userIdSdk)
             await TryStartApp();
             var agent = _fixture.Agent;
             var settings = VerifyHelper.GetSpanVerifierSettings(nameof(TestLoginWithSdk), userIdSdk);
-            VerifyScrubber.ScrubAuthenticationCollectionMode(settings);
+            settings.ScrubAuthenticationCollectionMode();
             await TestAppSecRequestWithVerifyAsync(
                 agent,
                 $"/Account/Index?userIdSdk={userIdSdk}",
@@ -146,6 +145,29 @@ await TestAppSecRequestWithVerifyAsync(
             await SendRequestsAsync(_fixture.Agent, "/account/logout");
         }
 
+        [SkippableTheory]
+        [Trait("RunOnWindows", "True")]
+        [InlineData(true)]
+        [InlineData(false)]
+        protected async Task TestLoginSdkOnly(bool success)
+        {
+            await TryStartApp();
+            var agent = _fixture.Agent;
+            var settings = VerifyHelper.GetSpanVerifierSettings(nameof(TestLoginWithSdk));
+            settings.ScrubAuthenticationCollectionMode();
+            await TestAppSecRequestWithVerifyAsync(
+                agent,
+                $"/User/TrackLoginSdk?success={success}",
+                null,
+                1,
+                1,
+                settings,
+                contentType: "application/x-www-form-urlencoded",
+                methodNameOverride: nameof(TestUserLoginEvent),
+                fileNameOverride: GetTestFileName($"{nameof(TestLoginSdkOnly)}.success={success}"),
+                scrubCookiesFingerprint: true);
+        }
+
         private string GetTestFileName(string testName) => $"{_testName}-{testName}";
     }
 

@@ -0,0 +1,37 @@
+[
+  {
+    TraceId: Id_1,
+    SpanId: Id_2,
+    Name: aspnet_core.request,
+    Resource: GET /user/trackloginsdk,
+    Service: Samples.Security.AspNetCore5,
+    Type: web,
+    Tags: {
+      appsec.events.users.login.failure.some-key: some-value,
+      appsec.events.users.login.failure.track: true,
+      appsec.events.users.login.failure.usr.exists: true,
+      appsec.events.users.login.failure.usr.id: user-dog,
+      appsec.events.users.login.failure.usr.login: user-dog,
+      aspnet_core.endpoint: Samples.Security.AspNetCore5.Controllers.UserController.TrackLoginSdk (Samples.Security.AspNetCore5),
+      aspnet_core.route: {controller=home}/{action=index}/{id?},
+      component: aspnet_core,
+      env: integration_tests,
+      http.method: GET,
+      http.request.headers.host: localhost:00000,
+      http.route: {controller=home}/{action=index}/{id?},
+      http.status_code: 200,
+      http.url: http://localhost:00000/User/TrackLoginSdk?success=False,
+      http.useragent: Mistake Not...,
+      language: dotnet,
+      runtime-id: Guid_1,
+      span.kind: server,
+      _dd.appsec.events.users.login.failure.sdk: true
+    },
+    Metrics: {
+      process_id: 0,
+      _dd.top_level: 1.0,
+      _dd.tracer_kr: 1.0,
+      _sampling_priority_v1: 1.0
+    }
+  }
+]
@@ -0,0 +1,36 @@
+[
+  {
+    TraceId: Id_1,
+    SpanId: Id_2,
+    Name: aspnet_core.request,
+    Resource: GET /user/trackloginsdk,
+    Service: Samples.Security.AspNetCore5,
+    Type: web,
+    Tags: {
+      appsec.events.users.login.success.some-key: some-value,
+      appsec.events.users.login.success.track: true,
+      appsec.events.users.login.success.usr.login: user-dog,
+      aspnet_core.endpoint: Samples.Security.AspNetCore5.Controllers.UserController.TrackLoginSdk (Samples.Security.AspNetCore5),
+      aspnet_core.route: {controller=home}/{action=index}/{id?},
+      component: aspnet_core,
+      env: integration_tests,
+      http.method: GET,
+      http.request.headers.host: localhost:00000,
+      http.route: {controller=home}/{action=index}/{id?},
+      http.status_code: 200,
+      http.url: http://localhost:00000/User/TrackLoginSdk?success=True,
+      http.useragent: Mistake Not...,
+      language: dotnet,
+      runtime-id: Guid_1,
+      span.kind: server,
+      usr.id: user-dog,
+      _dd.appsec.events.users.login.success.sdk: true
+    },
+    Metrics: {
+      process_id: 0,
+      _dd.top_level: 1.0,
+      _dd.tracer_kr: 1.0,
+      _sampling_priority_v1: 1.0
+    }
+  }
+]
@@ -0,0 +1,47 @@
+[
+  {
+    TraceId: Id_1,
+    SpanId: Id_2,
+    Name: aspnet_core.request,
+    Resource: GET /user/trackloginsdk,
+    Service: Samples.Security.AspNetCore5,
+    Type: web,
+    Tags: {
+      appsec.events.users.login.failure.some-key: some-value,
+      appsec.events.users.login.failure.track: true,
+      appsec.events.users.login.failure.usr.exists: true,
+      appsec.events.users.login.failure.usr.id: user-dog,
+      appsec.events.users.login.failure.usr.login: user-dog,
+      aspnet_core.endpoint: Samples.Security.AspNetCore5.Controllers.UserController.TrackLoginSdk (Samples.Security.AspNetCore5),
+      aspnet_core.route: {controller=home}/{action=index}/{id?},
+      component: aspnet_core,
+      env: integration_tests,
+      http.client_ip: 127.0.0.1,
+      http.method: GET,
+      http.request.headers.host: localhost:00000,
+      http.request.headers.user-agent: Mistake Not...,
+      http.request.headers.x-forwarded-for: 86.242.244.246,
+      http.route: {controller=home}/{action=index}/{id?},
+      http.status_code: 200,
+      http.url: http://localhost:00000/User/TrackLoginSdk?success=False,
+      http.useragent: Mistake Not...,
+      language: dotnet,
+      network.client.ip: 127.0.0.1,
+      runtime-id: Guid_1,
+      span.kind: server,
+      _dd.appsec.events.users.login.failure.sdk: true,
+      _dd.appsec.fp.http.endpoint: http-get-6dad8221-aee40884-,
+      _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63,
+      _dd.appsec.fp.http.network: net-1-1000000000,
+      _dd.appsec.fp.session: ssn-0f71a057---<SessionFp>,
+      _dd.runtime_family: dotnet
+    },
+    Metrics: {
+      process_id: 0,
+      _dd.appsec.enabled: 1.0,
+      _dd.top_level: 1.0,
+      _dd.tracer_kr: 1.0,
+      _sampling_priority_v1: 2.0
+    }
+  }
+]
@@ -0,0 +1,46 @@
+[
+  {
+    TraceId: Id_1,
+    SpanId: Id_2,
+    Name: aspnet_core.request,
+    Resource: GET /user/trackloginsdk,
+    Service: Samples.Security.AspNetCore5,
+    Type: web,
+    Tags: {
+      appsec.events.users.login.success.some-key: some-value,
+      appsec.events.users.login.success.track: true,
+      appsec.events.users.login.success.usr.login: user-dog,
+      aspnet_core.endpoint: Samples.Security.AspNetCore5.Controllers.UserController.TrackLoginSdk (Samples.Security.AspNetCore5),
+      aspnet_core.route: {controller=home}/{action=index}/{id?},
+      component: aspnet_core,
+      env: integration_tests,
+      http.client_ip: 127.0.0.1,
+      http.method: GET,
+      http.request.headers.host: localhost:00000,
+      http.request.headers.user-agent: Mistake Not...,
+      http.request.headers.x-forwarded-for: 86.242.244.246,
+      http.route: {controller=home}/{action=index}/{id?},
+      http.status_code: 200,
+      http.url: http://localhost:00000/User/TrackLoginSdk?success=True,
+      http.useragent: Mistake Not...,
+      language: dotnet,
+      network.client.ip: 127.0.0.1,
+      runtime-id: Guid_1,
+      span.kind: server,
+      usr.id: user-dog,
+      _dd.appsec.events.users.login.success.sdk: true,
+      _dd.appsec.fp.http.endpoint: http-get-6dad8221-aee40884-,
+      _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63,
+      _dd.appsec.fp.http.network: net-1-1000000000,
+      _dd.appsec.fp.session: ssn-0f71a057---<SessionFp>,
+      _dd.runtime_family: dotnet
+    },
+    Metrics: {
+      process_id: 0,
+      _dd.appsec.enabled: 1.0,
+      _dd.top_level: 1.0,
+      _dd.tracer_kr: 1.0,
+      _sampling_priority_v1: 2.0
+    }
+  }
+]
@@ -0,0 +1,47 @@
+[
+  {
+    TraceId: Id_1,
+    SpanId: Id_2,
+    Name: aspnet_core.request,
+    Resource: GET /user/trackloginsdk,
+    Service: Samples.Security.AspNetCore5,
+    Type: web,
+    Tags: {
+      appsec.events.users.login.failure.some-key: some-value,
+      appsec.events.users.login.failure.track: true,
+      appsec.events.users.login.failure.usr.exists: true,
+      appsec.events.users.login.failure.usr.id: user-dog,
+      appsec.events.users.login.failure.usr.login: user-dog,
+      aspnet_core.endpoint: Samples.Security.AspNetCore5.Controllers.UserController.TrackLoginSdk (Samples.Security.AspNetCore5),
+      aspnet_core.route: {controller=home}/{action=index}/{id?},
+      component: aspnet_core,
+      env: integration_tests,
+      http.client_ip: 127.0.0.1,
+      http.method: GET,
+      http.request.headers.host: localhost:00000,
+      http.request.headers.user-agent: Mistake Not...,
+      http.request.headers.x-forwarded-for: 86.242.244.246,
+      http.route: {controller=home}/{action=index}/{id?},
+      http.status_code: 200,
+      http.url: http://localhost:00000/User/TrackLoginSdk?success=False,
+      http.useragent: Mistake Not...,
+      language: dotnet,
+      network.client.ip: 127.0.0.1,
+      runtime-id: Guid_1,
+      span.kind: server,
+      _dd.appsec.events.users.login.failure.sdk: true,
+      _dd.appsec.fp.http.endpoint: http-get-6dad8221-aee40884-,
+      _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63,
+      _dd.appsec.fp.http.network: net-1-1000000000,
+      _dd.appsec.fp.session: ssn-0f71a057---<SessionFp>,
+      _dd.runtime_family: dotnet
+    },
+    Metrics: {
+      process_id: 0,
+      _dd.appsec.enabled: 1.0,
+      _dd.top_level: 1.0,
+      _dd.tracer_kr: 1.0,
+      _sampling_priority_v1: 2.0
+    }
+  }
+]
@@ -0,0 +1,46 @@
+[
+  {
+    TraceId: Id_1,
+    SpanId: Id_2,
+    Name: aspnet_core.request,
+    Resource: GET /user/trackloginsdk,
+    Service: Samples.Security.AspNetCore5,
+    Type: web,
+    Tags: {
+      appsec.events.users.login.success.some-key: some-value,
+      appsec.events.users.login.success.track: true,
+      appsec.events.users.login.success.usr.login: user-dog,
+      aspnet_core.endpoint: Samples.Security.AspNetCore5.Controllers.UserController.TrackLoginSdk (Samples.Security.AspNetCore5),
+      aspnet_core.route: {controller=home}/{action=index}/{id?},
+      component: aspnet_core,
+      env: integration_tests,
+      http.client_ip: 127.0.0.1,
+      http.method: GET,
+      http.request.headers.host: localhost:00000,
+      http.request.headers.user-agent: Mistake Not...,
+      http.request.headers.x-forwarded-for: 86.242.244.246,
+      http.route: {controller=home}/{action=index}/{id?},
+      http.status_code: 200,
+      http.url: http://localhost:00000/User/TrackLoginSdk?success=True,
+      http.useragent: Mistake Not...,
+      language: dotnet,
+      network.client.ip: 127.0.0.1,
+      runtime-id: Guid_1,
+      span.kind: server,
+      usr.id: user-dog,
+      _dd.appsec.events.users.login.success.sdk: true,
+      _dd.appsec.fp.http.endpoint: http-get-6dad8221-aee40884-,
+      _dd.appsec.fp.http.header: hdr-0000000000-3626b5f8-1-4740ae63,
+      _dd.appsec.fp.http.network: net-1-1000000000,
+      _dd.appsec.fp.session: ssn-0f71a057---<SessionFp>,
+      _dd.runtime_family: dotnet
+    },
+    Metrics: {
+      process_id: 0,
+      _dd.appsec.enabled: 1.0,
+      _dd.top_level: 1.0,
+      _dd.tracer_kr: 1.0,
+      _sampling_priority_v1: 2.0
+    }
+  }
+]