DEVHIDE
Login Or Sign up

How to ignore ActionParameters in the Audit Trail data

215 Views Asked by At

I have implemented Audit Trail in asp.net core 3.1 application using great library which has a very good documentation also : https://github.com/thepirat000/Audit.NET/blob/master/src/Audit.WebApi/README.md

I have implemented it in a asp.net core 3.1 web api project with the recommended approach : Middleware + Action Filters (Asp.Net Core): Adding the Audit Middleware together with the Global Action Filter (or Local Action Filters).

I have the following sample output:

{  
   "EventType":"POST Values/Post",
   "Environment":{  
      "UserName":"Federico",
      "MachineName":"HP",
      "DomainName":"HP",
      "CallingMethodName":"WebApiTest.Controllers.ValuesController.Post()",
      "AssemblyName":"WebApiTest, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null",
      "Culture":"en-US"
   },
   "StartDate":"2017-03-09T18:03:05.5287603-06:00",
   "EndDate":"2017-03-09T18:03:05.5307604-06:00",
   "Duration":2,
   "Action":{  
      "TraceId": "0HLFLQP4HGFAF_00000001",
      "HttpMethod":"POST",
      "ControllerName":"Values",
      "ActionName":"Post",
      "ActionParameters":{  
         "value":{  
            "Id":100,
            "Text":"Test"
         }
      },
      "FormVariables":{  
      },
      "RequestUrl":"http://localhost:65080/api/values",
      "IpAddress":"127.0.0.1",
      "ResponseStatus":"OK",
      "ResponseStatusCode":200,
      "RequestBody":{  
         "Type":"application/json",
         "Length":27,
         "Value":"{ Id: 100, Text: \"Test\" }"
      },
      "ResponseBody":{  
         "Type":"SomeObject",
         "Value":{  
            "Id":1795824380,
            "Text":"Test"
         }
      },
      "Headers": {
        "Connection": "Keep-Alive",
        "Accept": "text/html, application/xhtml+xml, image/jxr, */*",
        "Accept-Encoding": "gzip, deflate",
        "Accept-Language": "en-GB",
        "Host": "localhost:37341",
        "User-Agent": "Mozilla/5.0, (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0), like, Gecko"
      }
   }
}

From the above output I want ActionParameters not to be captured as part of the Audit trail data. I have gone through the documentation but did not see any out of the box solution for it.

Can anyone help me here with some code sample which will serve as a reference for my implementation

c# asp.net-core-3.1 audit.net
Original Q&A
1

There are 1 best solutions below

1
thepirat000 On BEST ANSWER

There are at least three ways to accomplish this.

  1. You can avoid the parameters being captured in the event object by marking those with [AuditIgnore] Attribute in the action method.
[HttpPost]
public IEnumerable<string> PostAccount(string user, [AuditIgnore]string password)
{
    // password argument will not be audited
}
  1. Or you can remove the action parameters from the event object before saving the scope, by using a custom action:
// On your start-up code
using Audit.WebApi;

Audit.Core.Configuration.AddCustomAction(ActionType.OnEventSaving, scope =>
{
    scope.GetWebApiAuditAction().ActionParameters = null;
});
  1. Or, as ChatGPT suggested, you could implement your own AuditDataProvider, inheriting from the Data Provider you currently use, and removing the Action Parameters before calling the real provider's InsertEvent/ReplaceEvent methods. But this complicates things unnecessarily.
public class CustomAuditDataProvider : Audit.Core.Providers.FileDataProvider
{
    public override object InsertEvent(AuditEvent auditEvent)
    {
        RemoveActionParams(auditEvent);
        return base.InsertEvent(auditEvent);
    }
    public override Task<object> InsertEventAsync(AuditEvent auditEvent)
    {
        RemoveActionParams(auditEvent);
        return base.InsertEventAsync(auditEvent);
    }

    public override void ReplaceEvent(object path, AuditEvent auditEvent)
    {
        RemoveActionParams(auditEvent);
        base.ReplaceEvent(path, auditEvent);
    }

    public override Task ReplaceEventAsync(object path, AuditEvent auditEvent)
    {
        RemoveActionParams(auditEvent);
        return base.ReplaceEventAsync(path, auditEvent);
    }

    private void RemoveActionParams(AuditEvent auditEvent)
    {
        auditEvent.GetWebApiAuditAction().ActionParameters = null;
    }
}

// In your start-up code:
Audit.Core.Configuration.Setup().UseCustomProvider(new CustomAuditDataProvider());

Related Questions in C#

Related Questions in ASP.NET-CORE-3.1

Related Questions in AUDIT.NET

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs

Popular Questions

.

Copyright © 2021 Jogjafile Inc.