Click here to go to the ABP series articles General Catalogue
DDD-based Modern ASP.--ABP series 19, ABP Application Layer-audit log
The ABP is "ASP. Boilerplate Project (ASP. NET Template project) "for short.
ABP's official website :http://www.aspnetboilerplate.com
ABP's Open source project on GitHub : https://github.com/aspnetboilerplate
Wikipedia definition: An audit trail (also known as an audit log) is a security-related chronological record that records the purpose of these records for a documented, source, or event that has been affected at any time by the detailed operation of the provider running.
The ABP provides the infrastructure to automatically log logs for application interaction, which records the caller information and parameter information for the method you invoke. Essentially, the storage area contains:
- Tenant ID (The associated tenant ID),
- User ID (requesting a userid),
- Server name (the requested service name called the class corresponding to the method),
- Method name (called by methods names),
- Parameters (the parameter of the method "JSON format"),
- Execution time (execution),
- Duration (execution time is "usually milliseconds"),
- IP address (client IP addresses),
- Computer name (client name),
- Exception (Exception "If method throws exception") information.
- With this information, we can not only know who is doing the work, but also can estimate the performance of the application and the exception thrown. Even more, you can get statistics about the usage of the application.
The audit system uses the Iabpsession interface to obtain the current user ID and tenant ID.
Note: About the Iauditingstore interface
The audit system uses the Iauditingstore interface to hold audit information. The Module-zero project is the complete implementation of this interface, and of course you can implement this interface in your own way. If you do not want to implement this interface yourself, the Simplelogauditingstore class can be used directly, and it is implemented by writing audit information to the log.
Configuration
You can use Configuration.auditing properties in your module initialization method (preinitialize) To configure auditing, and the auditing property is enabled by default (that is, true). You can disable it as shown in:
Public class mymodule:abpmodule{ publicoverridevoid preinitialize () { false; } // ...}
The following are the properties of the audit configuration:
- IsEnabled: Used to set the audit system to be fully enabled or disabled. Default value: True.
- Isenabledforanonymoususers: If set to Ture, the audit log for users who are not logged in will also be saved. Default value: False.
- Mvccontrollers: Using audit logs in an ASP. NET MVC Controller
- IsEnabled: Enable (true) or disable (false) audit logs in ASP. Default value: True.
- Isenabledforchildactions: Enable (true) or disable (false) audit logs for MVC actions. Default value: False.
- Selectors: Choose to use other classes to handle the storage of audit logs.
As you can see, the audit system provides an audit configuration for the MVC controller separately so that it may be used in different ways.
Selectors is an assertion (inferred type) selector list that is used to select the way to save the audit log. Each selector contains a unique name and an assertion. The default selector in the assertion list, using the Application service class. As shown in the following:
Configuration.Auditing.Selectors.Add ( new namedtypeselector ( " Abp.applicationservices", typeof (Iapplicationservice). IsAssignableFrom (type)) );
You can add your own assertion selector in your own module initialization method (Preinitialize). Similarly, if you do not like to use application services to save the audit log, you can also remove the assertion selector by name, which is why the assertion selector name must be unique (you can also find the selector by LINQ to remove it).
To enable and disable audit logging through properties
When you use configuration items to configure an assertion selector, you can enable and disable auditing systems by marking them with a single class or a single method using the audited and disableauditing attributes. For example:
[Audited] Public classmyclass{ Public voidMYMETHOD1 (inta) {//...} [disableauditing] Public voidMYMETHOD2 (stringb) {//... } Public voidMYMETHOD3 (intAintb) {//... }}
The above sake, MyClass class in addition to MYMETHOD2 explicit mark does not need to audit, other methods will be audited. The audited feature helps you to save the audit log only by saving the audit log.
Description
The method of saving the audit log must be public-decorated, and the private and protected-modified methods will be ignored. If the method being called is not within the scope of the reference of the class, then the referenced method must be virtual (virtual), and if the dependency is injected into its own interface then it does not need to be a virtual method (such as injecting ipersonservice to use the Personservice Class).
The use of virtual methods is necessary after the ABP uses dynamic proxies and interception mechanisms. Using audit logs for MVC Controller actions is not a good practice, because they may not be virtual methods.
I hope that more domestic architects will be able to focus on the ABP project, and perhaps it will help you, perhaps with your participation, this project can develop better.
Welcome to add ABP Architecture Design Exchange QQ Group: 134710707
Click here to go to the ABP series articles General Catalogue
ABP (modern ASP. NET template Development Framework) series 19, ABP Application Layer-audit log