HttpClient audit extension for Audit.NET library.
Generate Audit Logs by intercepting HttpClient REST calls.
Audit.HttpClient provides the infrastructure to create audit logs for an instance of HttpClient class.
It relies on a message handler to incercept the calls to HttpClient methods.
NuGet Package
To install the package run the following command on the Package Manager Console:
PM> Install-Package Audit.HttpClient
To enable the audit log for HttpClient, you have to set an AuditHttpClientHandler as a message handler for the HttpClient instance being audited.
This can be done in different ways:
- Call the factory provided by
Audit.Http.ClientFactory.Create()method to get a new audit-enabled instance ofHttpClient:
var httpClient = Audit.Http.ClientFactory.Create(_ => _
.IncludeRequestBody()
.IncludeResponseHeaders()
.FilterByRequest(req => req.Method.Method == "GET"));The
ClientFactory.Createmethod is just a shortcut to create a newHttpClientwith a customAuditHttpClientHandleras its message handler.
- If you use ASP .NET dependency injection /
HttpClientFactory, you can add the message handler with the extension methodAddAuditHandler()on your startup:
using Audit.Http;
public class Startup
{
public void ConfigureServices(IServiceCollection services)
{
services.AddHttpClient("GitHub", c =>
{
c.BaseAddress = new Uri("https://api.github.com/");
})
.AddAuditHandler(audit => audit
.IncludeRequestBody()
.IncludeResponseHeaders());
}
}Note:
AddAuditHandler(config)is a shortcut forAddHttpMessageHandler(() => new AuditHttpClientHandler(config))
- You can also create an audited
HttpClientpassing the handler to its constructor:
var httpClient = new HttpClient(new AuditHttpClientHandler(_ => _
.IncludeRequestBody()
.IncludeResponseHeaders());Each method call on the audited HttpClient instances will generate an Audit Event.
The audit events are stored using a Data Provider. You can use one of the available data providers or implement your own. Please refer to the data providers section on Audit.NET documentation.
The AuditHttpClientHandler class allows to configure the following settings:
- RequestFilter / FilterByRequest: Set a filter function to determine which events to log depending on the request message. By default all events are logged.
- ResponseFilter / FilterByResponse: Set a filter function to determine which events to log depending on the response message. By default all events are logged.
- EventType: A string that identifies the event type. Default is "{verb} {url}". It can contain the following placeholders:
- {verb}: Replaced by the Http Verb (GET, POST, ...)
- {url}: Replaced by the request URL
- IncludeRequestHeaders: Specifies whether the HTTP Request headers should be included on the audit output. Default is false.
- IncludeResponseHeaders: Specifies whether the HTTP Response headers should be included on the audit output. Default is false.
- IncludeContentHeaders: Specifies whether the HTTP Content headers should be included on the audit output. Default is false.
- IncludeRequestBody: Specifies whether the HTTP Request body should be included on the audit output. Default is false.
- IncludeResponseBody: Specifies whether the HTTP Response body should be included on the audit output. Default is false.
- IncludeOptions: Specifies which HTTP Request Options should be included in the audit output. Useful to add contextual information to the HTTP Audit Event. By default, the options are not included.
- CreationPolicy: Allows to set a specific event creation policy. By default the globally configured creation policy is used. See Audit.NET Event Creation Policy section for more information.
- AuditDataProvider: Allows to set a specific audit data provider. By default the globally configured data provider is used. See Audit.NET Data Providers section for more information.
- AuditScopeFactory: Allows to set a specific audit scope factory. By default the globally configured
AuditScopeFactoryis used.
The following table describes the Audit.HttpClient output fields:
Describes an operation call event
| Field Name | Type | Description |
|---|---|---|
| Method | string | HTTP rest method |
| Url | string | Request URL |
| Version | string | Http client version |
| Exception | string | Exception details when an exception is thrown |
| Request | Request | Request audit information |
| Response | Response | Response audit information |
Describes a HTTP request
| Field Name | Type | Description |
|---|---|---|
| QueryString | string | Query string portion of the request URL |
| Scheme | string | Request scheme (http, https) |
| Path | string | Path portion of the request URL |
| Headers | Dictionary | Request headers |
| Content | Content | Request content |
Describes a HTTP response
| Field Name | Type | Description |
|---|---|---|
| StatusCode | int | Response HTTP status code |
| Status | string | String representation of the response status code |
| Reason | string | Response status reason phrase |
| IsSuccess | bool | Indicates if the HTTP response was successful. |
| Headers | Dictionary | Request headers |
| Content | Content | Request content |
Describes the content of a HTTP request or response
| Field Name | Type | Description |
|---|---|---|
| Body | string | Response body content decoded as a string |
| Headers | Dictionary | Content headers |
{
"EventType": "GET http://google.com/doesnotexists",
"Environment": {
"UserName": "Federico",
"MachineName": "FEDE",
"DomainName": "FEDE",
"Culture": "en-US"
},
"StartDate": "2019-05-21T23:18:38.3251378Z",
"EndDate": "2019-05-21T23:18:40.4623427Z",
"Duration": 2137,
"Action": {
"Method": "GET",
"Url": "http://google.com/doesnotexists",
"Version": "1.1",
"Request": {
"QueryString": "",
"Scheme": "http",
"Path": "/doesnotexists",
"Headers": {
}
},
"Response": {
"Headers": {
"Date": "Tue, 21 May 2019 23:18:19 GMT",
"Referrer-Policy": "no-referrer"
},
"Content": {
"Body": "<!DOCTYPE html>\n<html lang=en>\n <meta charset=utf-8>\n ....",
"Headers": {
"Content-Length": "1574",
"Content-Type": "text/html; charset=UTF-8"
}
},
"StatusCode": 404,
"Status": "NotFound",
"Reason": "Not Found",
"IsSuccess": false
}
}
}