ASP.NET endpoint logging
I am building an ASP.NET api. I want to log info about who is accessing my API and how. I want to log the IP address of the user, the end point they called and the parameters they passed ind and the current time.
I've done some research on this already and found Serilog, adding it to my middleware
But this logs everything, I need to log less. For one thing, one of my endpoints is a login and i don't want to store passwords in the logs. For another this system logs stuff that isn't and API calls.
here's a snippet of what it captures:
10 Replies
In my ideal world, i could implement a system that tracks daily API calls and stores them in a list of the below datatype:
This would let me extract info about API calls and return it programaticly.
I've tinkered with converting all my API request data types to share a common IRequest interface that would let me convert them to JSON without capturing sensitive info like passwords, but i cant figure out how to get that datatype out of the request body, or if that's even possible.
This seems like a problem other people would have, so i assume there is a prebaked library out there to do this, or something very close
either that or someone came up with a smarter system and i can learn about that.
There is the option of adding code to every endpoint for capturing this, but that feels.. clunky... like i am totally going to forget to add this to some endpoint. There should be some way of capturing this data generaly for any endpoint
it's not entirely clear to me what the model is for but i think what you are looking for is a middleware to add to httpclient
and maybe hiding the raw logs with serilog settings
The code ive got above is adding a middlewhare using
WebApplication.Use()
and what do you mean by the model?If you want some data to not be logged, you can decorate it with an attribute and filter it out in the middleware
dont know how to do this. ive only ever used attributes as part of existing systems like ASP.NET or Discord.NET. i dont know how to make my own or do anything with them. can you point me to the place to go to learn more about them?
Attributes are just metadata. You can use them either with reflections or source generators
There's also this Serilog enricher: https://github.com/serilog-contrib/Serilog.Enrichers.Sensitive
GitHub
GitHub - serilog-contrib/Serilog.Enrichers.Sensitive: A Serilog Log...
A Serilog LogEvent enricher that masks sensitive data - serilog-contrib/Serilog.Enrichers.Sensitive
ok. i went and found a crash corse on attributes
not sure how this is helpful...
heres my code for getting the request data (just realized i didnt include that sry)
This doesn't parse the request into a class, it just returns a json object as a string.
is there a way to figure out which type of request its using and parse it into that type?
ok, i might have a solution. I've created custom versions of the request datatypes adding decorators to sensive info, then i added this middleware:
lets hope this works...
well, its not working... but that might be the rest of the API
nope its not working
is theis this the right way to impliment this middleware?
app.UseMiddleware<ApiLoggingMiddleware>();