0

I am trying to setup audit logging and we were wanting the log event to happen as close to the action as possible, while also knowing which user performed the action. This means we need to pipe in the user info. What are best practices for this?

JonW
  • 23
  • 4
  • 2
    I need to know more about your architecture before giving you a good answer. Are you using HTTP or RPC to call your micro services? What programing language are you using in your front end? What kind of user provider are you using (Azure AD, Identity Server, ...? – Per B Apr 29 '17 at 18:49
  • HTTP, Angular and Typescript (though I am not sure how that is relevant), Identity server for user provider. – JonW May 01 '17 at 15:02
  • It is relevant because as you can see the answers assume you are using either http based.NET core web API's as microservices or services that use the service fabric communication stack as communication between the microservices. Whe need to know how your services will communicate with each other in order to tell you how to add auditing info like user info to your communications. So please tell us, what type of services are you using, how do they communicate? – Peter Bons May 02 '17 at 02:41

2 Answers2

2

I'm going to assume you are developing a public internet facing application where your Micro Services are built using ASP.Net Core, and based on that I would suggest the following:

When setting up SF, have it create two scale sets, one for your public facing micro services ("API Facade" and GUI) and one for your internal Micro services. It's always best to seperate "internet facing code" from "internal code".

Have Identity Server issue a access token, containing the customer information, for your public "Facade API", and use it when calling your API.

Your API facade service will act as a proxy for all your internal micro services and offload SSL/Authentication so you don't have to deal with this internaly. This is also where I would recommend that you do the actual audit logging. In your Facade API, create a correlation ID and add it as a header to any calls being made to a internal service. Add the correlation id to any logging being made. This will allow you to follow a API call all the way through your system and together with your audit log, you can see exacly what a user has been doing.

For auditing, I can recomend Audit.Net. With this you can add a attribute to your controller like this:

namespace MyWebApi.MyService.Controllers
{
  [Route("api/[controller]")]
  [AuditApi(EventTypeName = "{controller}/{action} ({verb})")]
  public class MyController : Controller
  {
  }
}

and it will automaticly handle the audit for your. You can configure it to log blob storgate, file or whatever.

(I am in no way associated with Audit.Net, I just like it.)

Per B
  • 321
  • 3
  • 11
0

You can set it up by hooking in to the underlying communication in Service Fabric. Have a look at this question for an explanation of the fabric transport message dispatching and how to hook into it to log and audit communication and usage of your services.

Community
  • 1
  • 1
yoape
  • 3,285
  • 1
  • 14
  • 27