Azure - App Insights - how to track the logged-in Username in Auth Id?

Question

What is the best-supported approach for tracking logged-in Usernames/Ids in App Insights telemetry?

A User with Username "JonTester1" said some Pages he visited 4 hours ago were really slow. How can I see everything JonTester1 did in App Insights to trouble shoot/know which pages he's referring to?

Seems like User Id in App Insights is some Azure-generated anonymized thing like u7gbh that Azure ties to its own idea of the same user (thru cookie?). It doesn't know about our app's usernames at all.

I've also seen a separate field in App Insights called Auth Id (or user_AuthenticatedId in some spots), which looks to sometimes have the actual username e.g. "JonTester1" filled in - but not always... And while I don't see any mention of this field in the docs, it seems promising. How is our app's code/config supposed to be setting that Auth Id to make sure every App Insights log/telemetry has it set?

Relevant MS docs:

https://learn.microsoft.com/en-us/azure/azure-monitor/app/usage-send-user-context This looks to just copy one library Telemetry object's User Id into another... no mention of our custom, helpful Username/Id anyway... and most in-the-wild examples I see don't actually look like this, including MS docs own examples in the 3rd link below; they instead hardcode get a new TelemetryClient()
https://learn.microsoft.com/en-us/azure/azure-monitor/app/website-monitoring No mention of consistently tracking a custom Username/Id
https://learn.microsoft.com/en-us/azure/azure-monitor/app/api-custom-events-metrics#authenticated-users Shows some different helpful pieces, but still no full example. E.g. it says with only the setAuth... JS function call (still no full example of working client-side JS that tracks User) on the page, you don't need any server-side code for it to track custom User Id across both client-side and server-side telemetry sent to Azure... yet then it also shows explicit code to new up a TelemetryClient() server-side to track User Id (in the Global.asax.cs or where?)... so you do need both?

Similar SO questions, but don't connect the dots/show a full solution:

I'm hoping this question and answers can get this more ironed out; hopefully do a better job of documentation than the relevant MS docs...

Nested in this rare blog, it has something helpful about this under `Identifying single user` https://raskarovblog.wordpress.com/2017/03/15/how-to-track-authenticated-user-id-with-azure-application-insights/ — Don Cheadle, May 05 '19 at 03:19

score 6 · Answer 1 · edited Jun 07 '22 at 13:43

6

The first link in your question lists the answer. What it does show you is how to write a custom telemetry initializer. Such an initializer lets you add or overwrite properties that will be send along any telemetry that is being send to App Insights.

Once you add it to the configuration, either in code or the config file (see the docs mentioned earlier in the answer) it will do its work without you needing to create special instances of TelemetryClient. That is why this text of you does not make sense to me:

[…] and most in-the-wild examples I see don't actually look like this, including MS docs own examples in the 3rd link below; they instead hardcode get a new TelemetryClient()

You can either overwrite the value of UserId or overwrite AuthenticatedUserId in your initializer. You can modify the code given in the docs like this:

        if (requestTelemetry != null && !string.IsNullOrEmpty(requestTelemetry.Context.User.Id) &&
            (string.IsNullOrEmpty(telemetry.Context.User.Id) || string.IsNullOrEmpty(telemetry.Context.Session.Id)))
        {
            // Set the user id on the Application Insights telemetry item.
            telemetry.Context.User.AuthenticatedUserId = HttpContext.Current.User.Identity.Name;
        }

You can then see the Auth Id and User Id by going to your AI resource -> Search and click an item. Make sure to press "Show All" first, otherwise the field is not displayed.

Auth Id in the screenshot below is set to the user id from the database in our example:

We access the server from azure functions as well so we set the user id server side as well since there is no client involved in such scenarios.

There is no harm in settting it in both places, javascript and server side via an initializer. That way you cover all scenario's.

edited Jun 07 '22 at 13:43

SharpC

6,974
4
45
40

answered May 05 '19 at 10:42

Peter Bons

26,826
4
50
74

edited my question a little. Why is there a server-side way to set AuthenticatedUserId as well as a JS way? In other words, what does having `appInsights.setAuthenticatedUserContext` do on the client-side vs `telemtry.Context.User.AuthenticatedUserId = ...` on the server-side? Are both needed or only 1. – Don Cheadle May 05 '19 at 16:26
https://learn.microsoft.com/en-us/azure/azure-monitor/app/api-custom-events-metrics#get-a-telemetryclient-instance this MS docs it shows hard-coded new TelemetryClient(), then sets properties on it like UserId. "in the wild" I also see people make a new one during Global.asax.cs App_Start, and then set properties on the Post-Acquired method -- like the Global.asax.cs here https://learn.microsoft.com/en-us/azure/azure-monitor/app/usage-send-user-context -- again it seems conflicting. Do you need both a custom Initializer *and* changes to Global.asax or only 1 of those? – Don Cheadle May 05 '19 at 16:31
Only the clientside tracks pageviews, that is why. The server side logs the requests and dependencies. The pageviews are correlated to the server event so you can backtrack which pages where visited by whom – Peter Bons May 05 '19 at 16:31
You do not need the global.asax stuff in your scenario. Stick to the initializer is what I would do. You are not using the session id as user id. – Peter Bons May 05 '19 at 16:39
so then it sounds like we would need to continue having JS `setAuth...` as well as `telemetry.Context.user.AuthenticatedUserId = ` in the server-side if we wanted `Auth Id` set in the app insights in Azure. Since by default, neither client-side SDK or server-side SDK is setting that field; they're custom we need to fill in. – Don Cheadle May 05 '19 at 16:46
Correct! That is the way to set those values to something you can relate to an actual user. – Peter Bons May 05 '19 at 16:49
So then yes you need custom code in both front-end and server-side to track your custom Username/Ids?... wish that was more clear in docs. If you edited/post an answer along those lines I think that'd be correct. One thing that still seems odd... the C# docs show to override/set UserId, but JS show to override/set Auth Id. That seems like a mistake, since then you'd be tracking info in two different fields. Relatedly, how does that C# example make sense if its just copying one's UserId to the other? – Don Cheadle May 06 '19 at 03:08
And still... in all the docs... I see no mention of `User Id` or `Auth Id` - and how you would set them. It's all just vague "user ID"/"user context". How do you know what setting `Context.User.Id` means/displays in Azure? – Don Cheadle May 06 '19 at 04:38
This link https://learn.microsoft.com/en-us/azure/azure-monitor/app/api-custom-events-metrics#authenticated-users makes it sound like you need ONLY the JS to `setAuth...` then both client-side and server-side will have the Auth Id set. Doesn't that contradict what you said? Search in that link for "The user ID is also set in a session cookie and sent to the server. If the server SDK is installed, the authenticated user ID is sent as part of the context..." – Don Cheadle May 06 '19 at 04:43
Thanks for the updated answer, thanks for your help. So in your case, Azure function app, the *only* AppInsights code you wrote (other than adding SDK libs) is the `ITelemetryInitializer` and that's it? – Don Cheadle May 06 '19 at 14:19
No, we set in both, because the api is called by the spa frontend and by azure functions. There is no harm in setting it in both places because no matter where your api is called from, you get proper logging. – Peter Bons May 06 '19 at 14:45
How does `User_Id` get set? We don't have custom code setting it. But it seems like it always has a value, and further (conveniently) it seems to be pretty consistent/static for a User. E.g. if I know `Jon` had `User_Id = bf87A` yesterday, it seems like he continues to have `User_Id = bf87A` for the whole week. So I can build a query in App Insights based on that `User_Id`. But I'm worried `User_Id` is actually not so static as I believe... – Don Cheadle May 10 '19 at 21:15
I am not sure how it is set, however, it is all [open source](https://github.com/microsoft?utf8=%E2%9C%93&q=application+insights&type=&language=) so you should be able to find out. – Peter Bons May 13 '19 at 18:41
*We don't have custom code setting it. * -> but surely you have some way to identify the user. Can't you get it from the claims set in asp.net core? – Peter Bons May 13 '19 at 18:43
I mean we don't set `User.Id` on the telemetry, e.g. what is shown here we do NOT do https://learn.microsoft.com/en-us/azure/azure-monitor/app/usage-send-user-context -- that's MS example of setting `User.Id` from some other random `User.Id`. We do NOT set that property, yet `User Id` in Azure always has some value, I figure set by Azure. – Don Cheadle May 13 '19 at 19:12
Correct, it uses a cookie to simulate a user. – Peter Bons May 25 '19 at 16:17

score 1 · Answer 2 · answered Jul 17 '22 at 01:10

1

You can also manually add user id to app insights by

appInsights.setAuthenticatedUserContext(userId);

See App Insights Authenticated users

answered Jul 17 '22 at 01:10

Ashutosh

1,000
15
39

Azure - App Insights - how to track the logged-in Username in Auth Id?

What is the best-supported approach for tracking logged-in Usernames/Ids in App Insights telemetry?

2 Answers2

Linked