Session Audit

Topics: Logging Application Block, Security Application Block
Apr 18, 2014 at 10:29 PM
Hello,

How can one expand the current logging block to capture basic security audit about session information, which generated anytime users logged into a web application?

I need to capture the following:
  1. Who - which is mapped to ThreadIdentity or the username
  2. When - session start & end
  3. What - this is an MVC app, so I am thinking capturing the page or view users visited
Thanks,
David.
Apr 20, 2014 at 8:44 PM
The Logging Application Block is general purpose and lets you log and filter data to a variety of trace sources. Where and how to log will depend on the type of application. Since you mention ASP.NET MVC there are a few options open to you. You could create helper methods that you call to audit (similar to https://stackoverflow.com/questions/15363721/audit-logging-using-asp-net-mvc-4-actionfilter ) or you could use ActionFilters that perform logging (for example http://www.asp.net/mvc/tutorials/hands-on-labs/aspnet-mvc-4-custom-action-filters ). Other approaches that might help would be custom interception (e.g. using Unity) or IL Weaving (e.g. using PostSharp).

Probably the best approach would be to use ActionFilters (also see https://rionscode.wordpress.com/2013/03/03/implementing-audit-trails-using-asp-net-mvc-actionfilters/ ) and perhaps hook into ASP.NET events such as Session_Start/End if required.

~~
Randy Levy
entlib.support@live.com
Enterprise Library support engineer
Support How-to