Azure Storage Blob provider for Audit.NET library (An extensible framework to audit executing operations in .NET).
Store the audit events in an Azure Storage Blob container in JSON format.
NuGet Package To install the package run the following command on the Package Manager Console:
PM> Install-Package Audit.NET.AzureStorageBlobs
This library uses the Azure.Storage.Blobs API to store the Audit Events on Azure Storage Blob containers in JSON format.
Please see the Audit.NET Readme
Set the static Audit.Core.Configuration.DataProvider
property to an instance of AzureStorageBlobDataProvider
, or call the UseAzureStorageBlobs()
methods on the fluent configuration. This should be done before any AuditScope
creation, i.e. during application startup.
Using a connection string:
Audit.Core.Configuration.Setup()
.UseAzureStorageBlobs(config => config
.WithConnectionString(Settings.ConnectionString)
.ContainerName(ev => $"{DateTime.Today:yyyyMMdd}")
.BlobName(ev => $"{ev.EventType}/{Guid.NewGuid()}.json")
.AccessTier(AccessTier.Cool)
.Metadata(ev => new Dictionary<string, string>() { { "user", ev.Environment.UserName } })
.Tags(ev => new Dictionary<string, string>() { { "eventType", ev.EventType } }));
Using a shared key (SharedKeyCredential):
Audit.Core.Configuration.Setup()
.UseAzureStorageBlobs(config => config
.WithCredentials(_ => _
.Url(Settings.AzureBlobServiceUrl)
.Credential(new StorageSharedKeyCredential(Settings.AccountName", Settings.AccountKey)))
.ContainerName(ev => $"{DateTime.Today:yyyyMMdd}")
.BlobName(ev => $"{ev.EventType}/{Guid.NewGuid()}.json")
.AccessTier(AccessTier.Cool)
.Metadata(ev => new Dictionary<string, string>() { { "user", ev.Environment.UserName } }));
Using Azure Active Directory (Token Credential):
var credential = new ClientSecretCredential(
Settings.TenantId,
Settings.ApplicationId,
Settings.ApplicationSecret,
new TokenCredentialOptions() { AuthorityHost = Settings.AuthEndpoint });
Audit.Core.Configuration.Setup()
.UseAzureStorageBlobs(config => config
.WithCredentials(_ => _
.Url("AzureBlobServiceUrl")
.Credential(credential))
.ContainerName("AuditLogs")
.BlobName(ev => Guid.NewGuid().ToString()));
Depending on the authentication method, you can call one of the following methods:
WithConnectionString
: Connect using an Azure Storage connection string.WithServiceUrl
: Connect using a service URL (anonymous)WithCredentials
: Connect using a service URL and credentials (StorageSharedKeyCredential, AzureSasCredential or TokenCredential)
ContainerName
: The container name to use as a function of the Audit Event (see the naming restrictions here).BlobName
: The unique blob name to use as a function of the Audit Event. The resulting name can include path information (slash separated sub-folders).AccessTier
: (optional) The Access Tier to use as a function of the Audit Event.Metadata
: (optional) Extra information to include as metadata to be associated with the blob storage resource.Tags
: (optional) Extra information to include as tags to be associated with the blob storage resource.
This provider implements GetEvent
and GetEventAsync
methods to obtain an audit event by container name and blob name:
var event = blobDataProvider.GetEvent("containerName", "blobName");