-
-
Notifications
You must be signed in to change notification settings - Fork 323
-
-
Notifications
You must be signed in to change notification settings - Fork 323
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[AuditIgnore] on WebApi #218
Comments
Check the points on the documentation here
You will probably need to filter it out on the middleware configuration |
If you don't need to log the requests that doesn't get into an action method (i.e. when the url requested does not map to an action, etc), then I recommend you to use the Global Action Filter instead of (or in addition to) the middleware. The global filter allows more dynamic configuration and works with the |
Thank you very much for your explanation and your time. Which is the best strategy to prevent sensitive information to be audited? Thanks in advance |
[HttpPost]
public ActionResult Save(string user, [AuditIgnore]string password) But if it's inside a property on your model, you will need a different approach |
Sorry I got confused with the #219 that is adding an AuditIgnore attribute for MVC, ignore the related commit |
Which data provider do you use? |
Audit.NET.SqlServer |
Check this for a possible solution #163 |
I'm closing this for inactivity, if you're still having problems, please comment here |
@thepirat000, is there a way to use the middleware and also respect p.s. thanks for building this and making it open source! |
If it's any help, I managed to get it working for my needs by taking a chunk of your code and just adding an action filter like:
and then doing a custom data provider and adding a check prior to the insert like:
|
I think there is a simpler workaround. On your
The I think I will provide an extension method on
|
Sure, we also call the mvc middleware. Would it make sense to put the httpcontext logic in the filter that gets added with that?
No hurry, btw--what we have now will work perfectly for our needs, so you can take as much time as you like determining how/if you'd like to change the library. |
Maybe I'm missing something, but the |
Oh I think I got it, you mean that when using a mixed approach (middleware + audit action filter) you should not need to add a new filter; the audit action filter should take care of discarding the audit event. |
When I only call:
|
Later on, I'll maybe clone the audit.net repo and debug into it or come up with the simplest possible example of it happening, but at a glance, I wonder if these 3 spots in My guess is that the mvc audit filter ignores it and returns out, but then later in the request pipeline, the global audit middleware still inserts an audit log, just without mvc context info? |
I've added Please check the documentation here. This will be included starting on version 14.5.0. |
Sweet, I took a quick look through your commit, and everything looks good to me. This issue can probably be re-closed. Thanks for knocking that out so quick! |
I've setup Audit using Middleware in a Core Webapi.
Everything is logged.
I need to exclude specific methods for being logged and im using [AuditIgnore] Attribute
But it seems that is notworking and the actions is also logged.
Any clue/idea
Thanks.
The text was updated successfully, but these errors were encountered: