Question for WebApi: Audit only on statuscodes

[esbenbach]

Hi
Is it possible, using the WebApi extension, to audit only if the response is of a given status code? There is already an IncludeResponseBodyIf option, and basically I would like a similar option for the entire Audit.

Either like an: AuditIf option or IgnoreIfNot.

I might be willing to spend some time on a PR contribution if it fits with the design goals.

[thepirat000]

You can accomplish what you want by setting up a custom action that discards the audit scope, so the audit event won't be saved:

Audit.Core.Configuration.AddCustomAction(ActionType.OnEventSaving, scope =>
{
    if (scope.GetWebApiAuditAction().ResponseStatusCode == 404)
    {
        scope.Discard();
    }
});

Anyway, you can work on a PR if you want, very welcome!

Take into account that:

• There is no IncludeResponseBodyIf. Not sure if you are referring to the middleware's IncludeResponseBody(Func<HttpContext, bool> includePredicate) but that cannot filter on the response, since the predicate is executed before the action method is called.
• The AuditScope/AuditEvent is created before the server processes the request, so if we provide a method to filter audits depending on the response, we should maybe call it DiscardIf, or something like that.

[esbenbach]

Ahh thanks for the explanation

I was mixing up IncludeResponseBodyFor and LogActionIf.

Since I messed up that I ust want to be clear:
I am talking about adding another Property to the AuditApiAttribute if possible.
Presuambly it should be DiscardIfNot or ExcudeAuditIfNot (the negation in the naming here would be because I think the most common need is to only audit on success, and listing ALL the status codes you want to discard seems tedious).

I will give it a spin and see what comes out of it, feel free to reject the idea before it gets anywhere :D