stackoom
  简体   繁体   中英

How can I populate my audit log UserId field when I don't have access to HttpContext?

 原文  2019-09-19 10:48:19       c#/ entity-framework/ audit.net

Question

I have a solution with two projects, my API layer and my Data layer.

The Data layer is using Entity Framework, and does not know about ASP.NET WebApi.

The API layer is using ASP.NET WebApi.

I am planning on using Audit.NET to audit record changes.

Currently, I have installed Audit.NET, Audit.EntityFramework and Audit.WebApi in my API project.

I wish to use the Audit Filter Attribute. ( config.Filters.Add(new AuditApiAttribute()); )

My issue is, when I come to populate the EntityLog object, I also would like to populate the UserId field with the Id of the user currently performing an authorized action, or null if the action is anonymous.

As part of my Startup.cs, I run this function to configure Audit.NET:

private void ConfigureAudit()
        {
            Audit.Core.Configuration.Setup()
                .UseEntityFramework(x => x
                    .AuditTypeMapper(t => typeof(AuditLog))
                    .AuditEntityAction<AuditLog>((ev, entry, entity) =>
                    {
                        entity.UserId = ???;
                        // other fields...
                    })
                    .IgnoreMatchedProperties()
                );
        }

Obviously at this point I cannot use HttpContext.Current.User.Identity.GetUserId() as I'm not inside a controller, and I don't see a way of passing the UserId into the Audit event.

How can I retrieve the UserId at this point?

3 answers

solution1
 2  2019-09-20 02:12:33

In addition to Steve answer, I guess you should be able to add a Custom Field from a OnScopeCreated custom action , like this on your asp.net startup logic:

Audit.Core.Configuration.AddCustomAction(ActionType.OnScopeCreated, scope =>
{
    scope.SetCustomField("User", HttpContext.Current.User.Identity.GetUserId());
});

So you will have that field on the AuditEvent on your EF data provider, and should be able to retrieve like this:

Audit.Core.Configuration.Setup()
    .UseEntityFramework(_ => _
        .AuditTypeMapper(t => typeof(AuditLog))
        .AuditEntityAction<AuditLog>((ev, entry, entity) =>
        {
            var x = ev.CustomFields["User"];
            ...
        })
        .IgnoreMatchedProperties());

Note: if you are only interested in auditing entity framework DB contexts, you don't need the Audit.WebApi library. That one is for auditing the controller actions.

solution2
 1  2020-09-05 22:40:00

A little something for ASP.NET Core...

Given that ASP.NET Core has removed HttpContext.Current in favor of DI-based access, I'd like to add some update to @thepirat000's answer to reflect one of the possible ways of accessing the HttpContext outside of the controller.

  1. In the ConfigureServices method in your Startup.cs , register the dependency:

     services.AddSingleton<IHttpContextAccessor, HttpContextAccessor>();

  2. Add parameter injection for the registered dependency in the method: Configure in Startup.cs , use that to retrieve the context and use that to set the custom field.

     public void Configure(/* your existing parameters... */, IHttpContextAccessor httpContextAccessor) {... Audit.Core.Configuration.AddCustomAction(ActionType.OnScopeCreated, scope => { scope.SetCustomField("User", httpContextAccessor.HttpContext.User.Identity.Name); }); }

  3. Access the custom field as usual:

     Audit.Core.Configuration.Setup().UseEntityFramework(_ => _.AuditTypeMapper(t => typeof(AuditLog)).AuditEntityAction<AuditLog>((ev, entry, entity) => { var x = ev.CustomFields["User"]; ... }).IgnoreMatchedProperties());

solution3
 0  2019-09-19 11:06:18

The approach I use is a IUserContextLocator interface which becomes a dependency to the DbContext or whatever class implements the auditing. An implementation of the interface is created in the web application and wired up through the dependency injection to use a constructor initialization to provide details from the current session. so that the DbContext or other audit service can resolve a current user structure from a method in the IUserContextLocator which in turn fetches from the session.

My current implementation is at work so I don't have an example handy, but I can add the guts of it tomorrow. A similar principle to it can be seen here: http://josephwoodward.co.uk/2014/06/sessions-asp-net-mvc-using-dependency-injection/

Essentially, the domain-level code won't have access to things like HttpContext.Current, but an implementation that is initialized in your web application can. By registering that implementation in your DI via a common interface your domain can reference, you can inject the dependency sourced by the web application, allowing you to access session data. This example calls it a Registry which might be a more accurate pattern for it.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question I want to add the userid I have obtained from the user. But I don't know how to add multipartformdatacontent () with request.UserID field How can i solve “error converting data type nvarchar to numeric” when i don't have any nvarchar on my table? How can I access HttpContext in my data access code in ASP.NET Core? NSString crash when I don't have emoji in my string Why can't I access the HttpContext from the Controller initializer? Why I don't have any changes in my ObservableCollection when I have made some in my DataGrid? i have a access database i want to generate ID for column userId but when i deleted i record i want my code to use it's id again How can I “inject” the UserId into my model request? can't access a control in my form when I disable viewstate in asp.net and my viewstate is too bulky I don't want to enable it I have tears because I don't know how to field initialize a Dictionary with Action?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM