ABP框架系列之十二：(Audit-Logging-審計日誌)

Introduction

Wikipedia: "An audit trail (also called audit log) is a security-relevant chronological record, set of records, and/or destination and source of records that provide documentary evidence of the sequence of activities that have affected at any time a specific operation, procedure, or event".

維基百科：「審計跟蹤（又稱審計日誌）是一個與安全有關的時間記錄、記錄集和/或目的地和記錄來源，它們提供隨時影響特定操做、程序或事件的活動序列的書面證據。」。

ASP.NET Boilerplate provides an infrastructure to automatically log all interactions with the application. It can record intended method calls with caller info and arguments.

Basically, saved fields are: Related tenant id, caller user id, called service name (the class of the called method), called method name, execution parameters (serialized into JSON), execution time, execution duration(as milliseconds), client IP address, client's computer name and the exception (if method throws an exception).

Wtih these informations, we not just know who did the operation, also can measure performance of the application and observe exceptions thrown. Even more, you can get statistics about usage of your application.

Auditing system uses IAbpSession to get current UserId and TenantId.

Application service, MVC Controller, Web API and ASP.NET Core methods are automatically audited by default.

ASP.NET樣板提供了一個基礎，記錄全部的交互的應用程序自動。它能夠用調用者的信息和參數記錄預約的方法調用。

基本上，保存的字段是：相關的租戶ID、調用方用戶ID、被調用的服務名稱（被調用方法的類）、方法名、執行參數（序列化爲JSON）、執行時間、執行時間（如毫秒）、客戶機IP地址、客戶端計算機名和異常（若是方法拋出異常）。

使用這些信息，咱們不知道誰作的操做，也能夠測量的應用性能和觀察中引起的異常。更甚者，您能夠得到有關應用程序使用狀況的統計數據。

審計系統採用iabpsession獲取當前用戶名和tenantid。

應用服務，MVC控制器，Web API和ASP.NET的核心方法是自動審覈，默認。

About IAuditingStore

Auditing system uses IAuditingStore to save audit informations. While you can implement it in your own way, it's fully implemented in module-zero project. If you don't implement it, SimpleLogAuditingStore is used and it writes audit informations to the log.

審計系統採用iauditingstore保存審計信息。雖然能夠以本身的方式實現它，但它徹底在模塊爲零的項目中實現。若是你不執行它，SimpleLogAuditingStore用它寫審計信息的日誌。

Configuration

To configure auditing, you can use Configuration.Auditing property in your module's PreInitialize method. Auditing is enabled by default. You can disable it as shown below.

配置審計，你可使用配置。在你的模塊的屬性審計分發方法。默認狀況下啓用審覈。您能夠禁用它，以下所示。

public class MyModule : AbpModule
{
    public override void PreInitialize()
    {
        Configuration.Auditing.IsEnabled = false;
    }

    //...
}

Here, a list of auditing configuration properties:

• IsEnabled: Used to enable/disable auditing system completely. Default: true.
• IsEnabledForAnonymousUsers: If this is set to true, audit logs are saved also for users those are not logged in to the system. Default: false.
• Selectors: Used to select other classes to save audit logs.

• 下面是審覈配置屬性的列表：

  是否啓用：用於啓用/禁用審計系統徹底。默認值：true。
  isenabledforanonymoususers：若是設置爲true，審計日誌的保存也爲用戶未登陸到系統中。默認值：false。
  選擇器：用於選擇其餘類以保存審計日誌。

Selectors is a list of predicates to select other types to save audit logs. A selector has a unique name and a predicate. The only default selector in this list is used to select application service classes. It's defined as shown below:

選擇器是一個謂詞列表，用於選擇其餘類型以保存審計日誌。選擇器有惟一的名稱和謂詞。此列表中唯一的默認選擇器用於選擇應用程序服務類。它的定義以下所示：

Configuration.Auditing.Selectors.Add(
    new NamedTypeSelector(
        "Abp.ApplicationServices",
        type => typeof (IApplicationService).IsAssignableFrom(type)
    )
);

You can add your selectors in your module's PreInitialize method. Also, you can remove the selector above by name if you don't like to save audit logs for application services. That's why it has a unique name (Use simple LINQ to find the selector in Selectors and remove it if you want).

Note: In addition to standard audit configuration, MVC and ASP.NET Core modules define configuration to enable/disable audit logging for actions.

你能夠在你的模塊的添加您選擇分發方法。此外，若是不但願爲應用程序服務保存審覈日誌，則能夠按名稱刪除上面的選擇器。這就是爲何它有一個惟一的名稱（使用簡單的LINQ to找到選擇器選擇器和若是你想刪除它）。

注：除了標準的審計結構、MVC和ASP.NET核心模塊定義配置啓用/禁用活動的日誌審計。

Enable/Disable by attributes

While you can select auditing classes by configuration, you can use Audited and DisableAuditing attributes for a single class, a single method. An example:

雖然你能夠選擇審計類的配置，您可使用審覈和disableauditing屬性爲一個類，一個單一的方法。一個例子：

[Audited]
public class MyClass
{
    public void MyMethod1(int a)
    {
        //...
    }

    [DisableAuditing]
    public void MyMethod2(string b)
    {
        //...
    }

    public void MyMethod3(int a, int b)
    {
        //...
    }
}

All methods of MyClass are audited except MyMethod2 since it's explicitly disabled. Audited attribute can be used for a method to just save audits for the desired method.

DisableAuditing can also be used for or a single property of a DTO. Thus, you can hide sensitive data in audit logs, such as passwords for example.

全部的方法除了mymethod2 MyClass審計由於它明確禁用。已審覈的屬性可用於只保存所需方法的審覈的方法。

disableauditing也能夠用於單個屬性或一個DTO。所以，能夠將敏感數據隱藏在審計日誌中，例如密碼。

Notes（注意）

• A method must be public in order to saving audit logs. Private and protected methods are ignored.
• A method must be virtual if it's called over class reference. This is not needed if it's injected using it's interface (like injecting IPersonService interface to use PersonService class). This is needed since ASP.NET Boilerplate uses dynamic proxying and interception. This is not true for MVC Controller actions. They may not be virtual.

• 爲了節省審計日誌，必須公開一種方法。私有和受保護的方法被忽略。
  若是在類引用上調用它，則方法必須是虛擬的。這是不須要的若是是注射使用的接口（如注射ipersonservice接口使用人的服務類）。這是自ASP.NET樣板使用動態代理和攔截須要。MVC控制器的操做不是這樣的。它們可能不是虛擬的。