What's new in ASP.NET 2.0 in terms of Auditing and Logging?

From Guidance Share

Jump to: navigation, search

J.D. Meier, Prashant Bansode, Alex Mackman

Answer

ASP.NET version 2.0 introduces the health monitoring system. It supports many standard events that you can use to monitor the health of your application. Examples of security related events include logon failures when using the ASP.NET membership system, attempts to tamper with or reuse forms authentication tickets, and infrastructure events such as disk access failures etc. By default, all Web error and audit failure events are logged to the Windows event log. Health monitoring uses event providers to deliver event notifications. The following event providers are available out of box:

  • SimpleMailWebEventProvider. This provider sends e-mail for event notifications.
  • TemplatedMailWebEventProvider. This provider uses templates to define and format e-mail messages sent for event notifications.
  • SqlWebEventProvider. This provider logs event details to a SQL Server database. If you use this provider, you should encrypt the connection string in your Web.config file by using the Aspnet_regiis.exe tool.
  • EventLogWebEventProvider. This provider logs events to the Windows application event log.
  • TraceWebEventProvider. This provider logs events as ASP.NET trace messages.
  • WmiWebEventProvider. This provider maps ASP.NET health monitoring events to Windows Management Instrumentation (WMI) events.

In addition you can also create custom event providers to write events to custom stores by creating a class that inherits from System.Web.Management.WebEventProvider. You can also create custom events to instrument your application for other security and non-security related notable events and log them using Health Monitoring feature.

More Information

For more information on auditing and logging, see “How To: Use Health Monitoring in ASP.NET 2.0” at http://msdn.microsoft.com/library/en-us/dnpag2/html/PAGHT000011.asp and “How To: Instrument ASP.NET 2.0 Applications for Security” at http://msdn.microsoft.com/library/en-us/dnpag2/html/PAGHT000016.asp

Personal tools