3

I need to implement Audit Trail in my application which is WinForm application. I need to log all the activity done by user on application and in System to see if he had changed any security settings or anything.

Is there any way to do this by AOP or using PostSharp or any other such method which could be done with minimal changes in existing code as it is a very big application and implementing logging in every method is a time taking steps.

I am open to create a new application which could be for auditing purpose if it helps.

Please let me know any best practices I should follow to implement Auditing. We are using .Net 4.5 and SQL Server 2005.

Nate B.
  • 942
  • 11
  • 31
XYZ
  • 119
  • 1
  • 12
  • If you are mostly concerned with data ... you can either use change tracking built into SQL or use triggers to write copies of the records to history tables. Hopefully you have a modified user ID and modified date/time for each table that can be used to record who made the change. – Marc Johnston May 01 '15 at 22:32
  • Change tracking comes in Sql Server 2008 and using triggers is not good as the data size is huge and i am working on a real time application which will have a great impact – XYZ May 04 '15 at 08:12

1 Answers1

1

Sounds like you want an audit of business-level operations attempted via your WinForms application.

Since, you asked about aspect-oriented approach - yes you can certainly use PostSharp's OnMethodBoundaryAspect to plug in some logging/auditing behaviour with almost no change to existing code.

You will also get information about the caller and values of arguments passed which you can use to make your audits meaningful. Will update shortly with example. Further Reading

DISCLAIMER: I do not work for PostSharp. I just happened to try it out recently.

Robin Maben
  • 22,194
  • 16
  • 64
  • 99
  • Yup, this could help but there would be many conditional code in the OnMethodBoundaryAspect depending where it is invoked and determining the audit log and other details would increase a lot of code. Also this will lead to parallel logic creation moving forward to alter logging code if there are changes if business code – XYZ May 04 '15 at 10:23
  • @AmanSeth: Have not seen enough of your scenario to understand what you mean by "parallel logic". But that kind of implies that some piece of business logic depends on the audit logs as it's input! Maybe it's time to rethink that design then? – Robin Maben May 04 '15 at 11:41
  • Design cannot be changed at instant as the application is V.big and by parallel logic i mean if i had made any changes in my application code then i need to change the auditing code. So this is not generic as this will create a very colplex code of auditing in method intercepted – XYZ May 04 '15 at 11:54