1

When using Audit.Net I'm including entire response to be audited such as response content, headers and IncludeHeaders too, below is my configuration:

mvcOptions.AddAuditFilter(a => a
            .LogRequestIf(d => d.HttpContext.Request.Method != HttpMethods.Get)
            .WithEventType("{verb}.{controller}.{action}")
            .IncludeHeaders()
            .IncludeResponseBody()
            .IncludeResponseHeaders());

But I'm able to see only below response headers.

"Headers": {
      "Connection": "keep-alive",
      "Content-Type": "application/json",
      "Accept": "*/*",
      "Accept-Encoding": "gzip, deflate, br",
      "Host": "localhost:50266",
      "User-Agent": "PostmanRuntime/7.26.10",
      "Content-Length": "3503",
      "Postman-Token": "645b83e3-d1b6-40f8-b615-85052b614b37"
    },
    "ResponseHeaders": {
      "Request-Context": "appId=xxxxxxx",
      "Referrer-Policy": "no-referrer",
      "X-Content-Type-Options": "nosniff",
      "Content-Security-Policy": "default-src 'self';"
    }

My response also contains Location header but the same is not visible in the audit log. This request was raised through Postman and the response headers in postman can be seen below:

enter image description here

Location header is clearly visible in postman, but the same is missing in audit log, what did I miss here? Any pointers please?

Ian Kemp
  • 28,293
  • 19
  • 112
  • 138
JPReddy
  • 63,233
  • 16
  • 64
  • 93
  • Maybe related to https://stackoverflow.com/questions/12534459/headers-appear-in-browser-but-are-missing-in-response-object – thepirat000 Mar 12 '21 at 15:10

1 Answers1

1

You should use the provided middleware in order to get the response headers, since most of the response headers are added on Result Filters which executes after the Action Filters, and the AuditApiGlobalFilter is an Action Filter.

enter image description here

The recommended approach is to configure both the action filter and the middleware so you get specific information for the action and also any information added afterwards such as the response headers. Also, including the middleware will allow to audit requests that does not reach a controller/action.

So just add the following to your startup:

public void Configure(IApplicationBuilder app)
{
    app.UseAuditMiddleware(_ => _
        .FilterByRequest(d => d.HttpContext.Request.Method != HttpMethods.Get)
        .IncludeHeaders()
        .IncludeResponseBody()
        .IncludeResponseHeaders()
        .WithEventType("{verb}.{controller}.{action}"));

    // ...
}
thepirat000
  • 12,362
  • 4
  • 46
  • 72
  • 1
    That's a good catch, thank you so much. Sad that I missed to read that well documented article. – JPReddy Mar 12 '21 at 18:00