HttpClient CustomFields

[wboevink]

With the Audit.Mvc.Core package I'm using:

        this.GetCurrentAuditScope()
            .SetCategory(AuditCategory.Buildings)
            .SetActivityName("AUDIT.BUILDINGS.UPDATE_CONNECTIONS")
            .SetProjectId(projectId)
            .SetBuildingId(buildingId);

this.GetCurrentAuditScope() is an Audit.Net extension which gets the current AuditScope from the ControllerBase

The other calls are used to set some CustomFields for the Audit.

    public static IAuditScope SetProjectId(this IAuditScope auditScope, Guid projectId)
    {
        auditScope?.SetCustomField(AuditCustomField.ProjectId, projectId);
        return auditScope;
    }

How can I achieve the same with the Audit.HttpClient?

[thepirat000]

There are several ways to achieve this, such as by setting a custom action or providing an audit scope factory that returns a scope with the custom fields populated. However, it ultimately depends on the source of the data for the custom fields. How do you retrieve the projectId and buildingId?

[wouter-b]

@thepirat000 As an example, I've an Azure Function which gets called with a buildingId. ProjectId gets resolved from the DB.

public class Function(ILogger<Function> logger, IAuditHttpService httpService)
{
    [Function("Function1")]
    public async Task<IActionResult> Run([HttpTrigger(AuthorizationLevel.Function, "get", "post", Route = "buildings/{buildingId}/posts")] HttpRequest req, string buildingId)
    {

        logger.LogInformation("C# HTTP trigger function processed a request.");

        var projectId = await GetProjectIdFromDbAsync(buildingId);
        var posts = await httpService.GetBuildingPostsAsync(buildingId);
        return new OkObjectResult(posts);
    }

    private async Task<string> GetProjectIdFromDbAsync(string buildingId)
    {
        return "123";
    }
}

The HttpService is injected in the function

internal class AuditHttpService(ILogger<AuditHttpService> logger, IAuditHttpClient httpClient) : IAuditHttpService
    {
        public async Task<string> GetBuildingPostsAsync(string buildingId)
        {
            return await httpClient.GetBuildingPostsAsync(buildingId);
        }
    }

With an injected type HttpClient

internal class AuditHttpClient(ILogger<AuditHttpClient> logger, HttpClient httpClient) : IAuditHttpClient
    {
        public async Task<string> GetBuildingPostsAsync(string buildingId)
        {
            var response = await httpClient.GetAsync("https://jsonplaceholder.typicode.com/posts");
            response.EnsureSuccessStatusCode();
            return await response.Content.ReadAsStringAsync();
        }
    }

program.cs

var host = new HostBuilder()
    .ConfigureFunctionsWebApplication()
    .ConfigureServices(services =>
    {
        services.AddApplicationInsightsTelemetryWorkerService();
        services.ConfigureFunctionsApplicationInsights();
        services.AddHttpClient();
        services.AddHttpClient<IAuditHttpClient, AuditHttpClient>()
            .AddAuditHandler(audit =>
            {
                audit.IncludeRequestBody();
                audit.IncludeResponseBody();
            });

        services.AddScoped<IAuditHttpService, AuditHttpService>();
    })
    .Build();

host.Run();

https://github.com/wouter-b/AuditHttpFunction

[thepirat000]

I think what you're asking for is a way to add contextual information to each HTTP action within an audited HttpClient.

We cannot provide an instance method to add audit data to a request, as is possible in MVC, because the audit scope is created, saved, and disposed within a single 'GetAsync' (or 'SendAsync') call.

Therefore, adding an extension method to the HttpClient instance is not feasible:

httpClient.GetCurrentAuditScope().SetCustomField("ContextId", contextId); // <-- This

var response = await httpClient.GetAsync("https://jsonplaceholder.typicode.com/posts");

Even if feasible, this approach would only work with transient HttpClient instances, as it is not thread-safe otherwise.

However, we could use the HttpRequestMessage.Options as a workaround to add contextual information to the HTTP Audit Event.

If the library provided a way to include the Options in the audit output, we could use that to add any extra information that is not sent as part of the request.

You would need to change your HttpClient.GetAsync calls to use HttpClient.SendAsync with Options instead. For example:

var request = new HttpRequestMessage(HttpMethod.Get, "https://jsonplaceholder.typicode.com/posts");
	
request.Options.Set(new HttpRequestOptionsKey<int>("ContextId"), contextId);
	
await httpClient.SendAsync(request);

The library will need a change to provide a configuration and logic to store the Options values. For example:

services.AddHttpClient<IAuditHttpClient, AuditHttpClient>()
	.AddAuditHandler(audit =>
	{
	    audit.IncludeRequestBody();
	    audit.IncludeResponseBody();
		audit.IncludeOptions(["ContextId"]); // <-- This
	});

With this setup, the AuditEvent will include the option values under Action.Request.Options.

Will something like this work for your use case?

[wouter-b]

That would be an excellent option.
Could it also be possible to include them as customfields? The suggested solution would also work for me.

[thepirat000]

You can change the audit event in a custom action before it's saved:

Audit.Core.Configuration.AddOnSavingAction(scope =>
{
    scope.GetHttpAction().Request.Options.Remove("ContextId", out var contextId);

    scope.SetCustomField("ContextId", contextId);
});

[thepirat000]

The IncludeOptions configuration was added in version 25.0.7.

For example:

services.AddHttpClient<IAuditHttpClient, AuditHttpClient>()
	.AddAuditHandler(audit =>
	{
	    audit.IncludeRequestBody();
	    audit.IncludeResponseBody();
            audit.IncludeOptions();
	});

Additionally, a new GetRequestMessage() method has been introduced in HttpAction to retrieve the current request message from the audit event. This enables you to achieve the same result with a custom action, such as

Audit.Core.Configuration.AddOnCreatedAction(scope =>
{
    var originalMessage = scope.GetHttpAction().GetRequestMessage();

    originalMessage.Options.TryGetValue(new HttpRequestOptionsKey<int>("ContextId"), out int contextId);

    scope.SetCustomField("ContextId", contextId);
});

[wboevink]

WOW, thank you so much for your great support!