Hi, I want to enable AuditLogging for some HttpGet methods, but I don’t want to enable it for all methods. Therefore, I don’t want to set IsEnabledForGetRequests to true. I added the [Audited] attribute to the methods where I want AuditLogging to be active, but it didn’t work. I also don’t want to set IsEnabledForGetRequests = true and block my controllers using IgnoredUrls, because I have too many controllers — I can’t manage that.
Is there a way to enable AuditLogging for only some HttpGet requests without writing any logging code inside the method?
Thanks.
3 Answer(s)
-
0
- Solution
- ABP does not audit GET requests by default (IsEnabledForGetRequests = false). The [Audited] attribute on controller actions does not override this default for HTTP request auditing.
- To enable auditing for only specific GET endpoints without turning it on globally, create a custom IAuditingMiddlewareMatcherContributor that returns true only for the endpoints you want to audit.
Code example:
using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Routing; using Volo.Abp.Auditing; public class SelectiveGetAuditingMatcher : IAuditingMiddlewareMatcherContributor { public void Contribute(AuditingMiddlewareMatchingContext context) { var httpContext = context.HttpContext; // Skip non-HTTP GET requests if (!HttpMethods.IsGet(httpContext.Request.Method)) { return; } // If endpoint metadata contains [DisableAuditing], skip. var endpoint = httpContext.GetEndpoint(); if (endpoint?.Metadata?.GetMetadata<DisableAuditingAttribute>() != null) { return; } // Example 1: match by route template (controller/action) var routeData = httpContext.GetRouteData(); var controller = routeData?.Values["controller"]?.ToString(); var action = routeData?.Values["action"]?.ToString(); // Only audit specific GET actions: if ((controller, action) is ("Orders", "GetDetails") or ("Reports", "GetMonthly")) { context.Matches = true; // audit this request return; } // Example 2 (optional): match by path prefix // if (httpContext.Request.Path.StartsWithSegments("/api/my-important-read")) // { // context.Matches = true; // } } }Register the contributor and keep IsEnabledForGetRequests = false:
public override void ConfigureServices(ServiceConfigurationContext context) { Configure<AbpAuditingOptions>(options => { options.IsEnabledForGetRequests = false; // keep default options.AlwaysLogOnException = true; // still log failures // Add our selective matcher contributor options.Middlewares.Add(new AuditingMiddlewareConfiguration { Contributors = { new AuditingMiddlewareContributor(typeof(SelectiveGetAuditingMatcher)) } }); }); }Notes:
- This solution audits only the GET endpoints you decide, with no logging code inside actions.
- You can refine matching logic by:
- Path patterns, route names, endpoint metadata, or custom attributes you define.
- You can also place [DisableAuditing] on any GET action you never want audited as an extra safeguard.
- IgnoredUrls is the inverse tool (exclude). Here you don’t need it since you aren’t enabling GET globally.
- Sources
- https://docs.abp.io/en/abp/latest/Audit-Logging#http-request-auditing
- https://docs.abp.io/en/abp/latest/Audit-Logging
This response was generated by AI. If it didn’t solve your problem, feel free to post a new answer — our support team will jump in to help you soon.
-
0
Yes i can write a custom Middleware but i dont want to manage the logging part. Abp should provide this to me
-
0
hi
You can use
IsEnabledForGetRequestsConfigure<AbpAuditingOptions>(options => { options.AlwaysLogSelectors.Add(info => Task.FromResult(info.Url != null && info.Url.Contains("api/my-api"))); });Thanks.
