Introduction
Audit trails are crucial for tracking changes in data, maintaining security, and ensuring compliance with regulations. In this article, we will implement an audit trail in an ASP.NET Core Web API. The example will cover everything from setting up the project to performing CRUD operations and verifying the audit logs.
Prerequisites
- Visual Studio or Visual Studio Code
- SQL Server (or a suitable SQL database)
Step 1. Create a New ASP.NET Core Web API Project
Open your terminal or command prompt and run the following command to create a new ASP.NET Core Web API project:
dotnet new webapi -n AuditTrailExample
cd AuditTrailImplementtionInAspNetCoreWebAPI
Step 2. Install Required NuGet Packages
Install the necessary packages for Entity Framework Core and SQL Server.
dotnet add package Microsoft.EntityFrameworkCore
dotnet add package Microsoft.EntityFrameworkCore.SqlServer
dotnet add package Microsoft.EntityFrameworkCore.Tools
dotnet add package Microsoft.AspNetCore.Http.Abstractions
Step 3. Define the Data Models
Create the Product and AuditLog entities.
Product Entity
Create a new folder Models and add the Product class.
namespace AuditTrailImplementtionInAspNetCoreWebAPI.Model
{
public class Product
{
public int Id { get; set; }
public string Name { get; set; }
public decimal Price { get; set; }
public int Stock { get; set; }
}
}
AuditLog Entity
Add the AuditLog class.
namespace AuditTrailImplementtionInAspNetCoreWebAPI.Model
{
public class AuditLog
{
public int Id { get; set; }
public string? UserId { get; set; }
public DateTime Timestamp { get; set; }
public string? Action { get; set; }
public string? TableName { get; set; }
public string? RecordId { get; set; }
public string? Changes { get; set; }
}
}
Step 4. Configure the Database Context
Create a new folder Data and add the ApplicationDbContext class:
using AuditTrailImplementtionInAspNetCoreWebAPI.Model;
using Microsoft.EntityFrameworkCore.ChangeTracking;
using Microsoft.EntityFrameworkCore;
using System.Security.Claims;
using System.Collections.Generic;
namespace AuditTrailImplementtionInAspNetCoreWebAPI.Data
{
public class ApplicationDbContext : DbContext
{
private readonly IHttpContextAccessor _httpContextAccessor;
public ApplicationDbContext(DbContextOptions<ApplicationDbContext> options, IHttpContextAccessor httpContextAccessor)
: base(options)
{
_httpContextAccessor = httpContextAccessor;
}
public DbSet<AuditLog> AuditLogs { get; set; }
public DbSet<Product> Products { get; set; }
public override int SaveChanges()
{
var auditEntries = OnBeforeSaveChanges();
var result = base.SaveChanges();
OnAfterSaveChanges(auditEntries);
return result;
}
private List<AuditEntry> OnBeforeSaveChanges()
{
ChangeTracker.DetectChanges();
var auditEntries = new List<AuditEntry>();
var userId = _httpContextAccessor.HttpContext?.User?.FindFirstValue(ClaimTypes.NameIdentifier);
foreach (var entry in ChangeTracker.Entries())
{
if (entry.Entity is AuditLog || entry.State == EntityState.Detached || entry.State == EntityState.Unchanged)
{
continue;
}
var auditEntry = new AuditEntry(entry)
{
TableName = entry.Entity.GetType().Name,
Action = entry.State.ToString(),
UserId = "1234"
};
auditEntries.Add(auditEntry);
foreach (var property in entry.Properties)
{
string propertyName = property.Metadata.Name;
if (property.IsTemporary)
{
auditEntry.TemporaryProperties.Add(property);
continue;
}
if (entry.State == EntityState.Added)
{
auditEntry.NewValues[propertyName] = property.CurrentValue;
}
else if (entry.State == EntityState.Deleted)
{
auditEntry.OldValues[propertyName] = property.OriginalValue;
}
else if (entry.State == EntityState.Modified && property.IsModified)
{
auditEntry.OldValues[propertyName] = property.OriginalValue;
auditEntry.NewValues[propertyName] = property.CurrentValue;
}
}
}
foreach (var auditEntry in auditEntries.Where(e => !e.HasTemporaryProperties))
{
AuditLogs.Add(auditEntry.ToAuditLog());
}
return auditEntries.Where(e => e.HasTemporaryProperties).ToList();
}
private void OnAfterSaveChanges(List<AuditEntry> auditEntries)
{
if (auditEntries == null || auditEntries.Count == 0)
{
return;
}
foreach (var auditEntry in auditEntries)
{
foreach (var prop in auditEntry.TemporaryProperties)
{
if (prop.Metadata.IsPrimaryKey())
{
auditEntry.KeyValues[prop.Metadata.Name] = prop.CurrentValue;
}
else
{
auditEntry.NewValues[prop.Metadata.Name] = prop.CurrentValue;
}
}
AuditLogs.Add(auditEntry.ToAuditLog());
}
SaveChanges();
}
}
}
Add Connection String
In appsettings.json, add the connection string to your SQL Server:
{
"Logging": {
"LogLevel": {
"Default": "Information",
"Microsoft.AspNetCore": "Warning"
}
},
"ConnectionStrings": {
"DefaultConnection": "Server=SARDAR-MUDASSAR\\SQLEXPRESS2022;database=AuditLog;User ID=sa;Password=Smak$95;Trusted_Connection=True;MultipleActiveResultSets=true;TrustServerCertificate=True"
},
"AllowedHosts": "*"
}
Step 5. Configure Services and Middleware
Update the Program.cs file to configure the services and middleware:
using AuditTrailImplementtionInAspNetCoreWebAPI.Data;
using Microsoft.EntityFrameworkCore;
namespace AuditTrailImplementtionInAspNetCoreWebAPI
{
public class Program
{
public static void Main(string[] args)
{
var builder = WebApplication.CreateBuilder(args);
// Add services to the container.
builder.Services.AddDbContext<ApplicationDbContext>(options =>
options.UseSqlServer(builder.Configuration.GetConnectionString("DefaultConnection")));
builder.Services.AddControllers();
builder.Services.AddHttpContextAccessor();
// Learn more about configuring Swagger/OpenAPI at https://aka.ms/aspnetcore/swashbuckle
builder.Services.AddEndpointsApiExplorer();
builder.Services.AddSwaggerGen();
var app = builder.Build();
// Configure the HTTP request pipeline.
if (app.Environment.IsDevelopment())
{
app.UseSwagger();
app.UseSwaggerUI();
}
app.UseHttpsRedirection();
app.UseAuthorization();
app.MapControllers();
app.Run();
}
}
}
Step 6. Create the Products Controller
Create a Controllers folder and add the ProductsController class.
using AuditTrailImplementtionInAspNetCoreWebAPI.Data;
using AuditTrailImplementtionInAspNetCoreWebAPI.Model;
using Microsoft.AspNetCore.Mvc;
using Microsoft.EntityFrameworkCore;
using System.Threading.Tasks;
namespace AuditTrailImplementtionInAspNetCoreWebAPI.Controllers
{
[ApiController]
[Route("[controller]")]
public class ProductsController : ControllerBase
{
private readonly ApplicationDbContext _context;
public ProductsController(ApplicationDbContext context)
{
_context = context;
}
[HttpGet]
public async Task<IActionResult> GetProducts()
{
var products = await _context.Products.ToListAsync();
return Ok(products);
}
[HttpGet("{id}")]
public async Task<IActionResult> GetProduct(int id)
{
var product = await _context.Products.FindAsync(id);
if (product == null)
{
return NotFound();
}
return Ok(product);
}
[HttpPost]
public async Task<IActionResult> CreateProduct([FromBody] Product newProduct)
{
_context.Products.Add(newProduct);
await _context.SaveChangesAsync();
return CreatedAtAction(nameof(GetProduct), new { id = newProduct.Id }, newProduct);
}
[HttpPut("{id}")]
public async Task<IActionResult> UpdateProduct(int id, [FromBody] Product updatedProduct)
{
var product = await _context.Products.FindAsync(id);
if (product == null)
{
return NotFound();
}
product.Name = updatedProduct.Name;
product.Price = updatedProduct.Price;
product.Stock = updatedProduct.Stock;
await _context.SaveChangesAsync();
return NoContent();
}
[HttpDelete("{id}")]
public async Task<IActionResult> DeleteProduct(int id)
{
var product = await _context.Products.FindAsync(id);
if (product == null)
{
return NotFound();
}
_context.Products.Remove(product);
await _context.SaveChangesAsync();
return NoContent();
}
}
}
Step 7. Apply Migrations and Update the Database
Generate the migration files and update the database.
add migration IMAuditTrail22042024
Update-database
Step 8. Test the Implementation
Perform CRUD operations using the API and verify that the AuditLogs table is populated with the appropriate entries.
Example CRUD Operations
- Create a New Product
curl -X POST "https://localhost:5001/products" -H "accept: text/plain" -H "Content-Type: application/json" -d "{ \"name\": \"New Product\", \"price\": 19.99, \"stock\": 100 }"
- Update a Product
curl -X PUT "https://localhost:5001/products/1" -H "accept: text/plain" -H "Content-Type: application/json" -d "{ \"name\": \"Updated Product\", \"price\": 29.99, \"stock\": 150 }"
- Delete a Product
curl -X DELETE "https://localhost:5001/products/1" -H "accept: text/plain"
Check Audit Logs
After performing the above operations, inspect the AuditLogs table in your database to ensure it is populated with the expected entries.
GitHub Project Link
Conclusion
By following this end-to-end example, you have successfully implemented an audit trail in an ASP.NET Core Web API. This implementation helps track changes in the data, which is crucial for maintaining security, compliance, and debugging issues.