Commerce Foundation Auditing
The CommerceAuditingSequenceComponent is a generic auditing component that can be added to any commerce operation sequence. You can specify the type of commerce entity to be audited and the properties. In addition, the request or the response can also be audited. By default, the CommerceAuditingSequenceComponent is configured to execute against the following sequence components: CommerceQueryOperation_userProfile, CommerceCreateOperation_UserProfile, CommerceUpdateOperation_UserProfile, CommerceQueryOperation_Basket, and CommerceUpdateOperation_Basket.
Note
The component only audits what the caller explicitly accesses/operates on. For example, this component is not in the default configuration for the Commerce Foundation UserProfile CommerceDelete operation for auditing related credit cards because it only logs what was explicitly deleted. It will not log referential database access to content (i.e. when deleting a user, the related address, user credit card, etc. are also deleted to preserve referential integrity.)
The Commerce Foundation Auditing capability leverages the existing Foundation Logging and Tracing capability (see Logging, Tracing and Exception Management in Commerce Foundation). By default, Commerce Foundation Auditing generates log data to Windows Even Log only.
Example
<Component name="Audit Query CreditCard" type="Microsoft.Commerce.SequenceComponents.Components.CommerceAuditingSequenceComponent, Microsoft.Commerce.SequenceComponents, Version=9.0.0.0, Culture=neutral,PublicKeyToken=31bf3856ad364e35">
<Configuration
customElementName="CommerceAuditingConfigurationSection"
customElementType="Microsoft.Commerce.SequenceComponents.Components.CommerceAuditingConfigurationSection, Microsoft.Commerce.SequenceComponents, Version=9.0.0.0, Culture=neutral,PublicKeyToken=31bf3856ad364e35">
<CommerceAuditingConfigurationSection modelName="CreditCard" auditRequest="true" auditResponse="true">
<properties>
<add name="*"/>
<!-- OR
<add name="Id"/>
<add name="DisplayName"/>
-->
</properties>
</CommerceAuditingConfigurationSection>
</Configuration>
</Component>
This operation sequence component will inspect the request/response for the configured model (and properties if specified) and if present, log to the specified trace layer in the application configuration file.
The following example specifies the EventLogTraceListener:
<system.diagnostics>
<sources>
<source name="Microsoft.Commerce.Auditing" switchName="CommerceAuditingSwitch">
<listeners>
<add
name="AuditLogListener"
type="System.Diagnostics.EventLogTraceListener"
initializeData="Microsoft.Commerce Audit Log">
<filter type="System.Diagnostics.EventTypeFilter" initializeData="All" />
</add>
</listeners>
</source>
</sources>
<switches>
<add name="CommerceAuditingSwitch" value="All" />
</switches>
…
The result of this example is found in the Windows Event Log. (Windows Event Log >Application Log>Source>Commerce Audit Log) and the message is in the following format:
User 'Identity Name: YOURDOMAIN\your.name, UserId: ' performed 'CommerceQueryOperation' operation on 'CreditCard' entity with an id of '{…a guid…}' at '10/06/2009 17:15:36' from the IP address '10.10.10.10'.
See Also
Other Resources
Developing with the Multi-Channel Commerce Foundation
Commerce Foundation CommerceLogEntry
Logging, Tracing and Exception Management in Commerce Foundation