Commerce Foundation Auditing

  • Article

The CommerceAuditingSequenceComponent is a generic auditing component that can be added to any commerce operation sequence. You can specify the type of commerce entity to be audited and the properties. In addition, the request or the response can also be audited. By default, the CommerceAuditingSequenceComponent is configured to execute against the following sequence components: CommerceQueryOperation_userProfile, CommerceCreateOperation_UserProfile, CommerceUpdateOperation_UserProfile, CommerceQueryOperation_Basket, and CommerceUpdateOperation_Basket.

Note

The component only audits what the caller explicitly accesses/operates on. For example, this component is not in the default configuration for the Commerce Foundation UserProfile CommerceDelete operation for auditing related credit cards because it only logs what was explicitly deleted. It will not log referential database access to content (i.e. when deleting a user, the related address, user credit card, etc. are also deleted to preserve referential integrity.)

The Commerce Foundation Auditing capability leverages the existing Foundation Logging and Tracing capability (see Logging, Tracing and Exception Management in Commerce Foundation). By default, Commerce Foundation Auditing generates log data to Windows Even Log only.

Example

<Component name="Audit Query CreditCard" type="Microsoft.Commerce.SequenceComponents.Components.CommerceAuditingSequenceComponent, Microsoft.Commerce.SequenceComponents, Version=9.0.0.0, Culture=neutral,PublicKeyToken=31bf3856ad364e35">
   <Configuration
      customElementName="CommerceAuditingConfigurationSection"
      customElementType="Microsoft.Commerce.SequenceComponents.Components.CommerceAuditingConfigurationSection, Microsoft.Commerce.SequenceComponents, Version=9.0.0.0, Culture=neutral,PublicKeyToken=31bf3856ad364e35">
      <CommerceAuditingConfigurationSection modelName="CreditCard" auditRequest="true" auditResponse="true">
         <properties>
            <add name="*"/>
            <!-- OR 
            <add name="Id"/>
            <add name="DisplayName"/>
            -->
         </properties>
      </CommerceAuditingConfigurationSection>
   </Configuration>
</Component>

This operation sequence component will inspect the request/response for the configured model (and properties if specified) and if present, log to the specified trace layer in the application configuration file.

The following example specifies the EventLogTraceListener:

   <system.diagnostics>
      <sources>
         <source name="Microsoft.Commerce.Auditing" switchName="CommerceAuditingSwitch">
            <listeners>
               <add
                  name="AuditLogListener"
                  type="System.Diagnostics.EventLogTraceListener"
                  initializeData="Microsoft.Commerce Audit Log">
                     <filter type="System.Diagnostics.EventTypeFilter" initializeData="All" />
               </add>
            </listeners>
      </source>
   </sources>
   <switches>
      <add name="CommerceAuditingSwitch" value="All" />
   </switches>
…

The result of this example is found in the Windows Event Log. (Windows Event Log >Application Log>Source>Commerce Audit Log) and the message is in the following format:

User 'Identity Name: YOURDOMAIN\your.name, UserId: ' performed 'CommerceQueryOperation' operation on 'CreditCard' entity with an id of '{…a guid…}' at '10/06/2009 17:15:36' from the IP address '10.10.10.10'.

See Also

Other Resources

Developing with the Multi-Channel Commerce Foundation

Commerce Foundation CommerceLogEntry

Logging, Tracing and Exception Management in Commerce Foundation