Use WCF auditing to audit your service

J.D. Meier, Jason Taylor, Prashant Bansode, Carlos Farre, Madhu Sundararajan, Steve Gregersen.

Use the WCF auditing feature to audit your service. Configure your application to use the WCF auditing feature to log security events for success, failure or both. The events are written to the Windows system event log and you can view and examine them in the Event Viewer.

WCF service auditing can allow you to detect an attack that has occurred or is in progress. In addition, auditing can help you debug security-related problems. For example, if an error in the configuration of the authorization or checking policy accidentally denies access to an authorized user, you can discover and isolate the cause of this error by examining the auditing events in the event log.

The following configuration snippet shows how to configure your WCF service to use auditing:
<configuration>
  <system.serviceModel>
    <behaviors>
      <behavior>
        <serviceSecurityAudit
             auditLogLocation="Application"
             suppressAuditFailure="true"
             serviceAuthorizationAuditLevel="Failure"
             messageAuthenticationAuditLevel=
                         "SuccessOrFailure" /> 
      </behavior>
    </behaviors>
  </system.serviceModel>
</configuration>

Additional Resources

Last edited Apr 24, 2008 at 12:09 AM by prashantbansode, version 3

Comments

No comments yet.