Merge pull request #208947 from trwalke/trwalke-MSFT-Patch-1

v-regandowner · web-flow · commit d858bb00d940 · 2022-11-01T14:50:28.000-04:00
msal-logging-dotnet.md - Updates to MSAL logging documentation
diff --git a/articles/active-directory/develop/msal-logging-dotnet.md b/articles/active-directory/develop/msal-logging-dotnet.md
@@ -23,38 +23,104 @@ ms.custom: aaddev
 
 In MSAL, logging is set at application creation using the `.WithLogging` builder modifier. This method takes optional parameters:
 
+- `IIdentityLogger` is the logging implementation used by MSAL.NET to produce logs for debugging or health check purposes. Logs are only sent if logging is enabled.
 - `Level` enables you to decide which level of logging you want. Setting it to Errors will only get errors
-- `PiiLoggingEnabled` enables you to log personal and organizational data (PII) if set to true. By default, this is set to false, so that your application doesn't log personal data.
+- `PiiLoggingEnabled` enables you to log personal and organizational data (PII) if set to true. By default, this parameter is set to false, so that your application doesn't log personal data.
 - `LogCallback` is set to a delegate that does the logging. If `PiiLoggingEnabled` is true, this method will receive messages that can have PII, in which case the `containsPii` flag will be set to true.
 - `DefaultLoggingEnabled` enables the default logging for the platform. By default it's false. If you set it to true it uses Event Tracing in Desktop/UWP applications, NSLog on iOS and logcat on Android.
 
-```csharp
-class Program
+### IIdentityLogger Interface
+```CSharp
+namespace Microsoft.IdentityModel.Abstractions
 {
-  private static void Log(LogLevel level, string message, bool containsPii)
-  {
-     if (containsPii)
-     {
-        Console.ForegroundColor = ConsoleColor.Red;
-     }
-     Console.WriteLine($"{level} {message}");
-     Console.ResetColor();
-  }
-
-  static void Main(string[] args)
-  {
-    var scopes = new string[] { "User.Read" };
-
-    var application = PublicClientApplicationBuilder.Create("<clientID>")
-                      .WithLogging(Log, LogLevel.Info, true)
-                      .Build();
-
-    AuthenticationResult result = application.AcquireTokenInteractive(scopes)
-                                             .ExecuteAsync().Result;
-  }
+    public interface IIdentityLogger
+    {
+        //
+        // Summary:
+        //     Checks to see if logging is enabled at given eventLogLevel.
+        //
+        // Parameters:
+        //   eventLogLevel:
+        //     Log level of a message.
+        bool IsEnabled(EventLogLevel eventLogLevel);
+
+        //
+        // Summary:
+        //     Writes a log entry.
+        //
+        // Parameters:
+        //   entry:
+        //     Defines a structured message to be logged at the provided Microsoft.IdentityModel.Abstractions.LogEntry.EventLogLevel.
+        void Log(LogEntry entry);
+    }
 }
 ```
 
+> [!NOTE]
+> Partner libraries (`Microsoft.Identity.Web`, `Microsoft.IdentityModel`) provide implementations of this interface already for various environments (in particular ASP.NET Core)
+
+### IIdentityLogger Implementation
+
+The following code snippets are examples of such an implementation. If you use the .NET core configuration, environment variable driven logs levels can be provided for free, in addition to the configuration file based log levels.
+
+#### Log level from configuration file
+
+It's highly recommended to configure your code to use a configuration file in your environment to set the log level as it will enable your code to change the MSAL logging level without needing to rebuild or restart the application. This is critical for diagnostic purposes, enabling us to quickly gather the required logs from the application that is currently deployed and in production. Verbose logging can be costly so it's best to use the *Information* level by default and enable verbose logging when an issue is encountered. [See JSON configuration provider](https://docs.microsoft.com/aspnet/core/fundamentals/configuration#json-configuration-provider) for an example on how to load data from a configuration file without restarting the application.
+
+#### Log Level as Environment Variable
+
+Another option we recommended is to configure your code to use an environment variable on the machine to set the log level as it will enable your code to change the MSAL logging level without needing to rebuild the application. This is critical for diagnostic purposes, enabling us to quickly gather the required logs from the application that is currently deployed and in production.
+
+See [EventLogLevel](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/blob/dev/src/Microsoft.IdentityModel.Abstractions/EventLogLevel.cs) for details on the available log levels.
+
+Example: 
+
+```CSharp
+    class MyIdentityLogger : IIdentityLogger
+    {
+        public EventLogLevel MinLogLevel { get; }
+
+        public TestIdentityLogger()
+        {
+            //Try to pull the log level from an environment variable
+            var msalEnvLogLevel = Environment.GetEnvironmentVariable("MSAL_LOG_LEVEL");
+
+            if (Enum.TryParse(msalEnvLogLevel, out EventLogLevel msalLogLevel))
+            {
+                MinLogLevel = msalLogLevel;
+            }
+            else
+            {
+                //Recommended default log level
+                MinLogLevel = EventLogLevel.Informational;
+            }
+        }
+
+        public bool IsEnabled(EventLogLevel eventLogLevel)
+        {
+            return eventLogLevel <= MinLogLevel;
+        }
+
+        public void Log(LogEntry entry)
+        {
+            //Log Message here:
+            Console.WriteLine(entry.message);
+        }
+    }
+```
+
+Using `MyIdentityLogger`:
+```CSharp
+    MyIdentityLogger myLogger = new MyIdentityLogger(logLevel);
+
+    var app = ConfidentialClientApplicationBuilder
+        .Create(TestConstants.ClientId)
+        .WithClientSecret("secret")
+        .WithExperimentalFeatures() //Currently an experimental feature, will be removed soon
+        .WithLogging(myLogger, piiLogging)
+        .Build();
+```
+
 > [!TIP]
  > See the [MSAL.NET wiki](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki) for samples of MSAL.NET logging and more.
 
diff --git a/includes/active-directory-develop-error-logging-introduction.md b/includes/active-directory-develop-error-logging-introduction.md
@@ -8,19 +8,24 @@ ms.topic: include
 # Purpose:
 # Ingested by Microsoft identity platform articles in /articles/active-directory/develop/* that document error logging for the different platforms.
 ---
-The Microsoft Authentication Library (MSAL) apps generate log messages that can help diagnose issues. An app can configure logging with a few lines of code, and have custom control over the level of detail and whether or not personal and organizational data is logged. We recommend you create an MSAL logging callback and provide a way for users to submit logs when they have authentication issues.
+The Microsoft Authentication Library (MSAL) apps generate log messages that can help diagnose issues. An app can configure logging with a few lines of code, and have custom control over the level of detail and whether or not personal and organizational data is logged. We recommend you create an MSAL logging implementation and provide a way for users to submit logs when they have authentication issues.
 
 ## Logging levels
 
 MSAL provides several levels of logging detail:
 
+- LogAlways: No level filtering is done on this log level. Log messages of all levels will be logged.
+- Critical: Logs that describe an unrecoverable application or system crash, or a catastrophic failure that requires immediate attention.
 - Error: Indicates something has gone wrong and an error was generated. Used for debugging and identifying problems.
 - Warning: There hasn't necessarily been an error or failure, but are intended for diagnostics and pinpointing problems.
-- Info: MSAL will log events intended for informational purposes not necessarily intended for debugging.
-- Verbose: Default. MSAL logs the full details of library behavior.
+- Informational: MSAL will log events intended for informational purposes not necessarily intended for debugging.
+- Verbose (Default): MSAL logs the full details of library behavior.
+
+> [!NOTE]
+> Not all log levels are available for all MSAL SDK's
 
 ## Personal and organizational data
 
 By default, the MSAL logger doesn't capture any highly sensitive personal or organizational data. The library provides the option to enable logging personal and organizational data if you decide to do so.
 
-The following sections provide more details about MSAL error logging for your application.
+The following sections provide more details about MSAL error logging for your application.
