Added HttpLogging enrichment and redaction sample (#148)

* Added HttpLogging enrichment and redaction sample

* Renamed project folder

* Edit a comment

* Use types from Shared folder

* Use default route to map to home/index using optional route values

* Added README

* Fix README

* Add filtering for Microsoft.Hosting.Lifetime logs

* PR comments

* PR comments

Author: iliar-turdushev

Samples.sln

@@ -40,6 +40,10 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "HttpClientLogging", "HttpCl
 EndProject
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "HttpClientLogging", "src\Telemetry\Logging\HttpClientLogging\HttpClientLogging.csproj", "{A8922F1D-0A30-45DA-ADD2-927455CB6549}"
 EndProject
+Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "HttpLogging", "HttpLogging", "{175F98E5-AFE8-4978-A512-EB84AD660208}"
+EndProject
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "HttpLogging", "src\Telemetry\Logging\HttpLogging\HttpLogging.csproj", "{931A6585-1085-4185-AE12-78BBA87F2A73}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@@ -66,6 +70,10 @@ Global
 		{A8922F1D-0A30-45DA-ADD2-927455CB6549}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{A8922F1D-0A30-45DA-ADD2-927455CB6549}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{A8922F1D-0A30-45DA-ADD2-927455CB6549}.Release|Any CPU.Build.0 = Release|Any CPU
+		{931A6585-1085-4185-AE12-78BBA87F2A73}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{931A6585-1085-4185-AE12-78BBA87F2A73}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{931A6585-1085-4185-AE12-78BBA87F2A73}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{931A6585-1085-4185-AE12-78BBA87F2A73}.Release|Any CPU.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
@@ -83,6 +91,8 @@ Global
 		{75034993-150B-4940-B633-4FEF73E30401} = {2B4A9009-DB4D-497A-BA1A-23A18EBC32E8}
 		{01EA865B-B3B0-4A2F-8361-8E59C004653B} = {248CB37C-2412-4231-96C0-092413C10D4B}
 		{A8922F1D-0A30-45DA-ADD2-927455CB6549} = {01EA865B-B3B0-4A2F-8361-8E59C004653B}
+		{175F98E5-AFE8-4978-A512-EB84AD660208} = {248CB37C-2412-4231-96C0-092413C10D4B}
+		{931A6585-1085-4185-AE12-78BBA87F2A73} = {175F98E5-AFE8-4978-A512-EB84AD660208}
 	EndGlobalSection
 	GlobalSection(ExtensibilityGlobals) = postSolution
 		SolutionGuid = {6083D400-BF26-4ACE-86A8-778D26A8FA6A}

src/Telemetry/Logging/HttpLogging/Controllers/ChatController.cs

@@ -0,0 +1,59 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Mvc;
+using Shared.Compliance;
+
+namespace HttpLogging.Controllers;
+
+[ApiController]
+[Route("api/chats")]
+public class ChatController : ControllerBase
+{
+    // Data classification for "chatId" parameter will be taken from
+    // LoggingRedactionOptions.RouteParameterDataClasses configured in Startup.cs.
+    // "chatId" is private data, thus it's value will be redacted.
+    [HttpGet("{chatId}")]
+    public string GetChat(string chatId)
+    {
+        AddSensitiveHeader(Response);
+        return $"Getting chat info...";
+    }
+
+    // You can use attributes to specify data classification for parameters.
+    // "memberId" is private data, thus it's value will be redacted.
+    [HttpGet("{chatId}/members/{memberId}")]
+    public string GetChatMember(string chatId, [PrivateData] string memberId)
+    {
+        AddSensitiveHeader(Response);
+        return "Getting chat member info...";
+    }
+
+    // Data classification for "messageId" is configured in Startup.cs.
+    // "messageId" is public data, thus it's value will be logged as-is.
+    [HttpGet("{chatId}/messages/{messageId}")]
+    public string GetChatMessage(string chatId, string messageId)
+    {
+        AddSensitiveHeader(Response);
+        return "Getting chat message info...";
+    }
+
+    // Data classification for "attachmentId" is not specified neither in Startup.cs
+    // nor using data classification attributes.
+    // If a route parameter doesn't have data classification, then the property
+    // LoggingRedactionOptions.RequestPathParameterRedactionMode defines how
+    // it will be redacted.
+    [HttpGet("{chatId}/attachments/{attachmentId}")]
+    public string GetChatAttachment(string chatId, string attachmentId)
+    {
+        AddSensitiveHeader(Response);
+        return "Getting chat attachment info...";
+    }
+
+    // Here we add a sensitive header to the response to demonstrate how it will be redacted.
+    private static void AddSensitiveHeader(HttpResponse response)
+    {
+        response.Headers.Append("SensitiveHeader", "Sensitive header value");
+    }
+}

src/Telemetry/Logging/HttpLogging/Controllers/HomeController.cs

@@ -0,0 +1,18 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+using Microsoft.AspNetCore.Mvc;
+
+namespace HttpLogging.Controllers;
+
+[ApiController]
+[Route("[controller]/[action]")]
+public class HomeController : ControllerBase
+{
+    // HTTP requests to /home/index will not be logged, because it is excluded from logging
+    // using LoggingRedactionOptions.ExcludePathStartsWith property. See Startup.cs.
+    public string Index()
+    {
+        return "Learn about dotnet/extensions: https://github.com/dotnet/extensions";
+    }
+}

src/Telemetry/Logging/HttpLogging/Enrichment/HttpLogEnricher.cs

@@ -0,0 +1,20 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+using Microsoft.AspNetCore.Diagnostics.Logging;
+using Microsoft.AspNetCore.Http;
+using Microsoft.Extensions.Diagnostics.Enrichment;
+
+namespace HttpLogging.Enrichment;
+
+#pragma warning disable EXTEXP0013 // Type is for evaluation purposes only and is subject to change or removal in future updates
+// HTTP log enrichers are used to add additional information to the HTTP logs.
+internal sealed class HttpLogEnricher : IHttpLogEnricher
+#pragma warning restore EXTEXP0013 // Type is for evaluation purposes only and is subject to change or removal in future updates
+{
+    public void Enrich(IEnrichmentTagCollector collector, HttpContext httpContext)
+    {
+        // Add additional information to the HTTP logs so that they will have more value.
+        collector.Add("Response.Headers.Count", httpContext.Response.Headers.Count);
+    }
+}

src/Telemetry/Logging/HttpLogging/HttpLogging.csproj

@@ -0,0 +1,14 @@
+<Project Sdk="Microsoft.NET.Sdk.Web">
+
+  <PropertyGroup>
+    <Description>Demonstrates how to use HTTP logging enrichment and redaction.</Description>
+    <OutputType>Exe</OutputType>
+    <TargetFrameworks>$(LatestTargetFramework)</TargetFrameworks>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <PackageReference Include="Microsoft.AspNetCore.Diagnostics.Middleware" Version="$(MicrosoftAspNetCoreDiagnosticsMiddlewareVersion)" />
+    <PackageReference Include="Microsoft.Extensions.Compliance.Redaction" Version="$(MicrosoftExtensionsComplianceRedactionVersion)" />
+  </ItemGroup>
+
+</Project>

src/Telemetry/Logging/HttpLogging/Program.cs

@@ -0,0 +1,39 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+using System.Text.Json;
+using Microsoft.AspNetCore.Hosting;
+using Microsoft.Extensions.Hosting;
+using Microsoft.Extensions.Logging;
+
+namespace HttpLogging;
+
+internal static class Program
+{
+    public static void Main(string[] args)
+    {
+        CreateHostBuilder(args).Build().Run();
+    }
+
+    public static IHostBuilder CreateHostBuilder(string[] args)
+    {
+        return Host.CreateDefaultBuilder(args)
+            .ConfigureLogging(builder =>
+            {
+                _ = builder.ClearProviders();
+
+                _ = builder
+                    .AddJsonConsole(options =>
+                    {
+                        options.JsonWriterOptions = new JsonWriterOptions
+                        {
+                            Indented = true
+                        };
+                    });
+            })
+            .ConfigureWebHostDefaults(builder =>
+            {
+                _ = builder.UseStartup<Startup>();
+            });
+    }
+}

src/Telemetry/Logging/HttpLogging/README.md

@@ -0,0 +1,31 @@
+# HTTP Logging enrichment and redaction
+
+This sample shows how to extend [ASP.NET Core HTTP logging](https://learn.microsoft.com/en-us/aspnet/core/fundamentals/http-logging)
+with [enrichment and redaction capabilities](https://github.com/dotnet/extensions/blob/main/src/Libraries/Microsoft.AspNetCore.Diagnostics.Middleware/README.md#http-request-logs-enrichment-and-redaction).
+Enrichment allows to add additional information to the log messages, while redaction
+allows to remove sensitive information from the log messages.
+
+The sample exposes a couple of HTTP URLs that demonstrate how extended HTTP logging functionality works:
+
+* HTTP routes
+
+    * `/api/chats/{chatId}`
+    * `/api/chats/{chatId}/members/{memberId}`
+    * `/api/chats/{chatId}/messages/{messageId}`
+    * `/api/chats/{chatId}/attachments/{attachmentId}`
+
+    demonstrate how to redact values of sensitive HTTP route parameters in a compliant manner. Also, when you
+    navigate to each of these HTTP endpoints, the log message information is enriched with additional data.
+
+* HTTP URL `/home/index` demonstrates how to exclude certain HTTP paths from being logged.
+
+Navigate to each of these HTTP URLs and see how extended HTTP logging functionality works.
+
+For more information, see the source code of the sample.
+
+Useful links:
+
+* [ASP.NET Core HTTP logging](https://learn.microsoft.com/en-us/aspnet/core/fundamentals/http-logging)
+* [Extended HTTP logging functionality](https://github.com/dotnet/extensions/blob/main/src/Libraries/Microsoft.AspNetCore.Diagnostics.Middleware/README.md#http-request-logs-enrichment-and-redaction)
+* [Abstractions to classify compliance sensitive data](https://github.com/dotnet/extensions/blob/main/src/Libraries/Microsoft.Extensions.Compliance.Abstractions/README.md)
+* [Implementation of a couple of data redaction algorithms](https://github.com/dotnet/extensions/blob/main/src/Libraries/Microsoft.Extensions.Compliance.Redaction/README.md)

src/Telemetry/Logging/HttpLogging/Startup.cs

@@ -0,0 +1,80 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+using HttpLogging.Enrichment;
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Diagnostics.Logging;
+using Microsoft.Extensions.Compliance.Classification;
+using Microsoft.Extensions.Compliance.Redaction;
+using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.Http.Diagnostics;
+using Microsoft.Net.Http.Headers;
+using Shared.Compliance;
+
+namespace HttpLogging;
+
+internal sealed class Startup
+{
+    public static void ConfigureServices(IServiceCollection services)
+    {
+        _ = services
+            .AddRouting()
+            .AddControllers();
+
+        // Here we register ASP.NET Core HTTP logging. You can configure HTTP logging by
+        // providing a delegate that configures HttpLoggingOptions.
+        _ = services.AddHttpLogging(_ => { });
+
+        // Here we register HttpLogEnricher to enrich HTTP logs with additional information.
+        _ = services.AddHttpLogEnricher<HttpLogEnricher>();
+
+        // Here we register HTTP log redaction. Redaction is applied to HTTP route parameters,
+        // request and response headers.
+        _ = services.AddHttpLoggingRedaction(options =>
+        {
+            // Here we specify a strategy for logging HTTP request paths. "Formatted" means that
+            // the path will contain actual values of route parameters.
+            options.RequestPathLoggingMode = IncomingPathLoggingMode.Formatted;
+
+            // Here we specify how to treat HTTP route parameters.
+            // "Strict" means that all route parameters are considered as sensitive.
+            options.RequestPathParameterRedactionMode = HttpRouteParameterRedactionMode.Strict;
+
+            // Here we specify which HTTP paths we want to exclude from logging.
+            // We can exclude, for example, health check endpoints, "favicon.ico", etc.
+            options.ExcludePathStartsWith.Add("/home");
+
+            // Here we specify data classification for HTTP route parameters:
+            options.RouteParameterDataClasses.Add("chatId", DataTaxonomy.PrivateData);
+            options.RouteParameterDataClasses.Add("messageId", DataTaxonomy.PublicData);
+
+            // Data classification for request headers:
+            options.RequestHeadersDataClasses.Add(HeaderNames.UserAgent, DataTaxonomy.PrivateData);
+            options.RequestHeadersDataClasses.Add(HeaderNames.Accept, DataTaxonomy.PublicData);
+
+            // Data classification for response headers:
+            options.ResponseHeadersDataClasses.Add("SensitiveHeader", DataTaxonomy.PrivateData);
+            options.ResponseHeadersDataClasses.Add(HeaderNames.ContentType, DataTaxonomy.PublicData);
+        });
+
+        // We need to register a redactor that will handle all sensitive data.
+        // Here for the sake of showing redaction functionality we use "StarRedactor" and "NullRedactor" redactors.
+        // In a real world scenario you would use the one that suits your needs (e.g. HMAC redactor).
+        _ = services.AddRedaction(builder =>
+        {
+            _ = builder.SetRedactor<StarRedactor>(new DataClassificationSet(DataTaxonomy.PrivateData));
+            _ = builder.SetRedactor<NullRedactor>(new DataClassificationSet(DataTaxonomy.PublicData));
+        });
+    }
+
+    public static void Configure(IApplicationBuilder app)
+    {
+        _ = app.UseRouting();
+
+        // Be aware that http request logging should be low in stack,
+        // as different middlewares may feed HTTP request with data that you want to log.
+        _ = app.UseHttpLogging();
+
+        _ = app.UseEndpoints(endpoints => endpoints.MapControllers());
+    }
+}

src/Telemetry/Logging/HttpLogging/appsettings.json

@@ -0,0 +1,11 @@
+{
+  "Logging": {
+    "LogLevel": {
+      "Microsoft.AspNetCore": "Warning",
+      "Microsoft.Hosting": "Warning",
+      "Microsoft.Hosting.Lifetime": "Information",
+      "Microsoft.AspNetCore.HttpLogging.HttpLoggingMiddleware": "Information"
+    }
+  },
+  "AllowedHosts": "*"
+}