added exyus-user to IIS logs

2008-01-27 @ 18:40#

i added logging of exyus users to the IIS log today. it's a long story...

first, i decided early on *not* to use IIS authentication (Basic requires username, Digest requires Active Directory - sheesh!). so i 'rolled my own' Basic and Digest Auth. not a big deal, actually. but a side-effect of using my own auth service is that IIS no longer reports the logged in user via the cs-username element - !dang-it!

i lived with this 'feature' for a while, but it bugged me. this weekend, a person on the rest-discuss list was asking about monitoring and tracking in an HTTP/REST environment - more about how ESB systems offer lots of this and it seems likely that 'pure REST' environments do not. my response was that using HTTP/REST (esp. the use of HEAD, PUT, and DELETE along with GET and POST) actually makes your server logs much more useful. you get a very nice audit trail of activity on your server. then i dug around and found that my exyus engine failed to log user accounts [sigh]. so, i'd had it.

i decided to take advantage of a cool feature on the Windows/IIS platform that allows you to append to the IIS Log. I was able to add the following line to my AuthenticateRequest method:

if (util.GetConfigSectionItem(Constants.cfg_exyusSecurity, Constants.cfg_logExyusUser) != "false")
  app.Context.Response.AppendToLog(string.Format(" [exyus-user={0}]", user));
// logs appear like this:
// 2008-01-27 23:36:10 GET /xcs/editable/.xcs +[exyus-user=user1] 200 HTTP/1.1 

now, logged in users appear in the IIS logs. it kinda sux that the user appears as part of the cs-uri-query value in the logs and not the cs-username. but at least it now appears. of course, this can be turned on/off in the configuration for the server, too.