Skip to content

Record metrics for user account activities #52996

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
thompson-tomo opened this issue Dec 25, 2023 · 3 comments · May be fixed by #62078
Open

Record metrics for user account activities #52996

thompson-tomo opened this issue Dec 25, 2023 · 3 comments · May be fixed by #62078
Assignees
@JamesNK
Labels
area-identity Includes: Identity and providers enhancement This issue represents an ask for new feature or an enhancement to an existing one feature-observability Pillar: Dev Experience
Milestone
Backlog

Comments

@thompson-tomo
Copy link

Is there an existing issue for this?

I have searched the existing issues but can't find one

Is your feature request related to a problem? Please describe the problem.

I want to be able to quickly and efficiently perform auditing of user sessions using my standard tools ie elk

Describe the solution you'd like

A metric measurement is recorded based on the key user actions

  • Login
  • Logout
  • Refresh
  • Create, Update & delete user (including group/role assignment)
  • Create, Update & delete group
  • Create, Update & delete role

Additional context

No response
@ghost ghost added the needs-area-label Used by the dotnet-issue-labeler to label those issues which couldn't be triaged automatically label Dec 25, 2023
@gfoidl gfoidl added area-identity Includes: Identity and providers and removed needs-area-label Used by the dotnet-issue-labeler to label those issues which couldn't be triaged automatically labels Dec 25, 2023
@mkArtakMSFT mkArtakMSFT added enhancement This issue represents an ask for new feature or an enhancement to an existing one feature-observability labels Jan 17, 2024
@mkArtakMSFT mkArtakMSFT added this to the .NET 9 Planning milestone Jan 17, 2024
@ghost
Copy link

ghost commented Jan 17, 2024

Thanks for contacting us.

We're moving this issue to the .NET 9 Planning milestone for future evaluation / consideration. We would like to keep this around to collect more feedback, which can help us with prioritizing this work. We will re-evaluate this issue, during our next planning meeting(s).
If we later determine, that the issue has no community involvement, or it's very rare and low-impact issue, we will close it - so that the team can focus on more important and high impact issues.
To learn more about what to expect next and how this issue will be handled you can read more about our triage process here.

@dotnet-policy-service dotnet-policy-service bot added the pending-ci-rerun When assigned to a PR indicates that the CI checks should be rerun label Feb 6, 2024
@wtgodbe wtgodbe removed the pending-ci-rerun When assigned to a PR indicates that the CI checks should be rerun label Feb 6, 2024
@dotnet-policy-service dotnet-policy-service bot added the pending-ci-rerun When assigned to a PR indicates that the CI checks should be rerun label Feb 6, 2024
@thompson-tomo thompson-tomo mentioned this issue Feb 10, 2024
Open
@wtgodbe wtgodbe removed the pending-ci-rerun When assigned to a PR indicates that the CI checks should be rerun label Feb 13, 2024
@dotnet dotnet deleted a comment from dotnet-policy-service bot Feb 13, 2024
@dotnet dotnet deleted a comment from dotnet-policy-service bot Feb 13, 2024
@mkArtakMSFT mkArtakMSFT modified the milestones: .NET 9 Planning, Backlog Mar 11, 2024
@halter73
Copy link
Member

halter73 commented Mar 6, 2025

Are “groups” and “roles” different concepts? ​

I think the most natural place to put the user and role CRUD telemetry would be in Identity’s UserManager and RoleManager classes. There are many other ways to update the Identity database without going through those Manager classes, but at that point I’d say you’re on your own for this kind of telemetry. Same goes if you’re not using Identity.

As far as updates go, are there any particular updates we’re interested in? Since Identity makes the TUser and TRole generic parameters, it’s hard for us to efficiently know exactly what is updated during a user update.

We could go out of our way to check whether certain things like user name, email, password, security stamp, phone number, email confirmation status, roles, claims, etc… have been updated, but doing so would require a separate query to the store for each property. While this is generally fast for the EF stores since they just read properties from TUser and TRole, that’s not guaranteed to be the case for every store.

@thompson-tomo
Copy link
Author

To me yes groups & roles are different concepts especially as we use them for different things.

I agree with your thoughts about the most natural place to be triggered the generation of metrics and that it is only available to users using Identity.

In terms of updates I am not interested in implementing a change log persee but rather a journal of which entity is being changed, the type of entity & action type. Suggest checking the otel schematics for fields and also check the Elastic common schema fields which are being incorporated into otel.

@JamesNK JamesNK self-assigned this May 23, 2025
@JamesNK JamesNK linked a pull request May 23, 2025 that will close this issue
Draft
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@JamesNK JamesNK

Labels
area-identity Includes: Identity and providers enhancement This issue represents an ask for new feature or an enhancement to an existing one feature-observability Pillar: Dev Experience
Projects
None yet
Milestone
Backlog
Development

Successfully merging a pull request may close this issue.

Add metrics to Identity dotnet/aspnetcore
6 participants
@halter73 @JamesNK @gfoidl @wtgodbe @thompson-tomo @mkArtakMSFT