Turn on WCF Server Security Event Logging & Auditing

http://intrepiddeveloper.wordpress.com/2008/08/07/security-event-logging-auditing/

Posted by intrepiddeveloper on August 7, 2008

Few days ago I was trying to debug a WCF service hosted on a remote server which was giving a very generic boilerplate security exceptions/faults. After scratching my head for sometime I decided to figure out how to enable logging these security exceptions on the server. I think for debugging purposes this is a great tool and should be the first step when hunting down an elusive bug.

Its actually pretty straight forward to enable Security event auditing in WCF. You simply need to enable this in the configuration of the service.

view source

print?

1<configuration>

2    <system .serviceModel>

3      <behaviors>

4        <behavior>

5          <servicesecurityaudit auditLogLocation="Application" serviceAuthorizationAuditLevel="Failure"messageAuthenticationAuditLevel="Failure" suppressAuditFailure="true" />

6        </behavior>

7      </behaviors>

8    </system>

9  </configuration>

‘auditLogLocation‘ specifies which log to write to with possible values Default, Application and Security.

‘messageAuthenticationAuditLevel‘  & ‘serviceAuthorizationAuditLevel‘ indicated when to log the event i.e. on None ,Failure ,Success and SuccessOrFailure for message and service authorization respectively.

‘suppressAuditFailure‘ basically defines who (i.e. the service or the system) handles a AuditFailure event (like unable to write to log or log is full, etc). In case of true Audit Failures are ignored and request is processed normally.

In the Event Viewer note the source is listed as ServiceModel and message related information is logged in an un-encrypted form.