Logging requests and responses in ASP.NET Core

By FoxLearn 2/4/2025 8:44:37 AM   11
In ASP.NET Core, logging HTTP requests and responses is a crucial aspect of monitoring and debugging applications.

The simplest way to achieve this is by utilizing the HTTP Logging middleware, introduced in version 6. This middleware is highly configurable, allowing you to tailor it to your needs. However, if you require more control over the logging process, you can create your own middleware.

Using the HTTP Logging Middleware

To use the built-in HTTP Logging middleware, you simply need to call the UseHttpLogging() method in your application initialization code.

var app = builder.Build();
app.UseHttpLogging();

Once this is set up, you also need to configure logging settings in the appsettings.json file to specify the log level for the middleware:

{
  "Logging": {
    "LogLevel": {
      "Default": "Information",
      "Microsoft.AspNetCore": "Warning",
      "Microsoft.AspNetCore.HttpLogging.HttpLoggingMiddleware": "Information"
    }
  },
  "AllowedHosts": "*"
}

After setting this up, sending a request will result in logs like the following:

Request:

info: Microsoft.AspNetCore.HttpLogging.HttpLoggingMiddleware[1]
      Request:
      Protocol: HTTP/1.1
      Method: GET
      Scheme: https
      Path: /weatherforecast
      Accept: */*
      Host: localhost:7291
      User-Agent: PostmanRuntime/7.29.2
      ...other headers...

Response:

info: Microsoft.AspNetCore.HttpLogging.HttpLoggingMiddleware[2]
      Response:
      StatusCode: 200
      Content-Type: application/json; charset=utf-8
      Date: Wed, 31 Aug 2022 14:04:17 GMT
      Server: Kestrel

Configuring What Gets Logged

By default, the HTTP Logging middleware logs key details, including:

  • Request: Method, path, protocol, and headers
  • Response: Status code and headers

However, you can fine-tune this by adjusting the HttpLoggingOptions settings. For example, if you want to log only the request path/method and the response status code, you can configure it like this:

using Microsoft.AspNetCore.HttpLogging;

var builder = WebApplication.CreateBuilder(args);

builder.Services.AddHttpLogging(httpLoggingOptions =>
{
    httpLoggingOptions.LoggingFields =
        HttpLoggingFields.RequestPath |
        HttpLoggingFields.RequestMethod |
        HttpLoggingFields.ResponseStatusCode;
});

This configuration will log only the specified fields, which in this case results in logs that look like this:

info: Microsoft.AspNetCore.HttpLogging.HttpLoggingMiddleware[1]
      Request:
      Method: GET
      Path: /weatherforecast

info: Microsoft.AspNetCore.HttpLogging.HttpLoggingMiddleware[2]
      Response:
      StatusCode: 200

Request/Response Headers

When logging request/response headers, the middleware hides sensitive values by default, logging header names with the placeholder [Redacted]. To include the actual values of specific headers, you need to explicitly opt-in for them.

You can achieve this by adding the desired headers to the HttpLoggingOptions.RequestHeaders or HttpLoggingOptions.ResponseHeaders collections. For instance, if you want to log a custom request header called IsTest, you can configure it like this:

builder.Services.AddHttpLogging(opts =>
{
    opts.RequestHeaders.Add("IsTest");
});

With this configuration, the actual value of the IsTest header will be logged, as shown below:

info: Microsoft.AspNetCore.HttpLogging.HttpLoggingMiddleware[1]
      Request:
      IsTest: true
      ...other headers...

If you hadn't added IsTest to the RequestHeaders, it would appear as [Redacted] in the logs.

This mechanism is designed with security in mind, preventing accidental exposure of sensitive information while still offering the flexibility to log what you need.

Default Headers Logged

The HTTP Logging middleware automatically logs several common headers. You don’t need to explicitly add them to the RequestHeaders or ResponseHeaders collections. The default headers include:

Request Headers:

  • Accept
  • Accept-Encoding
  • User-Agent
  • Host
  • Content-Type
  • Connection
  • Cache-Control
  • And more...

Response Headers:

  • Content-Type
  • Content-Length
  • Date
  • Server
  • X-Powered-By
  • And more...

If you prefer not to log a default header, you can easily remove it from the configuration. For example, to prevent the User-Agent header from being logged, you can configure it like this:

builder.Services.AddHttpLogging(httpLoggingOptions =>
{
    httpLoggingOptions.RequestHeaders.Remove("User-Agent");
});

You can also clear all default headers by calling httpLoggingOptions.RequestHeaders.Clear(). With this, any header not explicitly configured will have its value logged as [Redacted].

Logging HTTP requests and responses in ASP.NET Core is made easy with the HTTP Logging middleware, which allows you to log essential information such as headers and status codes.

Related

Categories

Popular Posts

Entity Framework Code First vs Database First vs Model First Approach
Entity Framework Code First vs Database First vs Model First Approach
 12/19/2024
Regal Admin Dashboard Template
Regal Admin Dashboard Template
 11/18/2024
Horizon MUI Admin Dashboard Template
Horizon MUI Admin Dashboard Template
 11/18/2024
How to secure ASP.NET Core with NWebSec
How to secure ASP.NET Core with NWebSec
 11/07/2024
Responsive Animated Login Form
Responsive Animated Login Form
 11/11/2024

Copyright © 2016 - 2025 FoxLearn. All Rights Reserved

Home | Donate | About | Contact | Privacy Policy