I've read several articles about logging in an Azure Website but I cannot make my final decision. My big question is to use or not to use a 3rd party library for logging.
I see that the built in diagnostics functionality is quite good. I could use it to create debug logs like "Xyz with ID [x] was created by User [abc]..." and store these along with trace messages in an Azure table storage, but I'm not sure that this will serve me long enough. On the other hand, I think that using both the built in tracing and NLog for example, is a little overkill.
Any experiences/suggestions on this topic?
You can use NLog or similar library and add a sink that writes to System.Diagnostics.Trace.
This way you can enjoy both worlds, on one hand it's easy to direct these logs to file/blob/table where you can change log level on the fly from the portal (it will not restart your website) and on the other you can enjoy the benefits of those third party libraries.
Azure Application Insights is another great way to do logging in Azure Websites. See here.
There is also ELMAH that you can nuget into your site.
Choosing the right logging approach depends a lot on what exactly you want from your logging. For ASP.NET, it always helps if the log is "REQUEST BASED" rather than just a plain TEXT file which contains all the events. There are many different logging frameworks available but I want to highlight one which is an "out of box" feature and works really well if you want to measure performance of a request and if you want your tracing to be request based. I am basically talking about the old Trace.Write in ASP.NET. With the following configuration in your web.config, your ASP.NET trace events will be logged in to FREB whenever FREB tracing is enabled.
<system.web>
<trace enabled="true" pageOutput="false" requestLimit="10000" writeToDiagnosticsTrace="true" />
</system.web>
<system.diagnostics>
<sharedListeners>
<add name="System.Net.IISETW" type="System.Web.IisTraceListener,System.Web,version=4.0.0.0,Culture=neutral,PublicKeyToken=b03f5f7f11d50a3a" />
</sharedListeners>
<trace autoflush="true" />
</system.diagnostics>
This way when you enable failed request tracing as mentioned here, your custom events will start showing up in the FREB traces and you can see how much time is spent in between each event and this gives you a good way of identify how much time is spent in your request execution.
hope this helps !!!
Related
I'm trying to implement Asp.Net Identity 2.0 (OWIN) in an existing application and I'm having all sorts of trouble when it comes to roles. I created a sample project from the project template and (as far as I can tell) I've copied everything from there into my application. I modified the connection information so the authentication tables come from my own Sql database instead of the default local DB.
Everything seems to work great. The tables are initialized (created) upon start-up and I can create a new user, assign a role to that user, and log in as that user. But when I attempt to check if the user is in a particular role I get an exception indicating a problem locating the local database. Well that would be because I'm not using the local DB. So why would my application be looking for roles in the (non-existent) local DB?
To rule out weirdness in my Sql instance, I changed the connection data of the sample app so that it points my DB and ran it. I can log in using the user I created in my application and can even poll the user for the role in question successfully. I confirmed this by examining the tables directly and verified the user, role, and user-role association were all there.
Here's what I did notice though. When I run the sample app the user is an instance of System.Security.Claims.ClaimsPrincipal. But when I run my app the user is an instance of System.Web.Security.RolePrincipal.
So, what did I miss? Why is my app returning a RolePrincipal instead of ClaimsPrincipal? Where could I look for clues?
I'm pulling my hair out on this and I don't have much left! Any help would be greatly appreciated.
What is happening is your old application is still hooking up to the old membership code. A few checklist items should bring you back...
Make sure FormsAuthenticationModule is removed (Since MVC5 no longer uses it)
<modules>
<remove name="FormsAuthenticationModule" />
</modules>
Make sure SimpleMembership is turned off (or alternatively just delete it)
<add key="enableSimpleMembership" value="false"/>
And the most important part is to delete references to WebMatrix (no longer used in MVC 5). WebMatrix will automatically register pre-application startup methods that will "attempt" to provide membership services to your project. See here for details
I had to remove RoleManager as well:
<modules>
<remove name="FormsAuthentication" />
<remove name="RoleManager" />
</modules>
I have a pretty standard asp.net web api set up with get post put and delete. I am hosting on discountasp.net. Works great for all verbs on localhost, when I deploy, only get and post are working. I have read just about every question regarding this topic, I have made sure that WebDav is disabled, and make sure my handler mappings are accepting the right verbs, and I and STILL get a 405 error.
Anyone know what the problem might be? It is mvc4 asp.net web api, pretty much out of the box, and I am using ajax on a single cshtml page to interact with all the verbs. My web server is iis7.
So turns out it was a simple web.config change. Dont know why alot of the walkthroughs had me going into iis and messing with handlers and all that good stuff. I added this to the modules section of web.config and it works like a charm now:
<system.webServer>
<modules … >
<remove name="WebDAVModule" />
……
</modules>
We have one module which does internal redirection to real aspx pages. He is also in charge for directly serving cached/compressed HTML/txt/cs/js output to client.
Here is how web.config looks like for modules section:
<modules runAllManagedModulesForAllRequests="True">
<remove name="RequestInterceptor" />
<add type="Lib.Request.RequestInterceptor" name="RequestInterceptor" />
<remove name="Session" />
<add type="System.Web.SessionState.SessionStateModule" name="Session" />
</modules>
Basic authentication is turned on on IIS7. When first visitor comes to site login popup shows and he is correctly authenticated, and then pages which he visits get cached.
When next visitor comes authentication pop up doesn't show up, unless he visits a page which was not visited by previous visitor (page that is not cached). Once the cache has expired, authentication works again until the page content gets cached, and so on.
Is there a way to force authentication for every visitor? Maybe we need to add basic authentication module to module section of web.config (how to do that)?
Thanks in advance.
Cheers
While searching for an answer to a related question I came across this post:
Don't use runAllManagedModulesForAllRequests="true" when getting your MVC routing to work
It seems to be common advice to make your modules section of your
web.config say . In
fact this is quite a drastic thing to do to solve the routing problem
and has global effects that could CAUSE ERRORS. ... This highly
recommended fix can cause other problems. These problems come in the
form of making all your registered HTTP modules run on every request,
not just managed requests (e.g. .aspx). This means modules will run on
ever .jpg .gif .css .html .pdf etc.
And, while I'm not using MVC in my WCF REST Service, it did fix my (other) problem and this advice against inappropriate or overuse of runAllManagedModulesForAllRequests may be warranted.
Because httpmodule intercepts each request, server is not able to map appropriate handler for static files, dynamic files, and among others secuirty authentication.
I have an aspnet webapp which has worked very well up until now.
I was recently asked to explore ways of making it scale better.
I found that seperation of database and Webapp would help.
Further I was told that if I changed my session providing mechanism to SQLServer, I would be able to duplicate the Web Stack to several machines which could each call back to the state server allowing the load to be distirbuted better.
This sounds logical. So I created an ASPState database using ASPNet_RegSQL.exe as detailed in many locations across the web and changed the web.config on my app from:
<sessionState mode="InProc" cookieless="false" timeout="20" />
To:
<sessionState mode="SQLServer"
sqlConnectionString="Server=SomeSQLServer;user=SomeUser;password=SomePassword"
cookieless="false" timeout="20" />
Then I addressed my app, which presented me with its logon screen and I duly logged in.
Once in I was presented, with a page that was not with the page I was expecting.
I can change the sessionstate back and forth. This problem goes away and then comes back based on which set of configuration I use.
Why is this happening?
Nice error Dude :)
Probably a red-herring, but what are you storing in Session state?
When you move from InProc to SQL Server, the stuff you store in SQL must be Serializable (I think)
Use Fiddler to see what's really going on over the wire. To me it looks like your app is sending back an image when the browser is expecting HTML.
What is the fastest way to execute a method on an ASP.NET website?
The scenario is pretty simple: I have a method which should be executed when a web page is hit. Nothing else is happening on the page, the only rendered output is a "done" message. I want the processing to be as fast as possible.
Every single hit is unique, so caching is not an option.
My plan is to use an HttpHandler and configure it in web.config (mypage.ashx) rather than a regular .aspx page. This should reduce the overhead significantly.
So my question is really: Is there a faster way to accomplish this than using HttpHandlers?
Depending on what you're doing, I wouldn't expect to see a lot of improvement over just using an HttpHandler. I'd start by just writing the HttpHandler and seeing how it performs. If you need it to be faster, try looking more closely at the things you're actually doing while processing the request and seeing what can be optimized. For example, if you're doing any logging to a database, try writing to a local database instead of across a network. If it's still not fast enough, then maybe look into writing something lower level. Until that point though, I'd stick with whatever's easiest for you to write.
For reference, I've written an ad server in ASP.NET (using HttpHandlers) that can serve an ad (including targeting and logging the impression to a local database) in 0-15ms under load. I thought I was doing quite a bit of processing - but that's a pretty good response time IMHO.
Update after several months:
If you clear all the HttpModules that are included by default, this will remove a fair amount of overhead. By default, the following HttpModules are included in every site via the machine-level web.config file:
OutputCache
Session (for session state)
WindowsAuthentication
FormsAuthentication
PassportAuthentication
RoleManager
UrlAuthorization
FileAuthorization
AnonymousIdentification
Profile
ErrorHandler
ServiceModel
Like I said above, my ad server doesn't use any of these, so I've just done this in that app's web.config:
<httpModules>
<clear />
</httpModules>
If you need some of those, but not all, you can remove the ones you don't need:
<httpModules>
<remove name="PassportAuthentication" />
<remove name="Session" />
</httpModules>
ASP.NET MVC Note: ASP.NET MVC requires the session state module unless you do something specific to workaround it. See this question for more information: How can I disable session state in ASP.NET MVC?
Update for IIS7: Unfortunately, things aren't quite as simple in IIS7. Here is how to clear HTTP Modules in IIS7
I'm not sure what your exact scenario is, but if all your page is doing is processing some data, you don't really need an aspx page or an http handler at all. You could write an ASMX web service or WCF service to do what you need and this would most likely be less overhead. The WCF service doesn't even have to be hosted in ASP.NET. You can host it from a Windows service or console app, and call it in-proc using named pipes. This would probably reduce the overhead for calling the data processing code significantly.
If you really have to use asp.net, you can also just hook into AuthorizeRequest step and intercept the request from there, do your processing and write your Done response directly.