Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[API Proposal]: AuthN/AuthZ metrics #59818

Open
MackinnonBuck opened this issue Jan 10, 2025 · 1 comment
Open

[API Proposal]: AuthN/AuthZ metrics #59818

MackinnonBuck opened this issue Jan 10, 2025 · 1 comment
Assignees
@MackinnonBuck
Labels
api-ready-for-review API is ready for formal API review - https://github.com/dotnet/apireviews area-auth Includes: Authn, Authz, OAuth, OIDC, Bearer feature-authentication
Milestone
10.0-preview1

Comments

@MackinnonBuck
Copy link
Member

Background and Motivation

This is a collection of metrics for ASP.NET Core Authentication and Authorization.

Implemented in #59557.

Proposed API

Microsoft.AspNetCore.Authentication

aspnetcore.authentication.request.duration

Name Instrument Type Unit Description
aspnetcore.authentication.request.duration Histogram {request} The authentication duration for a request.
Attribute Type Description Examples Presence
aspnetcore.authentication.scheme string The name of the authentication scheme. Bearer; Cookies Conditionally Required if the request did not end with an error
aspnetcore.authentication.result string The authentication result. success; failure; none; _OTHER Conditionally Required if the request did not end with an error
error.type string The full name of the exception type. System.InvalidOperationException; Contoso.MyException Conditionally Required if the request has ended with an error

aspnetcore.authentication.challenges

Name Instrument Type Unit Description
aspnetcore.authentication.challenges Counter {request} The total number of times a scheme is challenged.
Attribute Type Description Examples Presence
aspnetcore.authentication.scheme string The name of the authentication scheme. Bearer; Cookies Conditionally Required if the request did not end with an error
error.type string The full name of the exception type. System.InvalidOperationException; Contoso.MyException Conditionally Required if the request has ended with an error

aspnetcore.authentication.forbids

Name Instrument Type Unit Description
aspnetcore.authentication.forbids Counter {request} The total number of times an authenticated user attempts to access a resources they are not permitted to access.
Attribute Type Description Examples Presence
aspnetcore.authentication.scheme string The name of the authentication scheme. Bearer; Cookies Conditionally Required if the request did not end with an error
error.type string The full name of the exception type. System.InvalidOperationException; Contoso.MyException Conditionally Required if the request has ended with an error

aspnetcore.authentication.sign_ins

Name Instrument Type Unit Description
aspnetcore.authentication.sign_ins Counter {request} The total number of times a principal is signed in.
Attribute Type Description Examples Presence
aspnetcore.authentication.scheme string The name of the authentication scheme. Bearer; Cookies Conditionally Required if the request did not end with an error
error.type string The full name of the exception type. System.InvalidOperationException; Contoso.MyException Conditionally Required if the request has ended with an error

aspnetcore.authentication.sign_outs

Name Instrument Type Unit Description
aspnetcore.authentication.sign_ins Counter {request} The total number of times a scheme is signed out.
Attribute Type Description Examples Presence
aspnetcore.authentication.scheme string The name of the authentication scheme. Bearer; Cookies Conditionally Required if the request did not end with an error
error.type string The full name of the exception type. System.InvalidOperationException; Contoso.MyException Conditionally Required if the request has ended with an error

Microsoft.AspNetCore.Authorization

aspnetcore.authentication.requests

Name Instrument Type Unit Description
aspnetcore.authentication.requests Counter {request} The total number of requests for which authorization was attempted.
Attribute Type Description Examples Presence
user.is_authenticated boolean Whether the request came from an authenticated user true Required
aspnetcore.authorization.policy string The name of the authorization policy. AtLeast21; EmployeeOnly Conditionally required if an authorization policy is used
aspnetcore.authorization.result string Whether the authorization succeeded or failed. success; failure Conditionally Required if an exception is not thrown during authorization
error.type string The full name of the exception type. System.InvalidOperationException; Contoso.MyException Conditionally Required if the request has ended with an error
@MackinnonBuck MackinnonBuck added api-suggestion Early API idea and discussion, it is NOT ready for implementation feature-authentication labels Jan 10, 2025
@dotnet-issue-labeler dotnet-issue-labeler bot added the needs-area-label Used by the dotnet-issue-labeler to label those issues which couldn't be triaged automatically label Jan 10, 2025
@MackinnonBuck MackinnonBuck added area-auth Includes: Authn, Authz, OAuth, OIDC, Bearer and removed needs-area-label Used by the dotnet-issue-labeler to label those issues which couldn't be triaged automatically labels Jan 10, 2025
@MackinnonBuck MackinnonBuck self-assigned this Jan 10, 2025
@MackinnonBuck MackinnonBuck added this to the 10.0-preview1 milestone Jan 10, 2025
@MackinnonBuck MackinnonBuck added api-ready-for-review API is ready for formal API review - https://github.com/dotnet/apireviews and removed api-suggestion Early API idea and discussion, it is NOT ready for implementation labels Jan 16, 2025
@dotnet-policy-service Dotnet Policy Service
Copy link
Contributor

Thank you for submitting this for API review. This will be reviewed by @dotnet/aspnet-api-review at the next meeting of the ASP.NET Core API Review group. Please ensure you take a look at the API review process documentation and ensure that:

  • The PR contains changes to the reference-assembly that describe the API change. Or, you have included a snippet of reference-assembly-style code that illustrates the API change.
  • The PR describes the impact to users, both positive (useful new APIs) and negative (breaking changes).
  • Someone is assigned to "champion" this change in the meeting, and they understand the impact and design of the change.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@MackinnonBuck MackinnonBuck

Labels
api-ready-for-review API is ready for formal API review - https://github.com/dotnet/apireviews area-auth Includes: Authn, Authz, OAuth, OIDC, Bearer feature-authentication
Projects
None yet
Milestone
10.0-preview1
Development

No branches or pull requests
1 participant
@MackinnonBuck