Make Http Logging Middleware Endpoint aware

[Kahbazi]

Background and Motivation

I need to log the body of every requests that are coming to the application, but I want to exclude some endpoints. For example I don't want to log the body of the login methods. I suggest adding metadata for enabling and disabling log for http logging middleware.

The new behavior would be like these: if endpoint has DisableLoggingAttribute the middleware would be skipped completely. when EnableLoggingAttribute is available the middleware use its LoggingFields to log the request/response and if there are no metadata available, it would use HttpLoggingOptions.LoggingFields.

Also should other HttpLoggingOptions properties be available in the metadata or is logging fields enough?

Proposed API

namespace Microsoft.AspNetCore.HttpLogging;

+ public class EnableLoggingAttribute : Attribute
+{
+    public EnableLoggingAttribute(HttpLoggingFields fields) { }
+    public HttpLoggingFields LoggingFields { get; }
+}

+ public class DisableLoggingAttribute : Attribute
+{
+}

namespace Microsoft.AspNetCore.Builder;

+public static class HttpLoggingEndpointConventionBuilderExtensions
+{
+    public static TBuilder EnableLogging<TBuilder>(this TBuilder builder, HttpLoggingFields loggingFields) where TBuilder : IEndpointConventionBuilder;
+    public static TBuilder DisableLogging<TBuilder>(this TBuilder builder) where TBuilder : IEndpointConventionBuilder;
+}

Usage Examples

app.MapPost("/login", ... ).DisableLogging();
app.MapPost("/uploadFile", ... ).EnableLogging(HttpLoggingFields.RequestPropertiesAndHeaders);

Alternative Designs

Risks

[Tratcher]

Would there be a functional difference between EnableLoggingAttribute(None) and DisableLoggingAttribute?

[Kahbazi]

Would there be a functional difference between EnableLoggingAttribute(None) and DisableLoggingAttribute?

Hmm, No!

[wtgodbe]

Triage: We'll consider this for 8, endpoint-awareness in general is goodness for Middlewares.

[murad88]

For debugging, I need to temporarily enable logging for only one endpoint.
There is no such possibility in NET 6 :(

[tahq69]

Something like rote pattern would be nice to have.
For example, if I build API and has swagger on top of that, I definitely don't want to log swager endpoints. So it would be great if I could disable them like

builder.Services.AddHttpLogging(options =>
{
    options.LoggingFields = HttpLoggingFields.All;
    options.Disable.Add("/swagger*");
});

[Tratcher]

Something like rote pattern would be nice to have. For example, if I build API and has swagger on top of that, I definitely don't want to log swager endpoints. So it would be great if I could disable them like

builder.Services.AddHttpLogging(options =>
{
    options.LoggingFields = HttpLoggingFields.All;
    options.Disable.Add("/swagger*");
});

The point of using endpoints would be to add the enable/disable metadata directly to them and avoid re-implementing routing locally.

[stefer]

It is possible to use UseWhen to selectively add http logging to only some endpoints, like so:

            app.UseWhen(
                context => context.Request.Path.StartsWithSegments("/api"),
                builder => builder.UseHttpLogging());

[Tratcher]

It is possible to use UseWhen to selectively add http logging to only some endpoints, like so:

            app.UseWhen(
                context => context.Request.Path.StartsWithSegments("/api"),
                builder => builder.UseHttpLogging());

Yes

[Tratcher]

Also should other HttpLoggingOptions properties be available in the metadata or is logging fields enough?

RequestBodyLogLimit and ResponseBodyLogLimit would be easy options to include. Request/ResponseHeaders and MediaTypeOptions wouldn't be feasible to expose directly on an attribute. If we wanted to do those we'd need to shift to a named policy model. Those settings are far less endpoint specific so we might not need them.

Compare to #45732