Audit.NET is an extensible framework designed to generate audit logs for executing operations in .NET and .NET Core. It provides a unified way to capture environmental data, track object state changes, and redirect audit information to a variety of storage backends README.md9-13
The framework is built on a "capture-and-propagate" model where an operation is wrapped in a scope, data is collected into an event object, and that object is then handed off to a provider for persistence.
The framework revolves around three primary entities defined in the core library:
AuditScope: Represents the context of an audited operation. It manages the lifecycle of the audit, including start/end timestamps and the triggering of the save pipeline README.md86-89AuditEvent: The data contract containing the captured information, such as Environment details (user, machine, etc.), CustomFields, and the Target object being audited README.md94-98 It can also include TimedEvent entries to capture intermediate performance metrics within a scope CHANGELOG.md22-23AuditDataProvider: The abstraction used to persist the AuditEvent. This allows the framework to be storage-agnostic README.md100-103 It is formally defined by the IAuditDataProvider interface CHANGELOG.md76-78The following diagram illustrates how these core entities interact within the .NET execution space.
Audit Lifecycle and Entity Mapping
Sources: README.md82-103 src/Audit.NET/Audit.NET.csproj26 CHANGELOG.md72-78
Audit.NET utilizes a modular architecture consisting of a core library and numerous extensions. These extensions are categorized into two types:
Audit.EntityFramework.Core for database tracking src/Audit.EntityFramework.Core/Audit.EntityFramework.Core.csproj4 and Audit.WebApi for controller interception src/Audit.WebApi/Audit.WebApi.csproj4AuditDataProvider to store logs in SQL Server, MongoDB, Azure Blobs, Elasticsearch, and more README.md30-48 Modern providers include ActivityDataProvider for OpenTelemetry tracing CHANGELOG.md87-88 and ImmuDB for tamper-proof logs CHANGELOG.md67-69Extension Ecosystem
Sources: README.md15-55 CHANGELOG.md31-39 src/Audit.EntityFramework.Core/Audit.EntityFramework.Core.csproj12 src/Audit.NET.SqlServer/Audit.NET.SqlServer.csproj12 src/Audit.NET.MongoDB/Audit.NET.MongoDB.csproj11-12
The repository is organized as a monorepo containing the core library, all official extensions, and a comprehensive test suite.
src/: Contains the source code for the core library and all plugin projects. Each extension is typically its own project (e.g., src/Audit.NET.SqlServer) src/Audit.NET.SqlServer/Audit.NET.SqlServer.csproj12test/: Contains unit and integration tests. The test suite is managed via scripts like Run-Tests.ps1 test/Run-Tests.ps11-10src/pack.cmd for packaging and Directory.Build.props for shared versioning and test configurations across the solution Directory.Build.props1-7 Projects are strong-named using a shared key located at ../StrongName/Audit.NET.snk src/Audit.NET/Audit.NET.csproj13-14For a deep dive into the physical layout and build pipeline, see Repository Structure & Build System.
To use Audit.NET, you typically install the base NuGet package and configure a global data provider:
Configuration is handled via a fluent API, usually at application startup. Recent updates have enhanced thread safety for custom actions using ConcurrentDictionary and ConcurrentQueue in Configuration.cs CHANGELOG.md42-44
For detailed setup instructions, including Dependency Injection and EventCreationPolicy, see Getting Started & Configuration.
SolutionGenerator tool.AuditScope lifecycle and data model.Refresh this wiki
This wiki was recently refreshed. Please wait 7 days to refresh again.