What should you do?

Your Windows Communication Foundation (WCF) client application uses HTTP to communicate with the service.
You need to enable message logging and include all security information such as tokens and nonces in logged messages.
What should you do?

Your Windows Communication Foundation (WCF) client application uses HTTP to communicate with the service.
You need to enable message logging and include all security information such as tokens and nonces in logged messages.
What should you do?

A.
In the application configuration file, add the IogKnownPii attribute to the message logging diagnostics source and set the value of the attribute to true.
Generate the ContosoService class using the Add Service Reference wizard.
Add a reference to System.ServiceModel.Routing.dll.
Add the following code segment:
ContosoService client = new ContosoService();
SoapProcessingBehavior behavior = new SoapProcessingBehavior();
behavior.ProcessMessages = true;
client.Endpoint.Behaviors.Add(behavior);

B.
In the application configuration file, add the following XML segment to the system.serviceModel configuration section group.
<diagnostics>
<messageLogging LogMessagesAtTransportLevel=”true” LogEntireMessage=”true” />
</diagnostics>

C.
In the machine configuration file, add the following XML segment to the system.serviceModel configuration section.
<machineSettings enableLoggingKnownPii=”true” />
Generate the ContosoService class using the Add Service Reference wizard. Add the following code segment.
ContosoService client = new ContosoService();
client.Endpoint.Behaviors.Add(new CallbackDebugBehavior(true));

D.
In the machine configuration file, add the following XML segment to the system.serviceModel configuration section.
<machineSettings enableLoggingKnownPii=”true” />
In the application configuration file, add the IogKnownPii attribute to the message logging diagnostics source and set the value of the attribute to true.
In the application configuration file, add the following XML segment to the system.serviceModel configuration section group.
<diagnostics>
<messageLogging LogMessagesAtTransportLevel=”true”/>
</diagnostics>

Explanation:
Security Concerns for Message Logging
(http://msdn.microsoft.com/en-us/library/ms730318.aspx)

By default, keys and personally identifiable information (PII) such as username and password are not logged
in traces and logged messages. A machine administrator, however, can use the enableLoggingKnownPII attribute
in the machineSettings element of the Machine.config file to permit applications running on the machine to log
known personally identifiable information (PII). The following configuration demonstrates how to do this:

<configuration>
<system.serviceModel>
<machineSettings enableLoggingKnownPii=”true”/>
</system.serviceModel>
</configuration>

An application deployer can then use the logKnownPii attribute in either the App.config or Web.config file to enable PII logging as follows:

<system.diagnostics>
<sources>
<source name=”System.ServiceModel.MessageLogging”
logKnownPii=”true”>
<listeners>
<add name=”messages”
type=”System.Diagnostics.XmlWriterTraceListener”
initializeData=”c:\logs\messages.svclog” />
</listeners>
</source>
</sources>
</system.diagnostics>

Only when both settings are true is PII logging enabled.
The combination of two switches allows the flexibility to log known PII for each application.

PII Logging Configuration
Logging of PII is controlled by two switches: a computer-wide setting found in Machine.config that allows
a computer administrator to permit or deny logging of PII and an application setting that allows an application
administrator to toggle logging of PII for each source in a Web.config or App.config file.

The computer-wide setting is controlled by setting enableLoggingKnownPii to true or false,
in the machineSettings element in Machine.config. For example, the following allows applications to turn on logging of PII.

<configuration>
<system.serviceModel>
<machineSettings enableLoggingKnownPii=”true” />
</system.serviceModel>
</configuration>

Note:
The Machine.config file has a default location: %WINDIR%\Microsoft.NET\Framework\v2.0.50727\CONFIG.
If the enableLoggingKnownPii attribute is not present in Machine.config, logging of PII is not allowed.

Enabling logging of PII for an application is done by setting the logKnownPii attribute of the source element to true or false
in the Web.config or App.config file. For example, the following enables logging of PII for both message logging and trace logging.

<configuration>
<system.diagnostics>
<sources>
<source name=”System.ServiceModel.MessageLogging” logKnownPii=”true”>
<listeners>

</listeners>
</source>
<source name=”System.ServiceModel” switchValue=”Verbose, ActivityTracing”>
<listeners>

</listeners>
</source>
</sources>
</system.diagnostics>
</configuration>



Leave a Reply 1

Your email address will not be published. Required fields are marked *