Skip to main content
A newer version of this page is available. .
.NET Framework 4.5.2+

Audit Trail Module

  • 6 minutes to read

The eXpressApp Framework supplies the Audit Trail System for WinForms and ASP.NET applications. This system is intended to provide you information on changes that are being made to the application’s persistent objects. For example, you can retrieve information on the kind of change (object is created, changed, etc.), who made this change, with what object, the previous and new property values, and so on. A change is registered between two sequential events of object saving to a data storage. To have this system in your application, you should use the Audit Trail module, which represents it. This topic explains the mechanisms for trailing object changes, and provides ways to customize them.


  • Currently, we do not to provide built-in support for Entity Framework (EF) in this module, because its implementation heavily depends on our XPO ORM, and we do not have a sufficient number of customer requests in this regard. If you use EF for data access in your XAF application and require a similar functionality for your project, feel free to contact us and describe your business requirements so we can provide you with alternative solutions. In general, you can integrate any custom or standard solution for Entity Framework, which you would implement to solve the same requirement in non-XAF applications. We will also continue monitoring user demand in this regard and it is possible that we will review our current decision in the future.

  • We have designed this module to manage up to a hundred of audited changes in one transaction. It will take significant time to save thousands of audit data records. We recommend that you investigate whether or not this performance specificity is important before using this module in your application.

The AuditTrailModule is represented by the DevExpress.ExpressApp.AuditTrail.v20.2.dll assembly. To use the module in an application, add it to your application project or one of the application modules via the Application Designer or Module Designer, respectively. In addition, check that the DevExpress.Persistent.Base.v20.2.dll assembly is referenced in your application, since it contains XAF-independent services used by the Audit Trail module.


After the necessary assemblies listed above have been referenced, all persistent objects in the application will be audited. The default audit settings are described below.

  • All persistent classes (inherited from the Base Persistent Classes) are audited by the Audit Trail system.
  • All public simple and reference properties owned by persistent classes are audited. However, read-only properties (properties with no set accessor) are not audited.
  • All public collection properties owned by persistent classes are audited.
  • All object changes - object creation, deletion and modification, names of modified properties, initial and actual values of properties are fully audited. Current user name provided by the Security System is also saved.
  • Audit information is logged to the application database.
  • The real values of properties stored as blob data (e.g., images) are not saved. The “Blob data” string is saved instead.
  • The null values are saved as the “N/A” string.

When the object is modified in the Detail View, the initial values are copied immediately when an object has been loaded. When the object is modified in Editable List View, initial values are copied in the BaseObjectSpace.ObjectChanged event. The actual values are collected and saved in a separate UnitOfWork in the BaseObjectSpace.Committed event.

The following table lists the changes which are logged by the Audit Trail module:

Change Description
ObjectCreated The audited object has been created.
InitialValueAssigned An initial value has been assigned to the audited object before the first save.
ObjectChanged The audited object’s property has been changed.
ObjectDeleted The audited object has been deleted.
AddedToCollection The audited object has been added to a collection.
RemovedFromCollection The audited object has been removed from a collection.
CollectionObjectChanged An object from the audited object has been changed.
AggregatedObjectChanged The object aggregated by the audited object has been changed.
CustomData Custom data has been added to the audit log.

In code, changes are represented by the AuditDataItem class. This class’ properties are logged. By default, they are saved to the database by an AuditDataStore object. This object creates an AuditDataItemPersistent persistent object and saves it to the database. To save changes represented by the AuditDataItem objects in another storage, inherit a custom class from the AuditDataStore class and override the Save method (see the Customize the Audit Trail System topic).

To analyze the audit log, you need to know what database tables represent it. With the Audit Trail module, the following tables are added to the database:

  • AuditDataItemPersistent

    Represents the table where the AuditDataItemPersistent objects are stored. Each time one of the changes listed above is made, a new record is added to this table. The table’s AuditedObject field contains references to the corresponding records in the AuditObjectWeakReference table. The OldObject and NewObject fields contain references to the corresponding records in the XPWeekReference table. These fields’ string representations are stored into the OldValue and NewValue fields, respectively.


    • The AuditedObject is null for deleting operation when the deferred deletion option is disabled for the audited type. Use the DeferredDeletionAttribute to enable it.
    • For collection modification entries (AddedToCollection, RemovedFromCollection, CollectionObjectChanged, AggregatedObjectChanged), a reference to the modified persistent object along with the object’s string representation are always stored into the OldObject / OldValue fields.
    • The Security System creates a default user that cannot access or change the audit data records. To allow a user to access these records, grant a type permission for AuditDataItemPersistent, AuditedObjectWeakReference, and XPWeakReference.
  • XPWeakReference

    Contains data on the objects that have been changed. Object identifiers are stored as strings.

  • AuditedObjectWeakReference

    Contains data on both the objects that have been changed and the objects that have taken part in a change. Object identifiers are stored in the GuidId or IntId field, depending whether they are stored as Guid or integer values. So, the AuditedObjectWeakReference table represents a more convenient way to access object data than via the XPWeakReference table.

It is possible to lose some of the object changes, if these changes are performed within a session that is not audited. This can occur if you manually create a Session or UnitOfWork. To avoid such a failure, use the Application.CreateObjectSpace method, when you need to create your own Session or UnitOfWork:

IObjectSpace objectSpace = Application.CreateObjectSpace(typeof(MyBusinessClass));

Do not write a statement like the following:

Session session = new Session(...);
See Also