Skip to main content
BuyLog In
XAF: Cross-Platform .NET App UI & Web API
Search in…
Docs > Application Security and Data Safety > Audit Trail (History of Data Changes) > Audit Trail Module (XPO)
All docs
V23.2
.NET 6.0+
XAF: Cross-Platform .NET App UI & Web API
Getting Started
Installation, Upgrade, Version History
Backend Web API Service
UI Shell and Base Infrastructure
Storage, ORM, and Business Model Design
Data Manipulation and Business Logic
User Interface and Behavior Customization
Data Filtering
Application Security and Data Safety
Security (Access Control & Authentication)
Security Considerations
Audit Trail (History of Data Changes)
Audit Trail Module (EF Core)
Audit Trail Module (XPO)
Analyze the Audit Log
Add Custom Data to the Audit Log
Audit Specific Operations
Audit the Current User or Host Identity
Change Object Auditing Mode
Customize the Data Storing Mechanism
Disable the Audit Trail Module
Specify the Objects and Properties to Be Audited
Audit Changes in a Manually Created ObjectSpace
Miscellaneous Customizations of the Audit Trail System
Multi-Tenancy (Data per Tenant)
Validation (Prevent Data Errors)
Conditional Appearance (Manage State of UI Elements)
Reporting (Shape, Export & Print Data)
Analytics (Extract Data Insights)
Document Management
Business Process Management
Event Planning
Localization
Accessibility Support
Debugging, Testing and Error Handling
Deployment
Support, QA & Troubleshooting
API Reference
Download CHM

Audit Trail Module (XPO)

  • 6 minutes to read

The AuditTrailModule is implemented by the DevExpress.ExpressApp.AuditTrail.Xpo.v23.2.dll assembly. Install the DevExpress.ExpressApp.AuditTrail.Xpo NuGet package and use one of the following techniques to add the Audit Trail module:

Check that the DevExpress.Persistent.Base.v23.2.dll assembly is referenced in your application, since it contains XAF-independent services used by the Audit Trail module.

After the necessary assemblies listed above have been referenced, all persistent objects in the application will be audited. The default audit settings are described below.

  • All persistent classes (inherited from the Base Persistent Classes) are audited by the Audit Trail system.
  • All public simple and reference properties owned by persistent classes are audited. However, read-only properties (properties with no set accessor) are not audited.
  • All public collection properties owned by persistent classes are audited.
  • All object changes - object creation, deletion and modification, names of modified properties, initial and actual values of properties are fully audited. Current user name provided by the Security System is also saved.
  • Audit information is logged to the application database.
  • The real values of properties stored as blob data (e.g., images) are not saved. The “Blob data” string is saved instead.
  • The null values are saved as the “N/A” string.

When the object is modified in the Detail View, the initial values are copied immediately when an object has been loaded. When the object is modified in Editable List View, initial values are copied in the BaseObjectSpace.ObjectChanged event. The actual values are collected and saved in a separate UnitOfWork in the BaseObjectSpace.Committed event.

The following table lists the changes that are logged by the Audit Trail module:

Change Description
ObjectCreated The audited object has been created.
InitialValueAssigned An initial value has been assigned to the audited object before the first save.
ObjectChanged The audited object’s property has been changed.
ObjectDeleted The audited object has been deleted.
AddedToCollection The audited object has been added to a collection.
RemovedFromCollection The audited object has been removed from a collection.
CollectionObjectChanged An object from the audited object has been changed.
AggregatedObjectChanged The object aggregated by the audited object has been changed.
CustomData Custom data has been added to the audit log.

In code, changes are represented by the AuditDataItem class. This class’ properties are logged. By default, they are saved to the database by an AuditDataStore object. This object creates an AuditDataItemPersistent persistent object and saves it to the database. To save changes represented by the AuditDataItem objects in another storage, inherit a custom class from the AuditDataStore class and override the Save method (see the Customize the Audit Trail System topic).

To analyze the audit log, you need to know what database tables represent it. With the Audit Trail module, the following tables are added to the database:

  • AuditDataItemPersistent

    The table where AuditDataItemPersistent objects are stored. Each time one of the changes listed above is made, a new record is added to this table. The table’s AuditedObject field contains references to the corresponding records in the AuditObjectWeakReference table. The OldObject and NewObject fields contain references to the corresponding records in the XPWeekReference table. String representations of these fields are stored in the OldValue and NewValue fields, respectively.

    Note

    • The AuditedObject is null for deleting operation when the deferred deletion option is disabled for the audited type. Use the DeferredDeletionAttribute to enable it.
    • For collection modification entries (AddedToCollection, RemovedFromCollection, CollectionObjectChanged, AggregatedObjectChanged), a reference to the modified persistent object along with the object’s string representation are always stored into the OldObject / OldValue fields.

    • The Security System creates a default user that cannot access or change the audit data records. To allow a user to access these records, use the following permissions:

      // MySolution.Module/DatabaseUpdater/Updater
defaultRole.AddTypePermission<AuditDataItemPersistent>(SecurityOperations.Read, SecurityPermissionState.Deny);
defaultRole.AddObjectPermissionFromLambda<AuditDataItemPersistent>(SecurityOperations.Read, a => a.UserObject.Key == CurrentUserIdOperator.CurrentUserId().ToString(), SecurityPermissionState.Allow);
defaultRole.AddTypePermission<AuditEFCoreWeakReference>(SecurityOperations.Read, SecurityPermissionState.Allow);

  • XPWeakReference

    Contains data on the objects that have been changed. Object identifiers are stored as strings.

  • AuditedObjectWeakReference

    Contains data on both objects that have been changed and objects that have taken part in a change. Object identifiers are stored in the GuidId or IntId field, depending on whether they are stored as Guid or integer values. Thus, the AuditedObjectWeakReference table represents a more convenient way to access object data in comparison to the XPWeakReference table.

It is possible to lose some of the object changes if these changes are performed within a session that is not audited. This can occur if you manually create a Session or UnitOfWork. To avoid such a failure, use the Application.CreateObjectSpace method when you need to create your own Session or UnitOfWork:

IObjectSpace objectSpace = Application.CreateObjectSpace(typeof(MyBusinessClass));

Note

Do not write a statement like the following:

Session session = new Session(...);

Usage Specifics with Middle Tier Security

Important

In .NET Framework applications with WCF-based Middle Tier security (XPO), the client application requires rights to write to the AuditDataItemPersistent database table for the Audit Trail Module to work correctly. This may pose a security risk because it allows users to edit records in this table. Do not use our Audit Trail Module in this configuration unless you implement additional data protection on your database server or application side manually. We recommend that you migrate your application to .NET 6+ and use an ASP.NET Core WebAPI-based Middle Tier Security server. In this configuration, the audit is performed entirely on the server.

In .NET 6+ applications, you need to add the Audit Trail Module only to the server application:

File: MySolution.MiddleTier/Startup.cs

public class Startup {
    // ...
    public void ConfigureServices(IServiceCollection services) {
        // ...
        services.AddXafMiddleTier(Configuration, builder => {
            builder.Modules
                .AddAuditTrailXpo()
                // ...
        }
        // ...
    }
    // ...
}
See Also