Request Logs 401

Eaton · December 13, 2021, 7:21pm

I’ve been using the RequestLogsFeature for a long time now and after updating to the latest ServiceStack version, the API REST path now returns a 401 error in my browser. I have not changed my RequestLogsFeature configuration. Are there any recent changes that would result in 401?

mythz · December 13, 2021, 7:34pm

Haven’t detected any issue with it over here, does it say the reqlogs plugin was loaded in /metadata/app.json?

If it was registered can you provide the HTTP Request/Response headers (w/o any body) to see if that sheds any light on the issue.

Since it’s 401, are you using any ASP .NET Core Auth? If it’s not running in DebugMode it would require Admin access.

Eaton · December 13, 2021, 7:55pm

I have metadata disabled, but I can confirm logging is working because I see CSV files being created.

There is nothing interesting in the 401 HTTP response at all.

My code:

Plugins.Add(new RequestLogsFeature { AtRestPath = "/xxx", EnableRequestBodyTracking = true, RequiredRoles = new string[0], RequestLogger = new CsvRequestLogger(null, "logs/{year}-{month}/{year}-{month}-{day}.csv", "logs/{year}-{month}/{year}-{month}-{day}-errors.csv"), ExcludeRequestDtoTypes = new[] { typeof(RequestLogs) }, HideRequestBodyForRequestDtoTypes = new[] { typeof(Authenticate), typeof(Register) }, LimitToServiceRequests = false, CurrentDateFn = () => XtraFunctions.UtcDateTimeToEstDateTime(DateTime.UtcNow) });

The authentication and authorization for this API is not handled via ServiceStack or anything in .NET. It’s something else upstream/on top of the API, which is why I clear the roles for the logging so it can be accessed. The 401 appears to be coming from ServiceStack though.

Eaton · December 14, 2021, 3:48am

Narrowed it down a little bit. When DebugMode is true, it works. When false, it results in 401.
In previous versions DebugMode did not influence it. Is this a bug? If not/this change was intentional, how do I unblock it when not in debug mode?

mythz · December 14, 2021, 5:06pm

The rules haven’t changed, non-Admin users can’t view the request logs when not in DebugMode:

Eaton · December 14, 2021, 5:34pm

What can I do to make it fully accessible?

mythz · December 14, 2021, 6:01pm

I believe you’ll be able to do it with:

new RequestLogsFeature {
    RequiredRoles = new[] { RoleNames.AllowAnon },
}

Eaton · December 14, 2021, 6:16pm

No luck with that unfortunately. Still 401.
Also tried RoleNames.AllowAnyUser - same result.
Let me know what else I can try.

mythz · December 14, 2021, 6:54pm

I’ve added a fix to support above definition, will let you know when it’s run through CI and available on MyGet.

mythz · December 14, 2021, 7:07pm

This change is now available from v5.13.3+ that’s now available on MyGet.

Eaton · December 14, 2021, 7:20pm

That fixed it, thank you very much!