Request Logs 401

I’ve been using the RequestLogsFeature for a long time now and after updating to the latest ServiceStack version, the API REST path now returns a 401 error in my browser. I have not changed my RequestLogsFeature configuration. Are there any recent changes that would result in 401?

Haven’t detected any issue with it over here, does it say the reqlogs plugin was loaded in /metadata/app.json?

If it was registered can you provide the HTTP Request/Response headers (w/o any body) to see if that sheds any light on the issue.

Since it’s 401, are you using any ASP .NET Core Auth? If it’s not running in DebugMode it would require Admin access.

I have metadata disabled, but I can confirm logging is working because I see CSV files being created.

There is nothing interesting in the 401 HTTP response at all.

My code:

Plugins.Add(new RequestLogsFeature { AtRestPath = "/xxx", EnableRequestBodyTracking = true, RequiredRoles = new string[0], RequestLogger = new CsvRequestLogger(null, "logs/{year}-{month}/{year}-{month}-{day}.csv", "logs/{year}-{month}/{year}-{month}-{day}-errors.csv"), ExcludeRequestDtoTypes = new[] { typeof(RequestLogs) }, HideRequestBodyForRequestDtoTypes = new[] { typeof(Authenticate), typeof(Register) }, LimitToServiceRequests = false, CurrentDateFn = () => XtraFunctions.UtcDateTimeToEstDateTime(DateTime.UtcNow) });

The authentication and authorization for this API is not handled via ServiceStack or anything in .NET. It’s something else upstream/on top of the API, which is why I clear the roles for the logging so it can be accessed. The 401 appears to be coming from ServiceStack though.

Narrowed it down a little bit. When DebugMode is true, it works. When false, it results in 401.
In previous versions DebugMode did not influence it. Is this a bug? If not/this change was intentional, how do I unblock it when not in debug mode?

The rules haven’t changed, non-Admin users can’t view the request logs when not in DebugMode:

What can I do to make it fully accessible?

I believe you’ll be able to do it with:

new RequestLogsFeature {
    RequiredRoles = new[] { RoleNames.AllowAnon },
}

No luck with that unfortunately. Still 401.
Also tried RoleNames.AllowAnyUser - same result.
Let me know what else I can try.

I’ve added a fix to support above definition, will let you know when it’s run through CI and available on MyGet.

1 Like

This change is now available from v5.13.3+ that’s now available on MyGet.

1 Like

That fixed it, thank you very much!

1 Like