.NET Health Monitoring

1
.NET Health Monitoring

• Jonathan Franco
• ITD
• Application Services

2
What is .NET?

• ASP.NET is a web application framework developed
  by Microsoft to allow programmers to build
  dynamic web sites, web application and web
  services.
• It was first released in January 2002 with
  version 1.0 of the .NET Framework, and is the
  successor to Microsofts Active Server Pages
  (ASP) technology.
• ASP.NET is built on the Common Language Runtime
  (CLR), allowing programmers to write ASP.NET code
  using any supported .NET language.

3
What is .NET Health Monitoring?

• The ASP.NET Health Monitoring system is designed
  to monitor the health of a running ASP.NET
  application in a production environment.
• The Health Monitoring system works by recording
  event information to a specified log source.
• Log Sources
• Email
• Event Log
• SQL
• WMI
• Trace

4
(No Transcript)
5
Event Occurrence

• The chart below shows Event occurrences for an
  outside facing server.

6
Sample Application
7
Error Handling

• When an error occurs for the web application the
  error page should not give away any details.
• An error handler redirects to this error page.

8
Improper Error Handling

• Lack of error handling can lead to an attacker
  gaining additional information about the web
  server or application.
• There are ways to force the web application to
  reveal information without proper error handling.

9
Best Practices

• Error Page
• Add an error page to avoid giving information
  away to attackers.
• Publish web sites to server
• Dont copy code to the servers. Copying code to
  the servers will cause a fair amount of Health
  Monitoring Events to occur and is insecure.
• Dont debug on the server
• Debugging on the server will cause various
  Health Monitoring Events. Generating the wrong
  kinds of events can cause your IP to be blocked
  if done on the server.

10
Email Layout

• Provider that sent the Event.
• Application Name, Event Code and Event Detail
  Code for the Event.
• Stack trace for the Event.

11
Email Layout

• Event Message, time and ID. Event ID can be
  traced back to the Event Log if additional
  information is desired.
• IP Address, regardless of proxy, that caused the
  Event.

12
Custom Configuration

• Developer Override for Email
• Subject Prefix
• Email List
• Header and Footer for Body
• Reply To
• AppendEmail
• Sample Subject line
• HM servername Event Code 3003 Event Message A
  validation error has occurred. Event type
  WebRequestErrorEvent

13
Settings

• Buffer modes configured whether events are
  buffered or not.
• Providers lists the providers that are configured
  along with information of where to send the
  event.
• Profiles state any limits on sending the events.
• Rules link the Event Mapping to the Provider.
• Event Mappings tell what events to report.

14
Migration/Deployment Notes

• Review settings of any existing web applications
  that use Health Monitoring. Make sure there are
  no conflicts.
• Deploy during working hours where everyone is
  available.
• Periodically check occurrence of events and
  determine which providers should report these
  events.

15
Non-ITD Provider Use

• The Health Monitoring assemblies can be
  configured/used on your server.
• Develop Provider
• Develop HTTP Handler to get the Request
  information.
• Sum up the compilation Events when web sites are
  Published.
• Obfuscate the offending content from a Validation
  Error, shown in the Custom Event Details section.

16
Future Enhancements

• Heartbeat, make a web service to receive
  heartbeats from various applications and only
  send an email if there is trouble.
• Detect and report HTTP POST with SQL Injection.
• Send an email for multiple start and stops of an
  application based on a configured threshold.

17
Any Questions/Comments?