ASP.NET Core identity user metrics API

[JamesNK]

Background and Motivation

API review of user manager metrics for #62078.

Proposed API

Microsoft.AspNetCore.Identity

aspnetcore.identity.user.create

Name	Instrument Type	Unit	Description
aspnetcore.identity.user.create	Counter	count	The number of users created.

Attribute	Type	Description	Examples	Presence
aspnetcore.identity.user_type	string	The identity user type.	ContosoUser	Always
aspnetcore.identity.result	string	The result of the identity operation.	success; failure	If no exception was thrown.
aspnetcore.identity.result_error_code	string	The error code for a failed identity operation.	DefaultError; PasswordMismatch	If an error was set on a failed identity result.
error.type	string	The full name of exception type.	System.InvalidOperationException	If an exception was thrown.

aspnetcore.identity.user.update

Name	Instrument Type	Unit	Description
aspnetcore.identity.user.update	Counter	count	The number of user updates.

Attribute	Type	Description	Examples	Presence
aspnetcore.identity.user_type	string	The identity user type.	ContosoUser	Always
aspnetcore.identity.user.update_type	string	The user update type.	update; user_name; reset_password	Always
aspnetcore.identity.result	string	The result of the identity operation.	success; failure	If no exception was thrown.
aspnetcore.identity.result_error_code	string	The error code for a failed identity operation.	DefaultError; PasswordMismatch	If an error was set on a failed identity result.
error.type	string	The full name of exception type.	System.InvalidOperationException	If an exception was thrown.

aspnetcore.identity.user.delete

Name	Instrument Type	Unit	Description
aspnetcore.identity.user.delete	Counter	count	The number of users deleted.

Attribute	Type	Description	Examples	Presence
aspnetcore.identity.user_type	string	The identity user type.	ContosoUser	Always
aspnetcore.identity.result	string	The result of the identity operation.	success; failure	If no exception was thrown.
aspnetcore.identity.result_error_code	string	The error code for a failed identity operation.	DefaultError; PasswordMismatch	If an error was set on a failed identity result.
error.type	string	The full name of exception type.	System.InvalidOperationException	If an exception was thrown.

aspnetcore.identity.user.check_password

Name	Instrument Type	Unit	Description
aspnetcore.identity.user.check_password	Counter	count	The number of check password attempts. Only checks whether the password is valid and not whether the user account is in a state that can log in.

Attribute	Type	Description	Examples	Presence
aspnetcore.identity.user_type	string	The identity user type.	ContosoUser	Always
aspnetcore.identity.user.password_result	string	The result from checking the password.	success; failure	If no exception was thrown.
error.type	string	The full name of exception type.	System.InvalidOperationException	If an exception was thrown.

aspnetcore.identity.user.verify_token

Name	Instrument Type	Unit	Description
aspnetcore.identity.user.verify_token	Counter	count	The number of token verification attempts.

Attribute	Type	Description	Examples	Presence
aspnetcore.identity.user_type	string	The identity user type.	ContosoUser	Always
aspnetcore.identity.token_purpose	string	What the token is used for.	reset_password; two_factor	Always
aspnetcore.identity.token_verified	string	Result of verifying the token.	success; failure	If no exception was thrown.
error.type	string	The full name of exception type.	System.InvalidOperationException	If an exception was thrown.

aspnetcore.identity.user.generate_token

Name	Instrument Type	Unit	Description
aspnetcore.identity.user.generate_token	Counter	count	The number of tokens generated.

Attribute	Type	Description	Examples	Presence
aspnetcore.identity.user_type	string	The identity user type.	ContosoUser	Always
aspnetcore.identity.token_purpose	string	What the token is used for.	reset_password; two_factor	Always
error.type	string	The full name of exception type.	System.InvalidOperationException	If an exception was thrown.

Usage Examples

Alternative Designs

Risks

[JamesNK]

@noahfalk @lmolkova @trask Hi. I'm adding metrics to ASP.NET Core identity. This issue is for folks to review metrics and their names. Feedback welcome on how well names match semantic conventions.

(there are quite a few metrics so I've split the review into two issues: #62131 and #62132)

[noahfalk]

Hey James, very sorry for the delay! I saw I had this flagged weeks ago and then it slipped off my radar.

A couple questions I had reading over this:

• what is the difference between check_password and verify_password? When I search in the docs I didn't find pre-existing terminology this matched up to.
• what is the difference between aspnetcore.identity.user.check_password and aspnetcore.identity.sign_in.check_password?
• other than passwords and tokens, are there other forms of credential that would get used? For example certificates?
• does verify_token include any type of token? If not might there be a need for other token types in the future? If yes would it be useful for the metric to include information about the type of token being verified?

[JamesNK]

what is the difference between check_password and verify_password? When I search in the docs I didn't find pre-existing terminology this matched up to.

Removed verify_password counter.

what is the difference between aspnetcore.identity.user.check_password and aspnetcore.identity.sign_in.check_password?

sign_in.check_password uses user.check_password internally. The sign in manager checks also checks the state of the account allows it to log in.

other than passwords and tokens, are there other forms of credential that would get used? For example certificates?

The sign in manager handles different auth credentials.

does verify_token include any type of token? If not might there be a need for other token types in the future? If yes would it be useful for the metric to include information about the type of token being verified?

You would only use API for tokens related to user accounts. There is a token purpose on the counter that does its best to provide into about the purpose of the token.

[noahfalk]

The sign in manager handles different auth credentials.

Do we expect non-token, non-password credentials to surface through these counters? The naming seemed fairly token and password specific.

[halter73]

API Review Notes:

• We've come really close to implementing metrics for CRUD (create, read, update, delete) except for the read part. Do we want to include metrics for reads too, or is it too noisy?
• verifing -> verifying in description.

[JamesNK]

The sign in manager handles different auth credentials.

Do we expect non-token, non-password credentials to surface through these counters? The naming seemed fairly token and password specific.

Which naming?

ASP.NET Core identity offers a tailored experience for doing user and sign in management in an app. If we support more in the future then we'll add new counters as needed.

[JamesNK]

We've come really close to implementing metrics for CRUD (create, read, update, delete) except for the read part. Do we want to include metrics for reads too, or is it too noisy?

I think, for now, I'm not going to add read metrics. There are lots of kinds of reads and I'm not sure how to model them correctly.

e.g. get a user, get a property on a user, get if user is in a row, get multiple users by role, get multiple user by claim, etc.

Can add read metrics if people ask for them.

[noahfalk]

If we support more in the future then we'll add new counters as needed.

Sounds just fine. Thanks James!