ASP.NET Core identity sign in metrics API

[JamesNK]

Background and Motivation

API review of sign in manager metrics for https://github.com/dotnet/aspnetcore/pull/62078.

Proposed API

Microsoft.AspNetCore.Identity

aspnetcore.identity.sign_in.authenticate

Name	Instrument Type	Unit	Description
aspnetcore.identity.sign_in.authenticate	Counter	count	The number of authenticate and sign in attempts.

Attribute	Type	Description	Examples	Presence
aspnetcore.identity.user_type	string	The identity user type.	ContosoUser	Always
aspnetcore.identity.authentication_scheme	string	The authentication scheme to sign in with.	Identity.Application	Always
aspnetcore.identity.sign_in.type	string	The authentication type.	password; two_factor	Always
aspnetcore.identity.sign_in.is_persistent	boolean	A flag indicating whether the sign in is persistant.	true	Always
error.type	string	The full name of exception type.	System.InvalidOperationException	If an exception was thrown.

aspnetcore.identity.sign_in.remember_two_factor

Name	Instrument Type	Unit	Description
aspnetcore.identity.sign_in.remember_two_factor	Counter	count	The number of two factor clients remembered.

Attribute	Type	Description	Examples	Presence
aspnetcore.identity.user_type	string	The identity user type.	ContosoUser	Always
aspnetcore.identity.authentication_scheme	string	The authentication scheme to sign in with.	Identity.Application	Always

aspnetcore.identity.sign_in.forget_two_factor

Name	Instrument Type	Unit	Description
aspnetcore.identity.sign_in.forget_two_factor	Counter	count	The number of two factor clients forgotten.

Attribute	Type	Description	Examples	Presence
aspnetcore.identity.user_type	string	The identity user type.	ContosoUser	Always
aspnetcore.identity.authentication_scheme	string	The authentication scheme to sign in with.	Identity.Application	Always

aspnetcore.identity.sign_in.refresh

Name	Instrument Type	Unit	Description
aspnetcore.identity.sign_in.refresh	Counter	count	The number of refresh sign-in attempts.

Attribute	Type	Description	Examples	Presence
aspnetcore.identity.user_type	string	The identity user type.	ContosoUser	Always
aspnetcore.identity.authentication_scheme	string	The authentication scheme to sign in with.	Identity.Application	Always
aspnetcore.identity.sign_in.result	string	Whether the sign in result was success or failure.	success; failure	Always
aspnetcore.identity.sign_in.is_persistent	boolean	A flag indicating whether the sign in is persistant.	true	If the sign in was successful.
error.type	string	The full name of exception type.	System.InvalidOperationException	If an exception was thrown.

aspnetcore.identity.sign_in.check_password

Name	Instrument Type	Unit	Description
aspnetcore.identity.sign_in.check_password	Counter	count	The number of check password attempts.

Attribute	Type	Description	Examples	Presence
aspnetcore.identity.user_type	string	The identity user type.	ContosoUser	Always
aspnetcore.identity.user.password_result	string	The result from checking the password.	success; failure	Always
error.type	string	The full name of exception type.	System.InvalidOperationException	If an exception was thrown.

aspnetcore.identity.sign_in.sign_in_principal

Name	Instrument Type	Unit	Description
aspnetcore.identity.sign_in.sign_in_principal	Counter	count	The number of user principals signed in.

Attribute	Type	Description	Examples	Presence
aspnetcore.identity.authentication_scheme	string	The authentication scheme to sign in with.	Identity.Application	Always
error.type	string	The full name of exception type.	System.InvalidOperationException	If an exception was thrown.

aspnetcore.identity.sign_in.sign_out_principal

Name	Instrument Type	Unit	Description
aspnetcore.identity.sign_in.sign_out_principal	Counter	count	The number of user principals signed out.

Attribute	Type	Description	Examples	Presence
aspnetcore.identity.authentication_scheme	string	The authentication scheme to sign in with.	Identity.Application	Always
error.type	string	The full name of exception type.	System.InvalidOperationException	If an exception was thrown.

Usage Examples

Alternative Designs

Risks

[JamesNK]

@noahfalk @lmolkova @trask Hi. I'm adding metrics to ASP.NET Core identity. This issue is for folks to review metrics and their names. Feedback welcome on how well names match semantic conventions.

(there are quite a few metrics so I've split the review into two issues: https://github.com/dotnet/aspnetcore/issues/62131 and https://github.com/dotnet/aspnetcore/issues/62132)

[noahfalk]

Mostly this looked fine to me, but I did have some confusion on when I would expect the 'authenticate' metric to be incremented. The other metrics seemed to correspond relatively well with various public APIs on the SigninManager where 'authenticate' is implied by some but not all of the SignIn APIs. I'm guessing conceptually the sign_in_principal is a case where we consider authentication to have already occurred externally vs. 'authenticate' are the places where authentication occurs inline with the sign in? If so a bit of explanatory text in the authenticate metric description might help clarify for devs that aren't very familiar in the space like me.

[JamesNK]

Improved counter descriptions for authenticate and check_password.

[halter73]

API Review Notes:

• Could aspnetcore.identity.sign_in.refresh be a new "refresh" sign_in.type instead? Maybe
• Could aspnetcore.identity.sign_in.sign_in_principal and aspnetcore.identity.sign_in.sign_out_principal be removed given that it's covered by similar metrics in AuthenticationServiceImpl which Identity calls through to?
  • If we keep it, can we provide a better description for aspnetcore.identity.sign_in.sign_in_principal to indicates that it only increments, and does not decrement when a user signs out or the session expires.