Include sensitive data in Entity Framework logging by setting EnableSensitiveDataLogging

When we turn on logging in Entity Framework, by default it won’t output sensitive information such as query parameter values for security reasons.

The EnableSensitiveDataLogging method can be used to tell EF to log these sensitive values. This can be helpful during development and debugging. However, enabling this in production can expose sensitive data, so you need to be cautious about where and when you use it.

There are a couple of different ways to set EnableSensitiveDataLogging to true depending on how you are configuring your DbContext class …

Enabling EnableSensitiveDataLogging in the DbContext OnConfiguring method

Enabling EnableSensitiveDataLogging in ASP.NET DI ConfigureServices method

Enabling EnableSensitiveDataLogging for a standalone DbContext

Note in the above examples, I’ve explicitly passed in true to the .EnableSensitiveDataLogging method. Technically this isn’t needed as true is the default, but I’d still recommend including it just for extra clarity.

Leave a Reply

Your email address will not be published. Required fields are marked *