Set up App and API Protection for .NET on Windows
This product is not supported for your selected
Datadog site. (
).
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、
お気軽にご連絡ください。
You can enable App and API Protection for .NET services with the following setup options:
- If your .NET service already has APM tracing set up and running, then skip to service configuration.
- If your .NET service doesn't have APM tracing set up, you can easily enable App and API Protection with Datadog's Automatic Installation.
- Otherwise, continue reading the manual setup instructions below.
Overview
App and API Protection leverages the Datadog .NET library to monitor and secure your .NET service. The library integrates seamlessly with your existing application without requiring code changes.
For detailed compatibility information, including supported DOTNET versions, frameworks, and deployment environments, see .NET Compatibility Requirements.
This guide explains how to set up App and API Protection (AAP) for .NET applications. The setup involves:
- Installing the Datadog Agent.
- Enabling App and API Protection monitoring.
- Running your .NET application with the Datadog Agent.
- Verifying the setup.
Prerequisites
- Windows operating system
- .NET application
- Administrator privileges for some configuration steps
- Your Datadog API key
- Datadog .NET tracing library (see version requirements here)
1. Installing the Datadog Agent
Install the Datadog Agent by following the setup instructions for Windows hosts.
2. Enabling App and API Protection monitoring
Automatically enabling App and API Protection through Remote Configuration
You can enable remote configuration on your services dashboard.
Simply check the box for the service you want to enable App and API Protection for under "Activate on your APM services".
Manually enabling App and API Protection monitoring
Download the latest Datadog .NET Tracer MSI Installer that supports your operating system and architecture and install it with Administrator privileges.
To enable AAP alongside with APM, add the following Environment Variables:
To disable APM tracing while keeping App and API Protection enabled, add the following Environment Variables:
DD_APPSEC_ENABLED=true
DD_APM_TRACING_ENABLED=false
3. Run your application
Start your .NET application with the previous settings.
Restart IIS
net stop /y was
net start w3svc
# Also, start any other services that were stopped when WAS was shut down.
Note: The .NET runtime tries to load the .NET library into any .NET process that is started with these environment variables set. You should limit instrumentation to only the applications that need to be instrumented. Don't set these environment variables globally as this causes all .NET processes on the host to be instrumented.
Set the following required environment variables for automatic instrumentation to attach to your application and relaunch it:
Note: The .NET runtime tries to load the .NET library into any .NET process that is started with these environment variables set. You should limit instrumentation to only the applications that need to be instrumented. Don't set these environment variables globally as this causes all .NET processes on the host to be instrumented.
Set the following required environment variables for automatic instrumentation to attach to your application and relaunch it:
CORECLR_ENABLE_PROFILING=1
4. Verify setup
To verify that App and API Protection is working correctly:
- Send some traffic to your application
- Check the Application Signals Explorer in Datadog
- Look for security signals and vulnerabilities
Troubleshooting
For a more detailed, see the Datadog Tracer installation guide for .NET Framework or the Datadog Tracer installation guide for .NET Core.
If you encounter issues while setting up App and API Protection for your .NET application, see the .NET App and API Protection troubleshooting guide.
Further Reading
