MSDN talks about how credit card information can be accidentally logged during a trace . But the same article explains that “known” personally identifiable information is not recorded.
What would I like to know if there is a way to “flag” DataContract elements as PII in order to use the built-in .net feature to filter PII from traces and logs? I think the answer is no, because the user names and passwords that I suspect are part of the authentication steps, not part of the data contracts that follow authentication.
Despite this, is there any built-in .net attribute, I can annotate the data contract data or serializable class members, which means "hey, this is a secret security attribute, be careful!"
source share