开发者

Retrieving the login name in SQL Server via an Asp.NET application using Windows Authentication

开发者 https://www.devze.com 2023-04-01 12:14 出处:网络
Here is the scenario. The database server DBServer (SQL Server 2008) is on box 1 and the web server running an ASP.NET application is on box 2 (IIS 7.5).
相关专题:asp.netiis-7.5impersonationsql-server-2008windows-authentication

Here is the scenario. The database server DBServer (SQL Server 2008) is on box 1 and the web server running an ASP.NET application is on box 2 (IIS 7.5).

The ASP.NET is using windows authentication so that all domain users are able to log in to the application using their windows credentials.

I am trying to get the name of the user who logged on the ASP.NET in DBServer. There is a trigger on each of DBServer's tables to audit the user who updates or inserts data, and currently that user name is retrieve by this:

select SYSTEM_USER

However, this statement always returns the name of the DBServer rat开发者_运维知识库her than the logged on user.

I have also tried several other possible solutions:

  1. Enable the Impersonate. However, "select SYSTEM_USER" always returns impersonated user's name.
  2. Run the ASP.NET application as a specific identity in application pool. Still, "select SYSTEM_USER" returns the identity's name.

It seems to me there is no way to get the logged on user name for this situation. Any idea?

Thanks in advance!

As a workaround, perhaps you could pass the Windows username into your stored procedures (assuming you are controlling data access via stored procedures). Or you could pass it in via the connection string using a "thwartable" property like Application Name... when a user logs into the app, have their session build & use a connection string dedicated to them, e.g.

...;Initial Catalog=dbname;Application Name=<inject login name here>;...

Now you can pick this data up by session_id from sys.dm_exec_sessions.program_name.

As a caveat, this means you can no longer identify the application through this property. If you want to continue doing this, you could decide to stuff both the app name and the login name into this property and split it out when doing the auditing. This way you can still have traces etc. identify the web app by using like instead of =.

(Note that this column is limited to 128 characters.)

I am sure there is a way to set IIS to pass your credentials onto SQL Server, I just haven't done it. You may want to look into this article.

0

上一篇:

:下一篇

更多 问答 相关资讯:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

    关注公众号

    热门标签

    图文推荐

    Delphi - Custom drawing a message list

    Delphi - Custom drawing a message list
    C++ header-only include pattern

    C++ header-only include pattern
    IE7 Margin Collapses Into Padding

    IE7 Margin Collapses Into Padding
    in CoffeeScript, how can I use a variable as a key in a hash?

    in CoffeeScript, how can I use a variable as a key in a hash?
    Interactive visualization of a graph in python [closed]

    Interactive visualization of a graph in python [closed]
    How to customise PHP MYSQL tables?

    How to customise PHP MYSQL tables?
    High quality, simple random password generator

    High quality, simple random password generator
    Image Recognition ApI in android

    Image Recognition ApI in android

    开发者开发者网给大家分享系统运维,大数据运维,云计算,编程开发技巧,路由交换,运维和开发相关的资讯及技术文章,同时StackOverflow中文社区,知识经验交流分享。

    法律声明:本站内容均为网友上传,网站举办方负责审核和监督,如存在版权或非法内容,欢迎举报,我们将尽快予以删除。邮箱:devze@qq.com

    Copyright © 2018-2020 开发者. All rights reserved. Powered by 开发者ICP备案号: 京ICP备10032868号-9