SQL Data Auditing on ASP.NET Web App using SQL Authentication

Question

My ASP.NET web application is using SQL authentication to connect to the database. I'm familiar with the use of triggers to audit the data changes however there is one key piece of data that I just don't know how to get...

Since the connection is using SQL Auth, all of the changes will belong to that SQL user account rather than my users...

How do I get the domain username for the employee who is actually making the change to show up in the audit log?

This is an example of the trigger based auditing I'm referring to. http://weblogs.asp.net/jgalloway/archive/2008/01/27/adding-simple-trigger-based-auditing-to-your-sql-server-database.aspx

Answer 1

I know that the SO article How to Obtain Domain User Name when connecting via SQL Authentication has already been referenced, but that doesn't mean that you cannot do what you want. It simply means that it gets a bit more complicated.

What I have done in the past is included a field for "Last Changed By" or something like that. I made it a standard field (like DateCreated and DateModified usually are). I then included it in every stored proc (the only way I write data to SQL). That way the web application (or whatever) can pass in the actual person logged in when they write the data. Then, my trigger can capture that field and put it in the audit table. Now I know who made every change.

Please be aware, however, that you are relying on the caller to properly inform you of who is writing to the database. The stored proc won't know if you are "impersonating" someone else. However, if you control the places that call that proc, you are fine.