审核Web应用程序中的数据 [英] Auditing data from Web application

问题描述

你好，



我是.NET新手。我开始研究由其他开发人员开发的MVC 3.0 Web应用程序。我需要添加审计功能，以便将更改的历史数据（记录创建，更新和删除）保存到oracle数据库中。

实施审计/历史货运的最佳方法是什么？

该应用程序包含：

实体项目（包含具有普通属性的实体类） ）
IntranetServices（WCF，带有插入，更新和删除数据到数据库的方法）

UI（包含控制器，视图和帮助程序的MVC（例如IntranetServiceProxi ...）



另外。我需要开发动态报告来从审计表（或表）中提取数据？编写这些报告的最佳方法是什么？



谢谢



Innes

Hello,

I am new in .NET. I started to work on MVC 3.0 web application which was developed by other developer. I need to add auditing functionality to save changing history data (record creation, updates and deletes) into oracle database.
What is the best method for implementing Audit/history trucking?
The application contains:
Entity project ( which contain entity classes with plain properties)
IntranetServices (WCF with methods for inserting, updating and deleting data into database)
UI (MVC which contains controllers, views and helpers (e.g. IntranetServiceProxi...)

Also. I need to develop dynamic report to extract data from auditing table (or tables)? What is the best way to write these reports?

Thanks

Innes

推荐答案

所以这通常是一个问我在哪里先问告诉我你尝试了什么。但我想我在很好的时候看到了这个我正在寻找的事情。还要注意，你提到使用oracle ...我是一个sql server所以我的例子是针对sql server的。我假设你是一个非常敏锐的人，可以做任何改变可能需要让它在oracle中工作。



这绝不是你必须如何实现你所要求的......它只是我的意思花了10分钟左右后会考虑一下。



我做了什么。



- 创建审计表来保存审计数据

- 在c＃中创建一个需要2个对象的方法。 1个对象是对象的原始实例。第二个是一个新对象，它包含对原始对象所做的所有更改。

-此方法返回ObjectDiff列表，它是对象之间的更改列表。然后，您将对此列表执行for / foreach循环并将更改保存到数据库。





1）审计表格

So this is normally a question where i would first ask "show me what you''ve tried". But I guess i saw this at a good time where i was looking for something to do. Also note, you mention using oracle...im a sql server guy so my examples are geared towards sql server. I am assuming you are an itelligent person and can make any changes that may need to be made for it to work in oracle.

This by no means is how you have to implement what you are asking...its simply what i would do after spending 10 minutes or so giving it some thought.

What i''ve done.

- Created audit tables to hold audited data
- Created a method in c# that will take an 2 objects. 1 object being the original instance of the object. The second is a new object that contains all changes made to original object.
-This method returns a list of ObjectDiff, being a list of changes between the objects. You would then do a for/foreach loop over this list and save the changes to a database.


1) Audit Tables

CREATE TABLE MyData
(
    ID int IDENTITY(1,1) NOT NULL Primary Key,
    Firstname varchar(200) NULL,
    Lastname varchar(200) NULL,
    Street varchar(100) NULL,
    City varchar(100) NULL,
    State varchar(2) NULL,
    DateCreated DateTime NULL
) ON [PRIMARY]

CREATE TABLE AuditMyData
(
    ID int IDENTITY(1,1) NOT NULL Primary Key,
    Username varchar(100) NULL, -- assuming you want to know who made the changes
    FieldName varchar(100) NULL, -- would be the field name from MyData table that was change. Ex: Street or City, or Firstname
    OldValue varchar(1000) NULL,
    NewValue varchar(1000) NULL,
    DateCreated DateTime NULL
)  ON [PRIMARY]

2）C＃/ Data Objects中的Diff Utils

2) Diff Utils in C#/Data Objects

public static List<ObjectDiff> Diff<t>(T oldObj, T newObj)
{
    List<ObjectDiff> listChanges = new List<ObjectDiff>();

    int count = oldObj.GetType().GetProperties().Count();
    string oldValue = null;
    string newValue = null;

    for (int i = 0; i < count; i++)
    {
        oldValue = oldObj.GetType().GetProperties()[i].GetValue(oldObj, null).SafeString();
        newValue = newObj.GetType().GetProperties()[i].GetValue(newObj, null).SafeString();
        string fieldname = oldObj.GetType().GetProperties()[i].Name;

        if (oldValue != newValue && fieldname != "ID")
        {
            listChanges.Add(new ObjectDiff { Fieldname = oldObj.GetType().GetProperties()[i].Name, 
                                             NewValue = newObj.GetType().GetProperties()[i].GetValue(newObj, null).SafeString(), 
                                             OldValue = oldObj.GetType().GetProperties()[i].GetValue(oldObj, null).SafeString() });
        }
    }

    return listChanges;
}

public class ObjectDiff
{
    public string Fieldname { get;set;}
    public string NewValue {get;set;}
    public string OldVale {get;set;}
}

public static class Extensions
{

    public static string SafeString(this object value)
    {
        return value == null ? "" : value.ToString();
    }
}

public class MyData
{
    public string Firstname {get;set;}
    public string Lastname {get;set;}
    public string Street {get;set;}
    public string City {get;set;}
    public string State {get;set;}
    public DateTime DateCreated {get;set;}
}
</t>

3）用法

3) Usage

MyData originalData = new MyData
{
    Firstname = "David",
    Lastname = "Wimbley",
    Street = "100 Main Street",
    City = "Tampa",
    State = "FL",
    DateCreated = DateTime.Now
};

MyData changedData = new MyData
{
    Firstname = "Thomas",
    Lastname = "Williams",
    Street = "100 Main Street",
    City = "Orlando",
    State = "FL",
    DateCreated = DateTime.Now
};

List<ObjectDiff> listDiff = YourClass.Diff<MyData>(originalData, changedData);

foreach(var diff in listDiff)
{
    //Save your changed data to AuditMyData Table
    //Example sql
    // INSERT INTO AuditMyData (Username, FieldName, OldValue, NewValue, DateCreated) VALUES ('MyUser', 'Firstname', 'David', 'Thomas', GETDATE());
}

备注/免责声明



总的来说，大部分代码都是未经测试的，但在眼球中它应该有效。此外，有100种方法可以做任何事情。我绝不是说我的是正确的。这就是我在这里作为演示一起拍的东西。您可以在SQL中有3个用于审计的表，MyData，MyDataStaging，AuditMyData，然后在存储过程中执行数据Diff ...这就是您可以执行的另一个示例。

NOTES/DISCLAIMER

By and large, most of this code is untested but in eyeballing it...it should work. Also, There are 100 ways to do everything. By no means am i saying mine is correct. It is simply what i slapped together here as a demo. You could have 3 tables in SQL for auditing, MyData, MyDataStaging, AuditMyData and then do the data Diff in a stored procedure...so thats just another example of what you "could" do.

这篇关于审核Web应用程序中的数据的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！