使用SQL审核Web应用程序中的应用程序用户活动 [英] Auditing the application users activity in web application in SQL

问题描述

Our Web application is hosted in a public server through IIS. Our requirement is we need to audit the application user's activities.

We have a SQL database ,All the users details will be in User table .When these users logging into the application, the connection will established through common SQL login called sql_user for all the users to the database.So we need to monitor what are the records are shown by the particular user for security purpose.

For Example: user A login and see the patient's records in application by search in a module. User B logins and see another patient's records .So we need a track to what are the records are seen by the different user.

我尝试过的事情:

我尝试了SQL Server审核，但是对于所有应用程序用户，它仅将通用的sql_user显示为User.

What I have tried:

I tried the SQL server Auditing but it only show the common sql_user as User for all the application users.

推荐答案

您不能使用SQL审核，因为每个人都使用同一个帐户从SQL Server获取数据.

您必须备份到网站控制器的链.这是您的代码在向数据库发出请求之前可以区分用户的最后一个位置.如果要跟踪哪些用户正在请求和/或修改哪些数据，则必须将审核代码写入网站控制器代码中.

You cannot use SQL auditing since everyone is using the same account to get data from the SQL server.

You have to go back up the chain to your website controllers. This is the last place where your code can differentiate users before making requests to the database. Your auditing code has to be written into your website controller code if you want to track which users are requesting and/or modifying which data.

这篇关于使用SQL审核Web应用程序中的应用程序用户活动的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！