Audit data in SQL Server when the connection is done through IIS and the users is ...

  • Hello to all. We have an issue when auditing a database. Here is the case and thank you in adavance for any suggestion!!!!!!!

    Audit data in SQL Server when the connection is done through IIS and the user is a generic user set by the developrs within the application.

    If I lgin I enter my user ID and that is valiudated at the application level, but the connection is done through the generic user.

    Let's say the generic user is "test". We set our own audit triggers as well as used APEXSQL to get audit information.

    Both approaches, mine and APEX, uses SQL Server or Windows authentication, which will return the user as "test" Not the real user, of course. As I said before, the real user is connected to the application using a web server, so my apporoach as well as APEX identify the user as "test" and the machine name as "webservername"

    Is there any way we can read the real user which is authenticated at the application level?

    The audit part is fine, but identifying the user has been my bottleneck for the past few days and I can't figure out how can I do that. Sent message to APEX and they said, they do not know because their application uses, as I did, windows or SQL Server authentication.

    Any help is and will be greatly appreciated. Thank you

  • If I understand your problem very well, it looks like something i have experienced alog time ago. I can't remember all the details now but I can pouit you in a general direction. What you need to do is to go to administrative tools on the IIS server and run the IIS manager. When the manager comes up, right click on the default web site and select properties. From the box tha comes up, choose Directory security tab abd read carefuuly the choice that are there. That is where IIS determines the login to use in connecting to the SQL Server. I think the help button on that page should explain the choice available to you.

     

    I hope this helps.

  • Thank you! I will check that out and really hope it take us in right direction. 

  • if there truly is a generic account, you need to use business logic to stamp "who" the user is.

  • Thanks Steve. Would you please elaborate this? Doyou have a simple example on how to apply? Appreciated. Thank you

Viewing 5 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic. Login to reply