SQL Auditing with Single-Sign On Web App? Possible? Best Practices?

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: Erik Mlincek (erikm_at_lcgtech.com)
Date: 04/07/04 

Date: Wed, 7 Apr 2004 10:11:41 -0400

All,

I'm tasked with determining and ultimately implementing the best solution
for generating an audit trail of ALL user activity within a database that is
used for awarding monies. The audit trail must be "fine-grained", in that
it must record some way to tie back to the user, the table, key and row that
was touched and what was done, as well as "old" and "new" values on an
update.

The web app has been developed already and uses a single-sign on between
IIS/.NET and SQL Server. Experience-wise, I am not a web developer, I am a
traditional VB 6.0 and SQL developer who has not "upgraded" to .NET yet -
and I have decent Transact-SQL and SQL Server experience. The web
developers are telling me that it is a best practice to use ONE ID to access
the SQL data between IIS/.NET and SQL Server. Is this True?

I've read everything about the trigger generators and log viewers from
products from ApexSQL, Lumigent, et al, as well as the tech articles about
using triggers to generate the data myself. I know about traces and
profiles from the Profiler but I'm not sure how to implement them or if they
will meet my need. I am leaning towards implementing this myself using
triggers and functions, and developing a VB 6.0 app that uses SQL-DMO to
"apply" the code to any database I specify. I'd like to do it this way for
reusability.

However, my question is this:

How can I get the "fine-grained" auditing that is needed by my requirement
with just a single-user signon? I want to implement this at the
database/server level, and not at the "data services" class level within the
app. Any ideas? Am I reaching for the impossible? Anybody know of a way
to "call" IIS to get user session data / cookies from within a stored
proc??? ;-)

I found this on Oracle's site - do we have anything like this in SQL Server
land?
http://otn.oracle.com/pub/articles/nanda_fga_pt2.html 

-- 
Sincerely,
Erik Mlincek
erikm@lcgtech.com

Relevant Pages

  • Re: Access to Visual Basic Conversion???
    ... As the number of records in this database has grown, ... mentioned that I should start looking at converting the ... >On a typical developer team, ... >to sql server). ...
    (microsoft.public.access.formscoding)
  • Re: SQL 2005 Tools
    ... I have tried my best to warn the manager who authorized this sort of work. ... and I need to know how to use this thing to connect to the database remotely. ... I have already forwarded TCP port 1433 and UDP port 1434 to the SQL server ... a clumsy or inept developer (or ...
    (microsoft.public.sqlserver.connect)
  • Re: SQL Developer Remote Access
    ... The developer doesn't have to have access to SQL Server at all in order to develop the application. ... He can develop locally at their location and when they are ready to deploy they create the database part of the system at your location. ... You just created a> Login ...
    (microsoft.public.windows.server.sbs)
  • SQL Auditing with Single-Sign On Web App? Possible? Best Practices?
    ... for generating an audit trail of ALL user activity within a database that is ... Experience-wise, I am not a web developer, I am a ... and I have decent Transact-SQL and SQL Server experience. ... "apply" the code to any database I specify. ...
    (microsoft.public.sqlserver.server)
  • Re: When MV is not an option
    ... All of his reports ended up on Excel. ... >> He didn't like his data out of synch with the live database, ... but that as soon as you tell a Pick developer that there are ... >>I don't know what google is doing with base.google.com but I'm sure it ...
    (comp.databases.pick)