login
-
I have created a .net 2.0 windows application. Trusted connection to connect to sql server. Using sql server System_User, the application gets the loginname for the user in sql server. Now I have created webservices to be used in this project. It seems that I can not use my existng method (Trusted connection) to get the loginName of the user. So in sql server, created a webuser account. Everyone now is using the system using the webuser account. But, this way I do not know exactly which user is using the application because all I see is webuser hitting the database through the application. How do you suggest I log the users? I was thinking may be I should create roles on the network. i.e. NormalUsers, managers, chairmen, etc,... Then add the appropriate users to these roles on the network. I can then create a login screen. Windows application can then find the user identity. This user can then be traced from the users table in sql server and get it's ID. ID can be used to be inserted into the Audit table. What do you think please? THnaks
-
I have created a .net 2.0 windows application. Trusted connection to connect to sql server. Using sql server System_User, the application gets the loginname for the user in sql server. Now I have created webservices to be used in this project. It seems that I can not use my existng method (Trusted connection) to get the loginName of the user. So in sql server, created a webuser account. Everyone now is using the system using the webuser account. But, this way I do not know exactly which user is using the application because all I see is webuser hitting the database through the application. How do you suggest I log the users? I was thinking may be I should create roles on the network. i.e. NormalUsers, managers, chairmen, etc,... Then add the appropriate users to these roles on the network. I can then create a login screen. Windows application can then find the user identity. This user can then be traced from the users table in sql server and get it's ID. ID can be used to be inserted into the Audit table. What do you think please? THnaks
If it's an internal network and you have a domain, I would just use integrated security. To handle database access you can either impersonate a user temporarily, use a SQL server login, or give the users themselves access to the database. That prevents you from having to use a login screen but still gives you access to their identities. In case you're not on a domain, you'll have to create a login page and roles and manage all of that. There should be plenty of examples out there on how to do that.