Solved

ASP.NET recording user id in SQL Server

Posted on 2012-03-13
9
415 Views
Last Modified: 2012-03-14
Hello,

I have a simple ASP.NET page that I want to capture the AD account a user is logged in with and record it in a SQL Server database.   I have the following SQLDataSource defined below.   I tried using SUSER_SNAME(), but realized that this only provided the account that I used to establish the database connection and not the AD account.   Is there an easy way to get the AD account and pass it into a Insert Parameter?   Does anyone have an example?

Thanks!
john


<asp:SqlDataSource ID="insTransaction" runat="server" ConnectionString="<%$ ConnectionStrings:MARTConnectionString %>"
     
InsertCommand="INSERT INTO TT_TRANS(ProjID, EmpID, TRANDATE, Hours, Description, Billed, CreatedBy) VALUES (@ProjID, @EmpID, @TDate, @Hours,@Desc,'N',SUSER_SNAME() )"
oninserted="insTransaction_Inserted">

<InsertParameters>
<asp:ControlParameter ControlID="DropDownList2" Name="ProjID" PropertyName="SelectedValue" />
<asp:ControlParameter ControlID="DropDownList1" Name="EmpID" PropertyName="SelectedValue" />
<asp:ControlParameter ControlID="TextBox1" Name="TDate" PropertyName="Text" />
<asp:ControlParameter ControlID="TextBox2" Name="Hours" PropertyName="Text" />
<asp:ControlParameter ControlID="TextBox3" Name="Desc" PropertyName="Text" />
</InsertParameters>
</asp:SqlDataSource>
0
Comment
Question by:jzlamal
  • 7
  • 2
9 Comments
 
LVL 35

Expert Comment

by:YZlat
ID: 37715236
first you will need to disable anonymous access and then use  User.Identity.Name  to retrieve the windows logged in name
0
 
LVL 35

Accepted Solution

by:
YZlat earned 500 total points
ID: 37715297
actually this

System.Security.Principal.WindowsIdentity.GetCurrent.Name

will giv you your currently logged in user in the format DOMAIN\Username
0
 

Author Comment

by:jzlamal
ID: 37715320
Sorry, but I am new to ASP.NET.   How would I put this into the insert parameter for the SQLDatasource?  Can you give me an example?

Thank you!
John
0
 
LVL 35

Expert Comment

by:YZlat
ID: 37715321
to get username without domain use

Dim usr, arrusr() As String
        usr = System.Security.Principal.WindowsIdentity.GetCurrent.Name
        arrusr = usr.Split("\")
        usr = arrusr(1)

Open in new window

0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 
LVL 35

Expert Comment

by:YZlat
ID: 37715347
try this:

InsertCommand="INSERT INTO TT_TRANS(ProjID, EmpID, TRANDATE, Hours, Description, Billed, CreatedBy) VALUES (@ProjID, @EmpID, @TDate, @Hours,@Desc,'N',System.Security.Principal.WindowsIdentity.GetCurrent.Name.Substring(System.Security.Principal.WindowsIdentity.GetCurrent.Name.IndexOf("\") + 1))" 
oninserted="insTransaction_Inserted">

Open in new window

0
 
LVL 35

Expert Comment

by:YZlat
ID: 37715403
or try something like this:

InsertCommand="INSERT INTO TT_TRANS(ProjID, EmpID, TRANDATE, Hours, Description, Billed, CreatedBy) VALUES (@ProjID, @EmpID, @TDate, @Hours,@Desc,'N',@ADUser )" 
oninserted="insTransaction_Inserted">

<InsertParameters>
<asp:ControlParameter ControlID="DropDownList2" Name="ProjID" PropertyName="SelectedValue" />
<asp:ControlParameter ControlID="DropDownList1" Name="EmpID" PropertyName="SelectedValue" />
<asp:ControlParameter ControlID="TextBox1" Name="TDate" PropertyName="Text" />
<asp:ControlParameter ControlID="TextBox2" Name="Hours" PropertyName="Text" />
<asp:ControlParameter ControlID="TextBox3" Name="Desc" PropertyName="Text" />
<asp:ControlParameter Name="ADUser" PropertyName="Text" DefaultValue='<% System.Security.Principal.WindowsIdentity.GetCurrent.Name.Substring(System.Security.Principal.WindowsIdentity.GetCurrent.Name.IndexOf("\") + 1))
oninserted="insTransaction_Inserted">
%>'> />
</InsertParameters>
</asp:SqlDataSource>

Open in new window

0
 
LVL 35

Expert Comment

by:YZlat
ID: 37715444
or you can do that from code using

insTransaction.InsertParameters("ADUser").DefaultValue = System.Security.Principal.WindowsIdentity.GetCurrent.Name.Substring(System.Security.Principal.WindowsIdentity.GetCurrent.Name.IndexOf("\") + 1))

Open in new window

0
 

Author Comment

by:jzlamal
ID: 37715618
Tried to use the example with the ADUser control parameter.   Is there a different type of parameter I should be using?   When I tried this, it said I needed to specify the controlid....  

Thanks!
John
0
 
LVL 35

Expert Comment

by:YZlat
ID: 37715688
can you post the code for the rest of your page?
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

In this Article, I will provide a few tips in problem and solution manner. Opening an ASPX page in Visual studio 2003 is very slow. To make it fast, please do follow below steps:   Open the Solution/Project. Right click the ASPX file to b…
One of the pain points with developing AJAX, JavaScript, JQuery, and other client-side behaviors is that JavaScript doesn’t allow for cross domain request for pulling content. For example, JavaScript code on www.johnchapman.name could not pull conte…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now