473,837 Members | 1,993 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Audit trail for web application

Hello,
I have been assigned the task to design the audit trail for the ASP.NET web
application. I don't know what the best practices for such audit trails are.
Our application one dedicated user name and password to perform the database
operations. I need to capture all the operations which are performed on the
database. Also I need to able to capture the operations which directly
performed on the backend directly using the tools like enterprise manager,
query analyzer, etc. And also the data for the action should be captured in
some set of tables, but not in the form of BLOB, so that if the admin want
to know what are the various things the user did during the particular
session then that should be reproduced in the form of report. Does any
anybody have any idea of how to do such task? Any tips will be helpful.

I am trying one approach with the help of triggers. But the problem with
this approach is that I am not able to store all the information need to
reproduce the same output if I try to generate report for the particular
session.

Thanks and Regards,
Parag Kulkarni,
India
Email pa************@ persistent.co.i n

Nov 19 '05 #1
6 5854
This is more of a SQL Server question than an ASP.NET question. The problem
with implenting auditing at the application level or using table triggers is
that it is very programming intensive and difficult to cover every point of
database entry. Every time the data model changes, you would need to go back
and revise the audit programming. Go to MSDN and read up on SQL Server
Profiler. It can trap various events and output the log to a SQL Server
table. There are also 3rd party database auditing tools that should do
exactly what you need.

"Parag" <pa************ @persistent.co. in> wrote in message
news:OR******** ******@TK2MSFTN GP15.phx.gbl...
Hello,
I have been assigned the task to design the audit trail for the ASP.NET web application. I don't know what the best practices for such audit trails are. Our application one dedicated user name and password to perform the database operations. I need to capture all the operations which are performed on the database. Also I need to able to capture the operations which directly
performed on the backend directly using the tools like enterprise manager,
query analyzer, etc. And also the data for the action should be captured in some set of tables, but not in the form of BLOB, so that if the admin want
to know what are the various things the user did during the particular
session then that should be reproduced in the form of report. Does any
anybody have any idea of how to do such task? Any tips will be helpful.

I am trying one approach with the help of triggers. But the problem with
this approach is that I am not able to store all the information need to
reproduce the same output if I try to generate report for the particular
session.

Thanks and Regards,
Parag Kulkarni,
India
Email pa************@ persistent.co.i n

Nov 19 '05 #2
Hi,
Thanks for the reply. Can you please tell me what are the best practices
that are followed in web application in .NET to implement the Audit trail ?
Is there any other way to implement it? It will be of greate help to me if
you could just point out what are the best practices to implement audit
trails for web applications.

Regards,
Parag

"bradley" <so*****@micros oft.com> wrote in message
news:uK******** ******@TK2MSFTN GP15.phx.gbl...
This is more of a SQL Server question than an ASP.NET question. The
problem
with implenting auditing at the application level or using table triggers
is
that it is very programming intensive and difficult to cover every point
of
database entry. Every time the data model changes, you would need to go
back
and revise the audit programming. Go to MSDN and read up on SQL Server
Profiler. It can trap various events and output the log to a SQL Server
table. There are also 3rd party database auditing tools that should do
exactly what you need.

"Parag" <pa************ @persistent.co. in> wrote in message
news:OR******** ******@TK2MSFTN GP15.phx.gbl...
Hello,
I have been assigned the task to design the audit trail for the ASP.NET

web
application. I don't know what the best practices for such audit trails

are.
Our application one dedicated user name and password to perform the

database
operations. I need to capture all the operations which are performed on

the
database. Also I need to able to capture the operations which directly
performed on the backend directly using the tools like enterprise
manager,
query analyzer, etc. And also the data for the action should be captured

in
some set of tables, but not in the form of BLOB, so that if the admin
want
to know what are the various things the user did during the particular
session then that should be reproduced in the form of report. Does any
anybody have any idea of how to do such task? Any tips will be helpful.

I am trying one approach with the help of triggers. But the problem with
this approach is that I am not able to store all the information need to
reproduce the same output if I try to generate report for the particular
session.

Thanks and Regards,
Parag Kulkarni,
India
Email pa************@ persistent.co.i n


Nov 19 '05 #3
Auditing SQL Server Activity:
http://msdn.microsoft.com/library/de...urity_2ard.asp

Monitoring with SQL Profiler:
http://msdn.microsoft.com/library/de..._perf_86ib.asp
"Parag" <pa************ @persistent.co. in> wrote in message
news:OQ******** ******@TK2MSFTN GP14.phx.gbl...
Hi,
Thanks for the reply. Can you please tell me what are the best practices that are followed in web application in .NET to implement the Audit trail ? Is there any other way to implement it? It will be of greate help to me if
you could just point out what are the best practices to implement audit
trails for web applications.

Regards,
Parag

"bradley" <so*****@micros oft.com> wrote in message
news:uK******** ******@TK2MSFTN GP15.phx.gbl...
This is more of a SQL Server question than an ASP.NET question. The
problem
with implenting auditing at the application level or using table triggers is
that it is very programming intensive and difficult to cover every point
of
database entry. Every time the data model changes, you would need to go
back
and revise the audit programming. Go to MSDN and read up on SQL Server
Profiler. It can trap various events and output the log to a SQL Server
table. There are also 3rd party database auditing tools that should do
exactly what you need.

"Parag" <pa************ @persistent.co. in> wrote in message
news:OR******** ******@TK2MSFTN GP15.phx.gbl...
Hello,
I have been assigned the task to design the audit trail for the ASP.NET

web
application. I don't know what the best practices for such audit trails

are.
Our application one dedicated user name and password to perform the

database
operations. I need to capture all the operations which are performed on

the
database. Also I need to able to capture the operations which directly
performed on the backend directly using the tools like enterprise
manager,
query analyzer, etc. And also the data for the action should be captured
in
some set of tables, but not in the form of BLOB, so that if the admin
want
to know what are the various things the user did during the particular
session then that should be reproduced in the form of report. Does any
anybody have any idea of how to do such task? Any tips will be helpful.

I am trying one approach with the help of triggers. But the problem

with this approach is that I am not able to store all the information need to reproduce the same output if I try to generate report for the particular session.

Thanks and Regards,
Parag Kulkarni,
India
Email pa************@ persistent.co.i n



Nov 19 '05 #4
Parag wrote:
Hi,
Thanks for the reply. Can you please tell me what are the best practices
that are followed in web application in .NET to implement the Audit trail ?
Is there any other way to implement it? It will be of greate help to me if
you could just point out what are the best practices to implement audit
trails for web applications.

Regards,
Parag


Triggers are the only thing you have available which meets your
requirement to trap everything including backend changes made through
Enterprise Manager or Query Analyzer.

OmniAudit will do it all for every table in your database in a couple of
minutes. If your schema changes, press one button and audit triggers are
synchronized again.

http://www.krell-software.com/omniaudit

Contact me at in**@krell-software.com about an add-on which lets you
track application users independently when a single SQL Server login is
shared.

Steve Troxell
http://www.krell-software.com
Nov 19 '05 #5
Parag wrote:
I am trying one approach with the help of triggers. But the problem with
this approach is that I am not able to store all the information need to
reproduce the same output if I try to generate report for the particular
session.


What information were you not able to get with triggers?
OmniAudit will build audit triggers for every table in your database in
a couple of minutes. If your schema changes, press one button and audit
triggers are synchronized again.

http://www.krell-software.com/omniaudit

Contact me at in**@krell-software.com about an add-on which lets you
track application users independently when a single SQL Server login is
shared, or for any other questions about meeting your needs.

Steve Troxell
http://www.krell-software.com
Nov 19 '05 #6
Hi,
Thanks for the links . But My problem will not be solved using any of
them. Here is my problem statement in short :
1. I have my application data distributed across different tables in the
database in the normalized form.
2. When the user perform any CRUD( 1 unit operation) then the data that is
operated is obtained by performing the joins of multiple tables.
3. Every module of my application is programmed to perform joins as per its
needs directly on the tables.
4. I have read of "INSTEAD OF triggers" in SQL server 2000. They seem to be
useful but they will require huge code restructuring as I will have to
create a partitioned view for its use and point every thing in each module
to that view rather than the database tables directly.
So is there any other way to perform audit trail in such situation ?
Looking forward for the response.
Thanks ,
Parag Kulkarni

"bradley" <so*****@micros oft.com> wrote in message
news:eV******** ******@TK2MSFTN GP09.phx.gbl...
Auditing SQL Server Activity:
http://msdn.microsoft.com/library/de...urity_2ard.asp

Monitoring with SQL Profiler:
http://msdn.microsoft.com/library/de..._perf_86ib.asp
"Parag" <pa************ @persistent.co. in> wrote in message
news:OQ******** ******@TK2MSFTN GP14.phx.gbl...
Hi,
Thanks for the reply. Can you please tell me what are the best

practices
that are followed in web application in .NET to implement the Audit trail

?
Is there any other way to implement it? It will be of greate help to me
if
you could just point out what are the best practices to implement audit
trails for web applications.

Regards,
Parag

"bradley" <so*****@micros oft.com> wrote in message
news:uK******** ******@TK2MSFTN GP15.phx.gbl...
> This is more of a SQL Server question than an ASP.NET question. The
> problem
> with implenting auditing at the application level or using table triggers > is
> that it is very programming intensive and difficult to cover every
> point
> of
> database entry. Every time the data model changes, you would need to go
> back
> and revise the audit programming. Go to MSDN and read up on SQL Server
> Profiler. It can trap various events and output the log to a SQL Server
> table. There are also 3rd party database auditing tools that should do
> exactly what you need.
>
> "Parag" <pa************ @persistent.co. in> wrote in message
> news:OR******** ******@TK2MSFTN GP15.phx.gbl...
>> Hello,
>> I have been assigned the task to design the audit trail for the
>> ASP.NET
> web
>> application. I don't know what the best practices for such audit
>> trails
> are.
>> Our application one dedicated user name and password to perform the
> database
>> operations. I need to capture all the operations which are performed
>> on
> the
>> database. Also I need to able to capture the operations which directly
>> performed on the backend directly using the tools like enterprise
>> manager,
>> query analyzer, etc. And also the data for the action should be captured > in
>> some set of tables, but not in the form of BLOB, so that if the admin
>> want
>> to know what are the various things the user did during the particular
>> session then that should be reproduced in the form of report. Does any
>> anybody have any idea of how to do such task? Any tips will be
>> helpful.
>>
>> I am trying one approach with the help of triggers. But the problem with >> this approach is that I am not able to store all the information need to >> reproduce the same output if I try to generate report for the particular >> session.
>>
>>
>>
>> Thanks and Regards,
>> Parag Kulkarni,
>> India
>> Email pa************@ persistent.co.i n
>>
>>
>>
>
>



Nov 19 '05 #7

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

6
7233
by: Raphael Gluck | last post by:
Hi, Is it possible for one to program one's pages as such that when a database table is updated over the web, via a form, that an e-mail confirmation is sent to a specified address, notifying the update has taken place? If so is there a tutorial out there that is easy to understand and implement? Thanks so much
2
1905
by: Keith | last post by:
Hi I am developing an ASP application which will interact with a SQL database. A requirement of the application is that there is a full audit trail of any modifications to data. I am struggling a bit to get my head round how to do this - just the concept.
3
6298
by: Zlatko Matiæ | last post by:
Hello. I tried to implement audit trail, by making an audit trail table with the following fileds: TableName,FieldName,OldValue,NewValue,UpdateDate,type,UserName. Triggers on each table were set to do the job and everything was fine except that in the audit trail you couldn't know which row exacltly was updated/inserted/deleted...Therefore I introduced 3 additional columnes (RowMark1, RowMark2, RowMark3) which should identify the...
13
4995
by: Jim M | last post by:
I've been playing with Allen Browne's audit code and found it very useful. I need to track record insertions, deletions, and edits for several tables. I am planning to replace Access with Microsoft SQL server for my back end, but continue to use Access for the front end. I understand I can create an audit trail of record changes in SQL at the table level, instead of at the form level in Access. I have been playing with Access since the...
0
1682
by: JimLad | last post by:
Hi, I've been tasked with reviewing the Authentication and Auditing of an application and database. ASP/ASP.NET 1.1 app with SQL Server 2000 database. Separate audit trail database on same server. The system is intranet based and currently uses Basic Authentication on IIS6. The application itself is mostly classic ASP, but has been
0
1392
by: hary08 | last post by:
I have a module copied ftom this site, here it is: Option Compare Database Option Explicit Public Function AuditTrail() On Error GoTo Err_Audit_Trail 'ACC2000: How to Create an Audit Trail of Record Changes in a Form 'http://support.microsoft.com/default.aspx?scid=kb;en-us;197592
3
3788
by: hary08 | last post by:
im doing a database for Hospital Admission, I have a log in form which prompt user for a password. The source of log in is to look for the values in my Table tblEmployees and match user name and password entered.My case now is I have Audit Trail Module which keeps records of modifications and current user, I wanted my audit trail to log the current user based on who has log from based on my Log in Form.please help ty HERES THE CODE FOR ON...
2
3200
by: rockdc1981 | last post by:
I dont it is possible to put this codes together.. I want to prompt the user to save the record and at the same time have a log of audit trail. the codes work out fine separately. Code for Audit Trail Option Compare Database Const cDQ As String = """" Sub AuditTrail(frm As Form, recordid As Control) 'Track changes to data. 'recordid identifies the pk field's corresponding
6
2751
by: babamc4 | last post by:
I have a main form (mainformlung) with 5 subforms (followupacute, followuplate, biochemresults, haemresults and pftresults). I have copied Allen Browne's Audit Trail code (thanks to Allen Browne) and this is working great, edit, insert etc is working bar when I try to delete a record in one of my subforms (I'm in test stage at the mo) I get a run time error 3022 'The changes you requested to the table where not successful because they would...
0
9686
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
0
10581
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
0
10279
tracyyun
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
0
9416
agi2029
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
1
7819
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
0
7007
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
0
5855
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
1
4479
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
2
4053
muto222
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.