Log application user name in audit table in sql server

4.3k views Asked by At

I am working on SQL Server.I to have log some of my Table activities..so I had created an Audit Table Like this:

IF NOT EXISTS
(SELECT * FROM sysobjects WHERE id = OBJECT_ID(N'[dbo].[Audit]') 
 AND OBJECTPROPERTY(id, N'IsUserTable') = 1)
   CREATE TABLE Audit 
   (Type CHAR(1), 
   TableName VARCHAR(128), 
   PK VARCHAR(1000), 
   FieldName VARCHAR(128), 
   OldValue VARCHAR(1000), 
   NewValue VARCHAR(1000), 
   UpdateDate datetime, 
   UserName VARCHAR(128))
GO

I have a Table 'Location' on which I created trigger for catching all activities in the Table like this:

ALTER TRIGGER [dbo].[TR_lOCATION_AUDIT] 
ON [dbo].[lOCATION] FOR UPDATE,INSERT,DELETE
AS
  DECLARE @bit INT ,
  @field INT ,
  @maxfield INT ,
  @char INT ,
  @fieldname VARCHAR(128) ,
  @TableName VARCHAR(128) ,
  @PKCols VARCHAR(1000) ,
  @sql VARCHAR(2000), 
  @UpdateDate VARCHAR(21) ,
  @UserName VARCHAR(128) ,
  @Type CHAR(1) ,
  @PKSelect VARCHAR(1000)


--You will need to change @TableName to match the table to be audited. 
-- Here we made GUESTS for your example.
SELECT @TableName = 'lOCATION'

-- date and user
SELECT         @UserName = SYSTEM_USER ,
       @UpdateDate = CONVERT(VARCHAR(8), GETDATE(), 112) 
               + ' ' + CONVERT(VARCHAR(12), GETDATE(), 114)

-- Action
IF EXISTS (SELECT * FROM inserted)
       IF EXISTS (SELECT * FROM deleted)
               SELECT @Type = 'U'
       ELSE
               SELECT @Type = 'I'
ELSE
       SELECT @Type = 'D'

-- get list of columns
SELECT * INTO #ins FROM inserted
SELECT * INTO #del FROM deleted

-- Get primary key columns for full outer join
SELECT @PKCols = COALESCE(@PKCols + ' and', ' on') 
               + ' i.' + c.COLUMN_NAME + ' = d.' + c.COLUMN_NAME
       FROM    INFORMATION_SCHEMA.TABLE_CONSTRAINTS pk ,

              INFORMATION_SCHEMA.KEY_COLUMN_USAGE c
       WHERE   pk.TABLE_NAME = @TableName
       AND     CONSTRAINT_TYPE = 'PRIMARY KEY'
       AND     c.TABLE_NAME = pk.TABLE_NAME
       AND     c.CONSTRAINT_NAME = pk.CONSTRAINT_NAME

-- Get primary key select for insert
SELECT @PKSelect = COALESCE(@PKSelect+'+','') 
       + '''<' + COLUMN_NAME 
       + '=''+convert(varchar(100),
coalesce(i.' + COLUMN_NAME +',d.' + COLUMN_NAME + '))+''>''' 
       FROM    INFORMATION_SCHEMA.TABLE_CONSTRAINTS pk ,
               INFORMATION_SCHEMA.KEY_COLUMN_USAGE c
       WHERE   pk.TABLE_NAME = @TableName
       AND     CONSTRAINT_TYPE = 'PRIMARY KEY'
       AND     c.TABLE_NAME = pk.TABLE_NAME
       AND     c.CONSTRAINT_NAME = pk.CONSTRAINT_NAME

IF @PKCols IS NULL
BEGIN
       RAISERROR('no PK on table %s', 16, -1, @TableName)
       RETURN
END

SELECT         @field = 0, 
       @maxfield = MAX(ORDINAL_POSITION) 
       FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME = @TableName
WHILE @field < @maxfield
BEGIN
       SELECT @field = MIN(ORDINAL_POSITION) 
               FROM INFORMATION_SCHEMA.COLUMNS 
               WHERE TABLE_NAME = @TableName 
               AND ORDINAL_POSITION > @field
       SELECT @bit = (@field - 1 )% 8 + 1
       SELECT @bit = POWER(2,@bit - 1)
       SELECT @char = ((@field - 1) / 8) + 1
       IF SUBSTRING(COLUMNS_UPDATED(),@char, 1) & @bit > 0
                                       OR @Type IN ('I','D')
       BEGIN
               SELECT @fieldname = COLUMN_NAME 
                       FROM INFORMATION_SCHEMA.COLUMNS 
                       WHERE TABLE_NAME = @TableName 
                       AND ORDINAL_POSITION = @field
               SELECT @sql = '
insert Audit (    Type, 
               TableName, 
               PK, 
               FieldName, 
               OldValue, 
               NewValue, 
               UpdateDate, 
               UserName)
select ''' + @Type + ''',''' 
       + @TableName + ''',' + @PKSelect
       + ',''' + @fieldname + ''''
       + ',convert(varchar(1000),d.' + @fieldname + ')'
       + ',convert(varchar(1000),i.' + @fieldname + ')'
       + ',''' + @UpdateDate + ''''
       + ',''' + @UserName + ''''
       + ' from #ins i full outer join #del d'
       + @PKCols
       + ' where i.' + @fieldname + ' <> d.' + @fieldname 
       + ' or (i.' + @fieldname + ' is null and  d.'
                                + @fieldname
                                + ' is not null)' 
       + ' or (i.' + @fieldname + ' is not null and  d.' 
                                + @fieldname
                                + ' is null)' 
               EXEC (@sql)
  END
END

This is working fine.but my last column is username.here I want to get value from my application.(who logged in the application).this application is installed several computer and working on same database,while logging the application I am taking his user name..actually I want to show that user name here..How I can pass that value to here

How I can pass one value from c# application to this .username column I want to show this passed value

any help is very appreciable..

2

There are 2 answers

5
Rajesh On

The answer by @Veera was perfect for Auditing with Unique ID using SQL Server but as you have mentioned C# application you can Create a Static class that holds the User name and any other variables needed across the application .

In your case it would be something like:

public static class UserInfo
{
    public static string UserID;
}

Now get the UserID during the User logs in using the Login form,

UserInfo.UserID=Textbox1.Text;

then you can access the UserID from anywhere in your code:

string UserID="";
UserID= UserInfo.UserID

I had shown both cases of with and without SP to Pass UserID from C# Application and store it in the DB

Without SP

Using (SqlConnection sqlconn=new  
SqlConnection(ConfigurationManager.ConnectionStrings["Connection"].ConnectionString))
  {
    DataSet ds=new DataSet()
    byte[] Context_Info;

    sqlconn.open();

     string sql1 = "Select cast('UserID='+CONVERT(varchar(10),@UserID)
     +REPLICATE(' ',128) as varbinary(128)) Context_Info";
     string sql2 = "do Insert / Update / Delete that will fire the trigger";

    using (SqlCommand command = new SqlCommand(sql1,sqlconn))
    {
        //Command 1
        using (SqlDataAdapter da = new SqlDataAdapter(command))
        {
            da.Fill(ds);
            Context_Info=(byte[])ds.Tables[0].Rows[0]["Context_Info"];
        }

    } 
   using (Sqlcommand cmd=new Sqlcommand(sql1,sqlConn))
   {
      //Pass both context info and User id
     cmd.Parameters.AddWithValue("@ContextInfo ",ContextInfo);
     cmd.Parameters.AddWithValue("@UserID",UserID);
     cmd.ExceuteNonQuery();
   } 

}

With SP

Using (SqlConnection Sqlconn=new  
SqlConnection(ConfigurationManager.ConnectionStrings["Connection"].ConnectionString))
{

  Sqlconn.open();

  Using (Sqlcommand cmd=new Sqlcommand())
  {
    cmd.CommandType=CommandType.StoredProcedure;
    cmd.CommandText="Data_Ins_Upd_Del";
    cmd.Parameters.AddWithValue("@UserID",UserID);
    cmd.ExceuteNonQuery();
    cmd.Parameters.Clear();
  } 

}

and in the SQL Server Create an SP like

Create Procedure Data_Ins_Upd_Del
(
@UserID Varchar(50)
)
AS
Begin
Begin Try
Declare @CONTEXT_INFO Varbinary(max)

SET @CONTEXT_INFO =cast('UserID='+CONVERT(varchar(10),@UserID)
+REPLICATE(' ',128) as varbinary(128))

SET CONTEXT_INFO @CONTEXT_INFO

/* Do Insert / Update / Delete that will fire the trigger */

SET CONTEXT_INFO 0x0 

End Try
Begin Catch
    Declare @Errmsg Varchar(max),@ErrSeverity int
    Set @Errmsg=ERROR_MESSAGE()
    Set @ErrSeverity=ERROR_SEVERITY()
    Raiserror(@Errmsg,@ErrSeverity,1)
End Catch
End

and in the Trigger add the below lines

ALTER TRIGGER [dbo].[TR_lOCATION_AUDIT] 
ON [dbo].[lOCATION] FOR UPDATE,INSERT,DELETE
AS
  DECLARE @bit INT ,
  @field INT ,
  @maxfield INT ,
  @char INT ,
  @fieldname VARCHAR(128) ,
  @TableName VARCHAR(128) ,
  @PKCols VARCHAR(1000) ,
  @sql VARCHAR(2000), 
  @UpdateDate VARCHAR(21) ,
  @UserName VARCHAR(128) ,
  @Type CHAR(1) ,
  @PKSelect VARCHAR(1000),
  @UserID  varchar(50), //New Line
  @sCONTEXT_INFO  varchar(128)//New Line

//Start of new Line in Trigger
SELECT @sCONTEXT_INFO=CAST(CONTEXT_INFO() AS VARCHAR) FROM master.dbo.SYSPROCESSES WHERE SPID=@@SPID 

IF Substring(RTRIM(@sCONTEXT_INFO),LEN(RTRIM(@sCONTEXT_INFO))-15,8)  like '%UserID%'
BEGIN 

    SET @UserID=RIGHT(RTRIM(@sCONTEXT_INFO),LEN(RTRIM(@sCONTEXT_INFO))-7) //New Line

END
ELSE 
BEGIN

    RAISERROR('@UserID was not specified',16,1) 
    ROLLBACK TRAN
    RETURN
END 
//End of new Line in Trigger

--You will need to change @TableName to match the table to be audited. 
-- Here we made GUESTS for your example.
SELECT @TableName = 'lOCATION'

-- date and user
SELECT @UserName = @UserID,
       @UpdateDate = CONVERT(VARCHAR(8), GETDATE(), 112) 
               + ' ' + CONVERT(VARCHAR(12), GETDATE(), 114)

-- Action
IF EXISTS (SELECT * FROM inserted)
       IF EXISTS (SELECT * FROM deleted)
               SELECT @Type = 'U'
       ELSE
               SELECT @Type = 'I'
ELSE
       SELECT @Type = 'D'

-- get list of columns
SELECT * INTO #ins FROM inserted
SELECT * INTO #del FROM deleted

-- Get primary key columns for full outer join
SELECT @PKCols = COALESCE(@PKCols + ' and', ' on') 
               + ' i.' + c.COLUMN_NAME + ' = d.' + c.COLUMN_NAME
       FROM    INFORMATION_SCHEMA.TABLE_CONSTRAINTS pk ,

              INFORMATION_SCHEMA.KEY_COLUMN_USAGE c
       WHERE   pk.TABLE_NAME = @TableName
       AND     CONSTRAINT_TYPE = 'PRIMARY KEY'
       AND     c.TABLE_NAME = pk.TABLE_NAME
       AND     c.CONSTRAINT_NAME = pk.CONSTRAINT_NAME

-- Get primary key select for insert
SELECT @PKSelect = COALESCE(@PKSelect+'+','') 
       + '''<' + COLUMN_NAME 
       + '=''+convert(varchar(100),
coalesce(i.' + COLUMN_NAME +',d.' + COLUMN_NAME + '))+''>''' 
       FROM    INFORMATION_SCHEMA.TABLE_CONSTRAINTS pk ,
               INFORMATION_SCHEMA.KEY_COLUMN_USAGE c
       WHERE   pk.TABLE_NAME = @TableName
       AND     CONSTRAINT_TYPE = 'PRIMARY KEY'
       AND     c.TABLE_NAME = pk.TABLE_NAME
       AND     c.CONSTRAINT_NAME = pk.CONSTRAINT_NAME

IF @PKCols IS NULL
BEGIN
       RAISERROR('no PK on table %s', 16, -1, @TableName)
       RETURN
END

SELECT         @field = 0, 
       @maxfield = MAX(ORDINAL_POSITION) 
       FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME = @TableName
WHILE @field < @maxfield
BEGIN
       SELECT @field = MIN(ORDINAL_POSITION) 
               FROM INFORMATION_SCHEMA.COLUMNS 
               WHERE TABLE_NAME = @TableName 
               AND ORDINAL_POSITION > @field
       SELECT @bit = (@field - 1 )% 8 + 1
       SELECT @bit = POWER(2,@bit - 1)
       SELECT @char = ((@field - 1) / 8) + 1
       IF SUBSTRING(COLUMNS_UPDATED(),@char, 1) & @bit > 0
                                       OR @Type IN ('I','D')
       BEGIN
               SELECT @fieldname = COLUMN_NAME 
                       FROM INFORMATION_SCHEMA.COLUMNS 
                       WHERE TABLE_NAME = @TableName 
                       AND ORDINAL_POSITION = @field
               SELECT @sql = '
insert Audit (    Type, 
               TableName, 
               PK, 
               FieldName, 
               OldValue, 
               NewValue, 
               UpdateDate, 
               UserName)
select ''' + @Type + ''',''' 
       + @TableName + ''',' + @PKSelect
       + ',''' + @fieldname + ''''
       + ',convert(varchar(1000),d.' + @fieldname + ')'
       + ',convert(varchar(1000),i.' + @fieldname + ')'
       + ',''' + @UpdateDate + ''''
       + ',''' + @UserID + ''''
       + ' from #ins i full outer join #del d'
       + @PKCols
       + ' where i.' + @fieldname + ' <> d.' + @fieldname 
       + ' or (i.' + @fieldname + ' is null and  d.'
                                + @fieldname
                                + ' is not null)' 
       + ' or (i.' + @fieldname + ' is not null and  d.' 
                                + @fieldname
                                + ' is null)' 
               EXEC (@sql)
  END
END

Note: The Substring length which I have entered is according to my test data alter it according to your parameter length

Edited SP

ALTER Procedure [dbo].[Data_Ins_Upd_Del]
(
@UserID Varchar(50),
@state varchar(100),
@dist varchar(100)
)
AS
Begin
Begin Try
Declare @CONTEXT_INFO Varbinary(max)

SET @CONTEXT_INFO =cast('UserID='+CONVERT(varchar(10),@UserID)
+REPLICATE(' ',128) as varbinary(128))

SET CONTEXT_INFO @CONTEXT_INFO

/* Do Insert / Update / Delete that will fire the trigger */
insert into State_tbl(StateName,District)values(@State,@dist)

SET CONTEXT_INFO 0x0 

End Try
Begin Catch
    Declare @Errmsg Varchar(max),@ErrSeverity int
    Set @Errmsg=ERROR_MESSAGE()
    Set @ErrSeverity=ERROR_SEVERITY()
    Raiserror(@Errmsg,@ErrSeverity,1)
End Catch
End

Below is the query and Trigger I used to test the Scenario

Declare @UserID varchar(50)='Usr-120',
 @CONTEXT_INFO Varbinary(max)

SET @CONTEXT_INFO =cast('UserID='+CONVERT(varchar(10),@UserID)
+REPLICATE(' ',128) as varbinary(128))

SET CONTEXT_INFO @CONTEXT_INFO

Insert into existing(UserName) Values(@UserID)

SET CONTEXT_INFO 0x0 

Trigger

Alter Trigger trgExisting  
on Existing for Insert,Update,Delete  
as  

DECLARE @UserID     varchar(50)  
       ,@sCONTEXT_INFO  varchar(128)  
SELECT @sCONTEXT_INFO=CAST(CONTEXT_INFO() AS VARCHAR) 
 FROM master.dbo.SYSPROCESSES WHERE SPID=@@SPID  


IF Substring(RTRIM(@sCONTEXT_INFO),LEN(RTRIM(@sCONTEXT_INFO))-15,8) like '%UserID%'  
BEGIN  

    SET @UserID=RIGHT(RTRIM(@sCONTEXT_INFO),LEN(RTRIM(@sCONTEXT_INFO))-7) 

END  
ELSE  
BEGIN  

    RAISERROR('@UserID was not specified',16,1)  
    ROLLBACK TRAN  
    RETURN  
END

Here is what the result I am getting by testing like your State_Tbl table with Trigger

Test Data

Note: This concept will work only for Insert and Update not Delete

Trigger Used

Create TRIGGER [dbo].[TR_lOCATION_AUDIT] 
ON [dbo].[State_Tbl] FOR UPDATE,INSERT,DELETE
AS
  DECLARE @bit INT ,
  @field INT ,
  @maxfield INT ,
  @char INT ,
  @fieldname VARCHAR(128) ,
  @TableName VARCHAR(128) ,
  @PKCols VARCHAR(1000) ,
  @sql VARCHAR(2000), 
  @UpdateDate VARCHAR(21) ,
  @UserName VARCHAR(128) ,
  @Type CHAR(1) ,
  @PKSelect VARCHAR(1000),
  @UserID  varchar(50),
  @sCONTEXT_INFO  varchar(128)


SELECT @sCONTEXT_INFO=CAST(CONTEXT_INFO() AS VARCHAR) FROM master.dbo.SYSPROCESSES WHERE SPID=@@SPID 

IF Substring(RTRIM(@sCONTEXT_INFO),LEN(RTRIM(@sCONTEXT_INFO))-15,8)  like '%UserID%'
BEGIN 

    SET @UserID=RIGHT(RTRIM(@sCONTEXT_INFO),LEN(RTRIM(@sCONTEXT_INFO))-7)

END
ELSE 
BEGIN

    RAISERROR('@UserID was not specified',16,1) 
    ROLLBACK TRAN
    RETURN
END 


--You will need to change @TableName to match the table to be audited. 
-- Here we made GUESTS for your example.
SELECT @TableName = 'State_Tbl'

-- date and user
SELECT @UserName = @UserID,
       @UpdateDate = CONVERT(VARCHAR(8), GETDATE(), 112) 
               + ' ' + CONVERT(VARCHAR(12), GETDATE(), 114)

-- Action
IF EXISTS (SELECT * FROM inserted)
       IF EXISTS (SELECT * FROM deleted)
               SELECT @Type = 'U'
       ELSE
               SELECT @Type = 'I'
ELSE
       SELECT @Type = 'D'

-- get list of columns
SELECT * INTO #ins FROM inserted
SELECT * INTO #del FROM deleted

-- Get primary key columns for full outer join
SELECT @PKCols = COALESCE(@PKCols + ' and', ' on') 
               + ' i.' + c.COLUMN_NAME + ' = d.' + c.COLUMN_NAME
       FROM    INFORMATION_SCHEMA.TABLE_CONSTRAINTS pk ,

              INFORMATION_SCHEMA.KEY_COLUMN_USAGE c
       WHERE   pk.TABLE_NAME = @TableName
       AND     CONSTRAINT_TYPE = 'PRIMARY KEY'
       AND     c.TABLE_NAME = pk.TABLE_NAME
       AND     c.CONSTRAINT_NAME = pk.CONSTRAINT_NAME

-- Get primary key select for insert
SELECT @PKSelect = COALESCE(@PKSelect+'+','') 
       + '''<' + COLUMN_NAME 
       + '=''+convert(varchar(100),
coalesce(i.' + COLUMN_NAME +',d.' + COLUMN_NAME + '))+''>''' 
       FROM    INFORMATION_SCHEMA.TABLE_CONSTRAINTS pk ,
               INFORMATION_SCHEMA.KEY_COLUMN_USAGE c
       WHERE   pk.TABLE_NAME = @TableName
       AND     CONSTRAINT_TYPE = 'PRIMARY KEY'
       AND     c.TABLE_NAME = pk.TABLE_NAME
       AND     c.CONSTRAINT_NAME = pk.CONSTRAINT_NAME

IF @PKCols IS NULL
BEGIN
       RAISERROR('no PK on table %s', 16, -1, @TableName)
       RETURN
END

SELECT         @field = 0, 
       @maxfield = MAX(ORDINAL_POSITION) 
       FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME = @TableName
WHILE @field < @maxfield
BEGIN
       SELECT @field = MIN(ORDINAL_POSITION) 
               FROM INFORMATION_SCHEMA.COLUMNS 
               WHERE TABLE_NAME = @TableName 
               AND ORDINAL_POSITION > @field
       SELECT @bit = (@field - 1 )% 8 + 1
       SELECT @bit = POWER(2,@bit - 1)
       SELECT @char = ((@field - 1) / 8) + 1
       IF SUBSTRING(COLUMNS_UPDATED(),@char, 1) & @bit > 0
                                       OR @Type IN ('I','D')
       BEGIN
               SELECT @fieldname = COLUMN_NAME 
                       FROM INFORMATION_SCHEMA.COLUMNS 
                       WHERE TABLE_NAME = @TableName 
                       AND ORDINAL_POSITION = @field
IF  Not EXISTS (SELECT * FROM sys.objects WHERE object_id = OBJECT_ID(N'[dbo].[Audit]') AND type in (N'U'))
Create TABLE [dbo].[Audit]
(
  TranType Varchar(150), 
  TableName Varchar(150), 
  PK Varchar(150), 
  FieldName Varchar(150), 
  OldValue Varchar(150), 
  NewValue Varchar(150), 
  UpdateDate Varchar(150), 
  UserName Varchar(150)
)

               SELECT @sql = '
insert Audit ( TranType, 
               TableName, 
               PK, 
               FieldName, 
               OldValue, 
               NewValue, 
               UpdateDate, 
               UserName)
select ''' + @Type + ''',''' 
       + @TableName + ''',' + @PKSelect
       + ',''' + @fieldname + ''''
       + ',convert(varchar(1000),d.' + @fieldname + ')'
       + ',convert(varchar(1000),i.' + @fieldname + ')'
       + ',''' + @UpdateDate + ''''
       + ',''' + @UserID + ''''
       + ' from #ins i full outer join #del d'
       + @PKCols
       + ' where i.' + @fieldname + ' <> d.' + @fieldname 
       + ' or (i.' + @fieldname + ' is null and  d.'
                                + @fieldname
                                + ' is not null)' 
       + ' or (i.' + @fieldname + ' is not null and  d.' 
                                + @fieldname
                                + ' is null)' 
               EXEC (@sql)
  END

END
9
Veera On

There are two ways to do it.

Way: 1

Just alter your table with new column UserName and insert/update the column whenever you access the table. The inserted/updated value from table can be accessed from the trigger.

Way : 2 (looks crazy)

You first create an additional table to hold the data to be accessible in the Trigger.

CREATE TABLE [dbo].[TriggerData](
        [GUID] [uniqueidentifier] NOT NULL,
        [USERNAME] [nvarchar](max) NULL
) ON [PRIMARY]

Then, before your Sql query to update data to the actual table, you store the desired additional information to be accessible in the Trigger to this table.

DECLARE @id uniqueidentifier;
SET @id = NEWID();
INSERT INTO TriggerData VALUES (@id, 'USER NAME');

Next, you associate the unique id to the current session.

DECLARE @context_info varbinary(100);
SET @context_info = cast(@id as varbinary(100));
SET CONTEXT_INFO @context_info;

Now, coming onto the Trigger, here's how you would access this information in the Trigger:

CREATE TRIGGER [dbo].[TriggerName]
   ON  [dbo].[Reservations]
   AFTER INSERT, UPDATE, DELETE
AS
BEGIN
    DECLARE @id uniqueidentifier;
    SELECT @id = CAST(CONTEXT_INFO() as uniqueidentifier);

    DECLARE @USERNAMEnvarchar(MAX);

    SELECT @USERNAME= USERNAME
    FROM TriggerData
    WHERE [GUID] = @id;

    -- More sql statements, use @USERNAME for the external information.

    DELETE FROM TriggerData WHERE [GUID] = @id;
END

Place the code before the insert/update and delete command.

DECLARE @id uniqueidentifier;
SET @id = NEWID();
INSERT INTO TriggerData VALUES (@id, 'USER NAME');

DECLARE @context_info varbinary(100);
SET @context_info = cast(@id as varbinary(100));
SET CONTEXT_INFO @context_info;