>>>
>>>Thanks for replying. Really your reply is what I need to do. But I want to know whether I should use SQL Logins or, instead, register Windows users into SQL and use them for my auditing purposes.
>>
>>My app uses SQL Login.
>
>OK, how do you manage the building of the connection string? Can you give a hint on how to do an auditing routine?
>
>TIA

Let me clarify. The application connects to the SQL Server using a SQL Login. The SQL Login credentials are in a configuration file (xml file). The connection string (example) is as follows:

cConnString = "DRIVER=SQL Server;SERVER=MySQLServerName;DATABASE=MySQLServerDBName;Trusted_Connection='No'"

Then, there is a separate table in the application with encrypted fields for each user of the application.
So, a user has to enter his/her user name and password to load the application. A user is authenticated against this table. Therefore, the application "knows" who is currently using the application.

Then, when a user makes any change to a table, another table gets an entry of the value before and after the change; for each changed field. Therefore, this Audit Table is what the application uses to report of what changes were done to a table/field and who did it. The auditing routine in itself is part of the Biz Object of the application.

I hope it answers you question.