>>>
>>>Thanks for replying. Really your reply is what I need to do. But I want to know whether I should use SQL Logins or, instead, register Windows users into SQL and use them for my auditing purposes.
>>
>>My app uses SQL Login.
>
>OK, how do you manage the building of the connection string? Can you give a hint on how to do an auditing routine?
>
>TIA
Let me clarify. The application connects to the SQL Server using a SQL Login. The SQL Login credentials are in a configuration file (xml file). The connection string (example) is as follows:
cConnString = "DRIVER=SQL Server;SERVER=MySQLServerName;DATABASE=MySQLServerDBName;Trusted_Connection='No'"
Then, there is a separate table in the application with encrypted fields for each user of the application.
So, a user has to enter his/her user name and password to load the application. A user is authenticated against this table. Therefore, the application "knows" who is currently using the application.
Then, when a user makes any change to a table, another table gets an entry of the value before and after the change; for each changed field. Therefore, this Audit Table is what the application uses to report of what changes were done to a table/field and who did it. The auditing routine in itself is part of the Biz Object of the application.
I hope it answers you question.
"The creative process is nothing but a series of crises." Isaac Bashevis Singer
"My experience is that as soon as people are old enough to know better, they don't know anything at all." Oscar Wilde
"If a nation values anything more than freedom, it will lose its freedom; and the irony of it is that if it is comfort or money that it values more, it will lose that too." W.Somerset Maugham