通过在服务帐户下运行的Web服务将用户名从C＃本机应用程序传递到SQL Server的好方法

Question

Our company has a model where all Web services run under its own specific service account. for example: comp\\Ws.App

This Web service does all the Database interaction using Store procedures to a SQL database and the service account has all the rights to do so.

We have a native client built written in C# that uses the web service for all data related queries.

My problem is that we have audits on these database tables using triggers which record the user using the USER_NAME() build in SQl function.

Is there any way that the name of the user running the Native app gets passed in to a SQL build in function? It does not have to be the USER_NAME() function, but any built in function is good enough.

What I am trying to avoid is the following:

• Change every function to pass the user name
• Change every open connection statement to pass the user name

Currently what I do is change the Application Name property in the SQL connection string to include the user identity and strip this from the APP_NAME() built in SQL function

Notes

• Users do not have direct access to SQL Server

Any other good solutions?

Answer 1

One option is to store the user id in the SQL Server context info. As soon as the web service identifies or authenticates the user, then the web service stores the user id in the context info, this can be done by calling a stored procedure like the following:

CREATE PROCEDURE SetUserContext
    @UserId int
AS
    DECLARE @uc binary(4)
    SET @uc = CONVERT(binary(4), @UserId)
    SET CONTEXT_INFO @ci

Then, audit trail triggers read the user id from the context info using a code like this one:

DECLARE @UserId int
SET @UserId = CONVERT(int, SUBSTRING(CONTEXT_INFO(), 1, 4))

Of course you need to keep the connection open after calling SetUserContext, if you close the connection the context info is lost. So the sequence of actions should be as follows:

1. Open connection
2. Call SetUserContext
3. Call other stored procedures
4. Close connection