您将如何审核 ASP.NET 成员资格表,同时记录哪些用户进行了更改?
使用基于触发器的方法进行审计日志记录,我记录对数据库中的表所做的更改的历史记录。我使用的方法(使用静态 SQL Server 登录)记录哪个用户进行了更改,涉及在每个数据库连接开始时运行一个存储过程。触发器在记录审核行时使用此用户名。 (触发器由产品 OmniAudit 提供。)
但是,ASP.NET 成员资格表主要通过成员资格 API 访问。当会员 API 打开其数据库连接时,我需要传入当前用户的身份。我尝试对 MembershipProvider 进行子类化,但无法访问底层数据库连接。
看来这将是一个常见问题。有谁知道当 ASP.NET 会员建立数据库连接时我们可以访问任何钩子吗?
Using a trigger-based approach to audit logging, I am recording the history of changes made to tables in the database. The approach I'm using (with a static sql server login) to record which user made the change involves running a stored procedure at the outset of each database connection. The triggers use this username when recording the audit rows. (The triggers are provided by the product OmniAudit.)
However, the ASP.NET Membership tables are accessed primarily through the Membership API. I need to pass in the current user's identity when the Membership API opens its database connection. I tried subclassing MembershipProvider but I cannot access the underlying database connection.
It seems like this would be a common problem. Does anyone know of any hooks we can access when the ASP.NET Membership makes its database connection?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
更新2:
恐怕 AOP 前端看起来不太好 - 请参阅 是否可以拦截您不拥有且未创建的对象上的静态方法?
正如评论中提到的,看起来最好的选择是使用Provider Toolkit 的提供者实现,并将您的钩子连接到
SqlConnectionHelper.GetConnection()
我使用工具包代码,多年来我已经对其进行了大量、可靠的清理,没有出现任何问题。如果您有兴趣,让我确认 4.0 并打包它。
更新:
好的,我想我更好地理解您的需求,请告诉我我是否正确:
您需要提供商正在使用的实际连接?
SqlMembershipProvider 使用帮助器类
System.Web.DataAccess.SqlConnectionHolder
来进行所有数据访问。我还没有这样做,但根据我收集的信息,您可以使用 AOP 实现(例如 Castle DynamicProxy(或利用它的库之一))拦截调用来构建此对象,并在那里建立连接。
有经验的人可以证实还是否认这一点吗?
原始答案:
不需要从SqlMembershipProvider派生。只要进去拿你需要的东西就可以了。
Update 2:
Not looking good on the AOP front, I am afraid - see Is is possible to intercept a static method on an object you don't own and did not create?
And as alluded to in comments, it looks like the best bet is to use the Provider Toolkit's implementation of the providers and wire your hook into
SqlConnectionHelper.GetConnection()
I use the toolkit code, which I have cleaned up considerably, reliably for years with no problems. Let me confirm on 4.0 and package it up if you are interested.
Update:
Ok, I think I better understand your need, tell me if I am correct:
You need the actual connection that is being used by the provider?
SqlMembershipProvider utilizes a helper class,
System.Web.DataAccess.SqlConnectionHolder
, for all of it's data access.I have not done this, but from what I have gathered, you could intercept calls to build this object using an AOP implementation such as Castle DynamicProxy (or one of the libraries that leverage it) and get your connection there.
Could some one with more experience confirm or deny this?
Original answer:
No need to derive from SqlMembershipProvider. Just go in and get what you need.