0

I have a webform built that works well, writes back to my SQL database, but now I need to track the user id of the person who made the change. I am a SQL developer, so am a little out of my knowledge range here.

My .aspx file has 

<InsertParameters>
    .....
    <asp:Parameter Name="StaffId" Type="String" DefaultValue= "Anonymous"/>

and my .aspx.cs file looks like this:

public partial class _BLAHBLAHBLAH_Topic1 : Page
{
    protected void Page_Load(object sender, EventArgs e)
    {
        if (!IsPostBack)
        {
            Session["UserPermission"] = null;                
            string username = User.Identity.Name;                

            if (username.StartsWith("ABC\\"))
                username = username.Remove(0, 4);

            bool[] userPermssion = GetUserPermissions(username);

            if(!userPermssion[0])
            {
                ASPxGridView1.Visible = false;
                WarningLabel.Visible = true;
            }                
        }
    }

    private bool[] GetUserPermissions(string username)
    {
        bool canView = false;
        bool canUpdate = false;
        bool canDelete = false;
        bool canInsert = false;

        try
        {
            PermissionDataSet.UserPermissionsDataTable userDataTable = new PermissionDataSet.UserPermissionsDataTable();
            PermissionDataSetTableAdapters.UserPermissionsTableAdapter adapter = new PermissionDataSetTableAdapters.UserPermissionsTableAdapter();
            adapter.Fill(userDataTable, username);

            if (userDataTable != null)
            {
                if (userDataTable.Rows.Count == 1)
                {
                    canView = Convert.ToBoolean(userDataTable.Rows[0]["ViewFlag"]);
                    canUpdate = Convert.ToBoolean(userDataTable.Rows[0]["UpdateFlag"]);
                    canDelete = Convert.ToBoolean(userDataTable.Rows[0]["DeleteFlag"]);
                    canInsert = Convert.ToBoolean(userDataTable.Rows[0]["InsertFlag"]);
                }
            }
        }
        catch(Exception ex)
        {
            //unable to retrieve permissions - all values are defaulted to false
        }

        bool[] userPermission = new bool[] { canView, canUpdate, canDelete, canInsert };
        Session["UserPermission"] = userPermission;

        return userPermission;
    }

    protected void ASPxGridView1_CommandButtonInitialize(object sender, ASPxGridViewCommandButtonEventArgs e)
    {
        if (Session["UserPermission"] != null)
        {
            bool[] permission = (bool[])Session["UserPermission"];

            switch (e.ButtonType)
            {
                case ColumnCommandButtonType.Edit:
                    e.Visible = permission[1];
                    break;

                case ColumnCommandButtonType.Delete:
                    e.Visible = permission[2];
                    break;

                case ColumnCommandButtonType.New:
                    e.Visible = permission[3];
                    break;
            }                      
        }
        else
        {
            switch (e.ButtonType)
            {
                case ColumnCommandButtonType.Edit:
                    e.Visible = false;
                    break;

                case ColumnCommandButtonType.Delete:
                    e.Visible = false;
                    break;

                case ColumnCommandButtonType.New:
                    e.Visible = false;
                    break;
            }
        }
    }
}

I figure that I need to put a 

protected void Page_Init(object sender, EventArgs e)
{
    DataSource.SelectParameters["StaffId"].DefaultValue = User.Identity.Name;
}

code snippet in there somewhere, but I am really not sure where or how, so any advice would be really appreciated.

Thank you

marc_s
  • 732,580
  • 175
  • 1,330
  • 1,459
user3735855
  • 144
  • 2
  • 20
  • You mean you want to write the username into the database? It's kinda a broad question, because all this code does is read from the DB, so you're effectively asking us to write all the code for you.. For this as a general architecture I think I'd dispense with the GetUserPermission and create a stored procedure for the action i wanted to take (UpdateCustomerDetails), I'd pass in the new customer details and the staff username, the SP would check the permission, write the audit log and update the customer. The ASP.net app could be hollowed out to something that just calls stored procedures – Caius Jard Mar 16 '19 at 10:19
  • Thanks @CaiusJard, no I wasn't expecting you to write all of the code for me, the code i have for the site checks user permissions against the database before granting access, and updates the database with all of the changes that have been made in the webform. I was simply looking for advice on how to write the staff username to the database at the same time as the rest of the form changes are made, instead of a hardcoded username that we have at the minute. Anyway, thanks for taking the time to reply. – user3735855 Mar 17 '19 at 08:12

1 Answers1

1

completed this using the advice from @done_merson on How to use User.Identity.Name as a parameter for SqlDataSource in ASP.NET?

works a charm! Thank you @done_merson

user3735855
  • 144
  • 2
  • 20