How to get currently logged in user by his ID using C#?

Question

I want to write a code, which makes only currently logged in user able to update data i DataGridView using only his ID, which he has to write in textBox1,press the button and thus update data in selected row. Right now currently logged in user can also update data in DataGridView using other user's ID, which should not be possible. I have tried this code:

  private void button5_Click(object sender, EventArgs e)
    {
        string ID = System.Security.Principal.WindowsIdentity.GetCurrent().Name;
        if (textBox1.Text == "" || textBox1.Text != ID)
        {
            MessageBox.Show("Insert your ID and try again.");
        }
        else
        { 
            try
            {
            String ConnectionString = @"Data Source=.\SQLEXPRESS01;Initial Catalog=Vagtplan;Integrated Security=True";
            SqlConnection myconnection = new SqlConnection(ConnectionString);
            myconnection.Open();
            DateTime primaryKey= Convert.ToDateTime(dataGridView1.SelectedRows[0].Cells[0].Value);
            SqlCommand AddNumberCommand = myconnection.CreateCommand();
            AddNumberCommand.CommandText = "UPDATE dbo.Vagter SET [ansatID] = @ansatID WHERE [Dato] = @dato";
            AddNumberCommand.Parameters.Add("@ansatID", SqlDbType.Int).Value = textBox1.Text;
            AddNumberCommand.Parameters.Add("@dato", SqlDbType.DateTime).Value = primaryKey;
            AddNumberCommand.ExecuteNonQuery();
            myconnection.Close();
            }
            catch (Exception ex)
            {
            MessageBox.Show(ex.Message);
            }
            finally
            {
            MessageBox.Show("Du har valgt vagten.");
            }
        }

But, string ID = System.Security.Principal.WindowsIdentity.GetCurrent().Name does not help in this case. ID is also declared as 'int' datatype.

Expected result is, that if a currently logged in user write an other user's ID in textBox1 and try to update data in DataGridView pressing button, then he get an error message like ''You have to use your ID'' or something like that.

You could evaluate the [environment variable](https://stackoverflow.com/a/185214/1911064) `USERNAME`. — Axel Kemper, May 05 '19 at 14:31
Another [related post](https://stackoverflow.com/questions/1240373/how-do-i-get-the-current-username-in-net-using-c/1240379). — Axel Kemper, May 05 '19 at 14:33

score 0 · Answer 1 · answered May 05 '19 at 16:39

0

Since you are using Windows authentication, you can get the current user name using SUSER_NAME() SQL function, for example:

UPDATE Table1 SET Column1 = SUSER_NAME()

If for any reason you would like to get the user name in your C# code, to get the user name who run the application using Environment.UserName and his domain using Environment.UserDomainName:

var userName = $@"{Environment.UserDomainName}\{Environment.UserName}"

Then you can pass it as a parameter to the query.

answered May 05 '19 at 16:39

Reza Aghaei

120,393
18
203
398

Okey, bot how will the query look like then? Is it something like? : AddNumberCommand.CommandText = "UPDATE dbo.Vagter SET [ansatID] = SUSER_NAME WHERE [Dato] = @dato"; AddNumberCommand.Parameters.Add(SUSER_NAME, SqlDbType.Int).Value = textBox1.Text; AddNumberCommand.Parameters.Add("@dato", SqlDbType.DateTime).Value = primaryKey; – Paweł Żelazny May 05 '19 at 17:17
No, for the first case, you don't need any parameter for username, just use the query like `var cmdText = "UPDATE Table1 SET Column1 = SUSER_NAME()";`. – Reza Aghaei May 05 '19 at 17:18
Or maybe (in the second case): String ID = Environment.UserName; AddNumberCommand.CommandText = "UPDATE dbo.Vagter SET [ansatID] = @ID WHERE [Dato] = @dato"; AddNumberCommand.Parameters.Add(@ID, SqlDbType.Int).Value = textBox1.Text; AddNumberCommand.Parameters.Add("@dato", SqlDbType.DateTime).Value = primaryKey; – Paweł Żelazny May 05 '19 at 17:21
I assume you want to update `Column1` and set it to the name of current user, where `Column2` has a specific value. Then the query will be `var cmdText = "UPDATE Table1 SET Column1 = SUSER_NAME() WHERE Column2 = @Column2";` Then for the command object, just add a parameter for `@Column2` and set its value to the specific value. – Reza Aghaei May 05 '19 at 17:24
It doesn't work....I get an error: ''Conversion failed when converting the nvarchar value 'LAPTOP-C6NQOS6Q/Pawel' to data type int.'' 'LAPTOP-C6NQOS6Q/Pawel' is name of my notebook and [ansatID] (column where data are updated with ID of user) is declared with data type int. – Paweł Żelazny May 05 '19 at 18:15
The data type of column is wrong. How do you expect a username be int. It should be nvarchar. – Reza Aghaei May 05 '19 at 18:16

How to get currently logged in user by his ID using C#?

1 Answers1