0

I have a webform built that works well, writes back to my SQL database, but now I need to track the user id of the person who made the change. I am a SQL developer, so am a little out of my knowledge range here.

My .aspx file has 

<InsertParameters>
    .....
    <asp:Parameter Name="StaffId" Type="String" DefaultValue= "Anonymous"/>

and my .aspx.cs file looks like this:

public partial class _BLAHBLAHBLAH_Topic1 : Page
{
    protected void Page_Load(object sender, EventArgs e)
    {
        if (!IsPostBack)
        {
            Session["UserPermission"] = null;                
            string username = User.Identity.Name;                

            if (username.StartsWith("ABC\\"))
                username = username.Remove(0, 4);

            bool[] userPermssion = GetUserPermissions(username);

            if(!userPermssion[0])
            {
                ASPxGridView1.Visible = false;
                WarningLabel.Visible = true;
            }                
        }
    }

    private bool[] GetUserPermissions(string username)
    {
        bool canView = false;
        bool canUpdate = false;
        bool canDelete = false;
        bool canInsert = false;

        try
        {
            PermissionDataSet.UserPermissionsDataTable userDataTable = new PermissionDataSet.UserPermissionsDataTable();
            PermissionDataSetTableAdapters.UserPermissionsTableAdapter adapter = new PermissionDataSetTableAdapters.UserPermissionsTableAdapter();
            adapter.Fill(userDataTable, username);

            if (userDataTable != null)
            {
                if (userDataTable.Rows.Count == 1)
                {
                    canView = Convert.ToBoolean(userDataTable.Rows[0]["ViewFlag"]);
                    canUpdate = Convert.ToBoolean(userDataTable.Rows[0]["UpdateFlag"]);
                    canDelete = Convert.ToBoolean(userDataTable.Rows[0]["DeleteFlag"]);
                    canInsert = Convert.ToBoolean(userDataTable.Rows[0]["InsertFlag"]);
                }
            }
        }
        catch(Exception ex)
        {
            //unable to retrieve permissions - all values are defaulted to false
        }

        bool[] userPermission = new bool[] { canView, canUpdate, canDelete, canInsert };
        Session["UserPermission"] = userPermission;

        return userPermission;
    }

    protected void ASPxGridView1_CommandButtonInitialize(object sender, ASPxGridViewCommandButtonEventArgs e)
    {
        if (Session["UserPermission"] != null)
        {
            bool[] permission = (bool[])Session["UserPermission"];

            switch (e.ButtonType)
            {
                case ColumnCommandButtonType.Edit:
                    e.Visible = permission[1];
                    break;

                case ColumnCommandButtonType.Delete:
                    e.Visible = permission[2];
                    break;

                case ColumnCommandButtonType.New:
                    e.Visible = permission[3];
                    break;
            }                      
        }
        else
        {
            switch (e.ButtonType)
            {
                case ColumnCommandButtonType.Edit:
                    e.Visible = false;
                    break;

                case ColumnCommandButtonType.Delete:
                    e.Visible = false;
                    break;

                case ColumnCommandButtonType.New:
                    e.Visible = false;
                    break;
            }
        }
    }
}

I figure that I need to put a 

protected void Page_Init(object sender, EventArgs e)
{
    DataSource.SelectParameters["StaffId"].DefaultValue = User.Identity.Name;
}

code snippet in there somewhere, but I am really not sure where or how, so any advice would be really appreciated.

Thank you

Improve this question
2
  • You mean you want to write the username into the database? It's kinda a broad question, because all this code does is read from the DB, so you're effectively asking us to write all the code for you.. For this as a general architecture I think I'd dispense with the GetUserPermission and create a stored procedure for the action i wanted to take (UpdateCustomerDetails), I'd pass in the new customer details and the staff username, the SP would check the permission, write the audit log and update the customer. The ASP.net app could be hollowed out to something that just calls stored procedures Commented Mar 16, 2019 at 10:19
  • Thanks @CaiusJard, no I wasn't expecting you to write all of the code for me, the code i have for the site checks user permissions against the database before granting access, and updates the database with all of the changes that have been made in the webform. I was simply looking for advice on how to write the staff username to the database at the same time as the rest of the form changes are made, instead of a hardcoded username that we have at the minute. Anyway, thanks for taking the time to reply. Commented Mar 17, 2019 at 8:12

1 Answer 1

Reset to default
1

completed this using the advice from @done_merson on How to use User.Identity.Name as a parameter for SqlDataSource in ASP.NET?

works a charm! Thank you @done_merson

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.