I want to get an idea about how can i capture the data audit trail of SSRS report getting rendered in Asp.net reportviwer.
I dont want the execution log. Example my report take department as input and give all details of employee working in that department.
Now my requirement is that, lets say i run the report for department a and get some employee then i have to log a audit trail saying i have seen records of so and so employee.
I was thinking that from SSRS itself i can insert the record which are retrieved or to be rendered but what if rendering failed, my log will still say that i have seen the record even before it appearing on ASP.Net page. Second way is that i have to make another call after data is rendered with same parameter and then log the result which can give me wrong result as data might have changed in that small interval.
secondly is there a way to track the save and print event On asp.net reportviewer control
looking forward for ideas. Thanks in advance.
Reporting Services may not be the solution for you if you want to add behaviour to data access. Reports are best as a display of data, not having side effects.
That said, probably the best you can do is to audit the rendering process using custom code. For instance, when you go to display the employee code you call a function recording that it was displayed and by who:
Function AuditEmployeeAccess(EmployeeCode As String) As String
' Connect to database, audit access (off the top of my head, could be bad)
Dim con As New SqlConnection
Dim cmd As New SqlCommand
con.ConnectionString = "Data Source=MyServer;Initial Catalog=AuditDb;User ID=username;Password=password"
con.Open()
' Don't do this, use parameters
cmd.CommandText = ("insert into audit (AuditEmployeeCode, AccessEmployeeCode) values ('" + Globals!UserId.Value + "', '" + EmployeeCode + "')")
cmd.Connection = con
cmd.ExecuteNonQuery()
con.Close()
' Return the employee code for display in the report
Return EmployeeCode
End Function
then instead of the cell holding the field value, it uses the expression:
=Code.AuditEmployeeAccess(Fields!EmployeeCode.Value)
Now this will audit whenever the employee code renders rather than when it is looked at. For instance, if the report is 5 pages long but the viewer only looks at the first two pages the access will still be audited for those on page 5.
For this reason you are probably better off creating a custom screen rather than using a report.
Related
I am relatively new to programming so please bare with me if I use improper terminology for the question I am about to ask.
Currently, I have a list(of String) that I am populating with 2 values that I am pulling from a database. Code Below.
objCn.Open()
sqlTermSelect.Connection = objCn
sqlTermSelect.CommandText = "Select PartsTerm, LaborTerm FROM SKU INNER JOIN Agreement On SKU.SKU = Agreement.SKU WHERE Agreement = #Agreement"
sqlTermSelect.Parameters.Add("#Agreement", SqlDbType.VarChar, 50).Value = txtAgreement.Text
Dim termDA As New SqlDataAdapter(sqlTermSelect)
Dim termDT As New DataTable()
termDA.Fill(termDT)
For i As Integer = 0 To termDT.Rows.Count - 1
listValues.Add(termDT.Rows(i)("PartsTerm").ToString())
listValues.Add(termDT.Rows(i)("LaborTerm").ToString())
Next
objCn.Close()
I am then storing the values of this list in two variables that I use as checks to see whether certain controls on my page should be enabled/visible or disabled/invisible.
The page that this is affecting operates(for lack of a better word) in two ways, the first is a brand new page with empty controls that the user fills out. The second way is if the user begins to fill out the page and leaves, the data they filled out is saved and they can return later to continue filling it out (I am not 100% certain but I believe when a user returns to an "in progress" page it is a post back, I could be wrong, I'm not terribly sure how this is handled).
The problem I am having comes to when this list is populated with the database values. When I go to a brand new page, the list is populated and the controls mentioned above are enabled/disabled appropriately with no issues, the issue arises when I go to an "in progress" page the list values don't populate and the controls that should be disabled are enabled. Essentially, I am looking for a way to populate this list every time a page is opened, "in progress" or brand new. The code above that populates the list is in the PageLoad() event and I have verified that it is not in a "If Not IsPostBack" statement.
Any and all help would be greatly appreciated, if there is anything I should add to this post code related I would be more than happy to supply it.
i want to display confidential data like bank account number, mobile numbers in 123**********1232 format in ASP.net controls. Like 022-23232-2322 will be 022*********2322 and on update it should save the actual data entered.
How it would be achieved in ASP.net?
If you want to mask it only for users which can't update it as commented, it's simple:
Dim number = "022-23232-2322"
Dim token = number.split("-"c)
Dim masked = String.Format("{0}{1}{2}", token(0), New String("*"c, 9), token.last())
Result as dersired: 022*********2322
Of course you have to store the real number serverside or load it from database when you need it. You should never need to unmask it. If an authorized user wants to update it you get the new value and you don't need the old. If you need it reload it from the data-source.
Not done any programming for about 5 years so im a little rusty on this one.
I am building an Asset management system to make my job easier but am struggling on a few things.
What i have so far is the DB setup and populated with a small amount of data, The main site itself is built and the basic select statements to a gridview of any data currently in the system for that particular page/search and i also have an insert statement that is populating the relevant tables based on data filed in on a form on that page. All these functions are working seamlessly.
The problem i have is that one field that needs to be populated for the insert statement needs to populate based upon the selection that is being made from a drop down box in the same form.
i.e.
An Asset that is being registered into the system has an Asset Type (the type details are contained within a parent table Asset_Type) the form has 3 fields for display purposes (one of these fields will need to return an entry to the Asset table in the database from the form, this is working) that are taken from the Asset_Type table, the other fields only relate to the Asset table itself.
What i am trying to achieve is that a user goes to the page and sees a list of Assets registered (this is working) they then need to add a new asset by filling in a form lower down on the page (for is there and writes to DB) on this form is a drop down menu that queries the Asset_Type table and allows the user to select the Type by name (this works)
What i now need to get working is for the 2 other fields to populate based on what Asset type is selected.
These fields are currently textboxes in the form but can be changed if required.
The code i have behind the page is below:
Protected Sub Name_Model_SelectedIndexChanged(sender As Object, e As EventArgs) Handles Name_Model.SelectedIndexChanged
Using conn As New SqlConnection(ConfigurationManager.ConnectionStrings("AssetManagementConnectionString").ToString())
Dim cmd As New SqlCommand()
cmd.Connection = conn
cmd.CommandText = "SELECT [ID], [Name_Model], [Description_Spec] FROM [Asset_Type] WHERE ([ID] = #ID)"
cmd.CommandType = CommandType.Text
conn.Open()
Dim reader As SqlDataReader = cmd.ExecuteReader()
If reader.HasRows Then
While (reader.Read())
{
Type_ID.text = (reader["ID"].tostring())
Name_Model.text = (reader["Name_Model"].tostring())
Description_Spec.text = reader["Description_Spec"].tostring
}
End While
End If
End Using
End Sub
So I'm not sure about Steve's comment, but I know he is a lot more familiar with VB based on questions of my own he has answered. However I am going to suggest something.
So "Drop downs" typically have 2 pieces of data associated with them.
A DisplayMember and a ValueMember (also a SelectedValue if it's a ComboBoxColumn)
You can reference either, I believe.
Then, you can do what you please with that value using an If Then or however you plan on using it.
assetValue = YourComboBox.DisplayMember.ToString
YourTextBox.Text = assetValue
or
If ComboBox.ValueMember = YourIndex Then
assetValue = Whatever
ElseIf
....
End If
Give that a try and let me know what you get. I am just throwing ideas out there.
I have a page with a search engine which calls a stored procedure to a database. The page contains a listview which is populated based on what the user enters in the search box. I was able turn each item in the listview as links to direct the user to a second page (which contains nothing at the moment). I wanted to be able to click on an item and be directed to second page which contains detailed info about the item.
For example, say I have a database of musicians in one column and their biography in second column. The user searches a musician on the first page and the listview is populated with names of the musicians only. The user clicks on the musician's name and is then directed to the second page which contains their bio(from the database). My questions is how I do populated the second page with detailed info when the user clicks on the item in the listview? Would the click event have to pass parameters back to the database and know to get this specific summary to populate the second page? Would parameter query would be right option for this?
I am sure its a pretty simple thing to do, but I am pretty new to asp.net and no clue how to go about this. Any ideas or methods on how to approaches would be greatly appreciated. I dont have much code on this, since I have been doing most of this in design view and html.
Thanks so much for your time,
A very direct way to do this would be to add a parameter to the link in each item in the list. So instead of something like this:
View Details
You'd have something like this:
View Details
Naturally, each id would be different for each row. How you populate that depends on how you populate the listview.
Then you'd have a single detailspage.aspx (or whatever you call it) which would look for an id parameter (check the Request.QueryString["id"] value in Page_Load for web forms, or have it as a method parameter in MVC) and use that value to fetch the record from the database and display the details.
One thing that's very much worth noting in this case is the need to validate that input before sending it to a database. You didn't specify how you're accessing the database, so I can only guess. But, regardless of your data access methodology, the first thing you want to do with that id value on the details page is to make sure it's a valid value to use for selecting data.
For example, if the identifier in the database is an integer, you'll want to try to parse the value into an actual integer variable (if it's a string by default, which it would be from Request.QueryString), returning an error to the page if that fails. Or if it's a GUID, same process. Basically, you want to do whatever you can to ensure that the value is safe for the database before even connecting to the database.
More details on SQL injection vulnerabilities here.
So i finally got it to work!! In case someone is stuck or trying to do the same thing I was aiming for...here is what I did:
This is in my first page:
' NavigateUrl='<%# "Testpage2.aspx?id=" + DataBinder.Eval (Container.DataItem,"ID")%>' ID="Link2" /> (Results is my data column and ID is the id associated to them)
Note: I added this in my ItemTemplate AND my AlternateTemplate (not sure why but if i didn't, it would just alternate :S)
Second Page Code Behind:
protected void Page_Load(object sender, EventArgs e)
{
SqlConnection SQLconn = new SqlConnection("Connectionstring");
try
{
SQLconn.Open();
SqlCommand command = new SqlCommand("SELECT Column1 FROM Table WHERE D='" + Request.QueryString["id"]
+ "'", SQLconn);
SqlDataReader reader = command.ExecuteReader();
if (reader.HasRows)
{
while (reader.Read())
{
TextBox1.Text = reader["Column1"].ToString();
}
}
}
catch (SqlException ex)
{
Response.Write(ex.Message.ToString());
}
finally
{
SQLconn.Close();
SqlConnection.ClearPool(SQLconn);
}
}
Thanks!
I can't believe I couldn't find an answer to this question after literally hours of searching the web. Is this so basic that everyone just knows how to do this? As you might have guessed I'm new to asp.net(vb).
My situation:
I have a large form that reuses several elements, so I decided to create a usercontrol with some common fields. The problem is when the form is filled out by a user and submitted, how do I reference those values so I can input them to my database???
Example:
Using Conn As New SqlConnection(connect)
Using Cmd As New SqlCommand(SQL, Conn)
Cmd.Parameters.AddWithValue("#Acct_Company", txtPartner.Text)
Cmd.Parameters.AddWithValue("#Acct_AccountNum", txtPartnerAccount.Text)
So, above two Cmd lines are for normally inserted textboxes in my form, but what would the line look like to reference any usercontrol form fields?
Any help would be greatly appreciated.
You need to expose the controls some how to the page that contains the user control. One way to to this is like this (within the control code):
Property CompanyName As String
Get
Return txtPartner.Text
End Get
Set(value As String)
txtPartner.Text = value
End Set
End Property
Then, the page containing the user control can access the value like this:
myControl.CompanyName