auditing actual user

[Jeff Lisk <je...@fmh.com>]

I'm creating a new ASP.Net web application that is utilizing iBatis.net and I've run into an issue that I need some suggestions with. The web application is using forms authentication for external users and Windows authentication for internal users. The database connection is using a generic user and is configured within the sqlmap.config file. Okay, here's the issue. From an auditing perspective, I need the ability to actually log in the database the actual person that is signed on to the web application not the generic user that the database connection is under. Oracle provides two potential mechanisms to accomplish this, Proxy Authentication or a Client Identifier (http://www.oracle.com/technology/pub/articles/mastering_dotnet_oracle/cook_masteringdotnet.html). Both options require that I set dynamic data (username/pw) either on the connection string or the connection. I found a post on the FAQs that addresses this issue (http://opensource.atlassian.com/confluence/oss/display/IBATIS/How+do+I+set+the+connection+string+per+user+in+Web+context). Is this the recommended approach? This is a need that any large system would have and I expected the functionality to be more "baked" into iBatis. Has anyone successfully utilized Oracle's Proxy Authentication or Client Identifier with iBatis?

Thanks,

Jeff Lisk
Jeffl@fmh.com<ma...@fmh.com>