Tutorials ADO.NET Core Tutorial

Audit Trails — Complete Guide

Audit Trails — Complete Guide: free step-by-step lesson with examples, common mistakes, and interview tips — part of ADO.NET Core Tutorial on Toolliyo Academy.

On this page
Audit Trails — Complete Guide — ShopNest.DataAccess
Article 39 of 100 · Module 4: Transactions and Error Handling · Audit Logs
Target keyword: audit trails ado.net core · Read time: ~24 min · .NET: 8 · ADO.NET Core · Project: ShopNest.DataAccess — Audit Logs

Introduction

Audit Trails — Complete Guide is essential for .NET developers building ShopNest.DataAccess — Enterprise High-Performance Data Platform — Toolliyo's 100-article ADO.NET Core master path covering SqlConnection, stored procedures, transactions, connection pooling, ASP.NET Core integration, Azure SQL, and ten enterprise portfolio projects. Every article includes minimum two enterprise real-world examples (ICICI banking, TCS ERP reporting, insurance batch, legacy modernization).

In Indian delivery projects (TCS, Infosys, Wipro), interviewers expect audit trails with real banking transfers, ERP GL reports, or legacy stored procedure modernization — not toy animal demos. This article delivers production depth on Audit Logs.

After this article you will

  • Explain Audit Trails in plain English and in SQL Server / ADO.NET terms
  • Implement audit trails in ShopNest.DataAccess — Enterprise High-Performance Data Platform (Audit Logs)
  • Compare SQL-concat / sync anti-patterns vs production-ready parameterized async ADO.NET
  • Answer fresher, mid-level, and senior ADO.NET and SQL Server interview questions confidently
  • Connect this lesson to Article 40 and the 100-article ADO.NET Core roadmap

Prerequisites

Concept deep-dive

Level 1 — Analogy

Audit Trails on ShopNest.DataAccess adds high-performance SQL Server data access for enterprise audit trails modules.

Level 2 — Technical

Audit Trails guarantees data integrity on ShopNest Audit Logs — SqlTransaction, isolation levels, deadlock retry with exponential backoff, and audit trail writes.

Level 3 — Data platform view

[ASP.NET Core API / MVC Controller]
       ▼
[Application Service — IOrderRepository interface]
       ▼
[ADO.NET Repository — SqlConnection + SqlCommand + SqlParameter]
       ▼
[SQL Server — Tables · Indexes · Stored Procedures · Transactions]
       ▼
[Connection Pool · Read Replica · Azure SQL · Serilog + SQL Profiler]

Common misconceptions

❌ MYTH: ADO.NET is obsolete — always use EF Core.
✅ TRUTH: ADO.NET wins for stored procedures, bulk load, streaming reports, and legacy SQL — EF Core for rapid CRUD.

❌ MYTH: String concatenation is fine if you escape quotes.
✅ TRUTH: Always SqlParameter — SQL injection is the #1 data breach vector in Indian banking apps.

❌ MYTH: Sync database calls are fine in ASP.NET Core.
✅ TRUTH: Use async ADO.NET end-to-end — sync calls block thread pool under load.

Project structure

ShopNest.DataAccess/
├── src/
│   ├── ShopNest.DataAccess.Api/       ← ASP.NET Core Web API
│   ├── ShopNest.DataAccess.Core/      ← Repository interfaces + DTOs
│   ├── ShopNest.DataAccess.AdoNet/    ← SqlConnection, SPs, transactions
│   ├── ShopNest.DataAccess.Reports/   ← Streaming readers, GL reports
│   └── ShopNest.DataAccess.Tests/     ← Testcontainers SQL integration
├── sql/
│   ├── migrations/
│   └── stored-procedures/             ← usp_Orders_*, usp_Payments_*
└── docker-compose.yml                 ← SQL Server 2022

Hands-on implementation — Audit Logs

Write Audit Trails in ShopNest.DataAccess for Audit Logs: SqlConnection/SqlCommand with parameters, async calls, and verify in SSMS with execution plan.

  1. Open ShopNest.DataAccess repository for this lesson module.
  2. Use SqlConnection with await using and connection string from IConfiguration.
  3. Add SqlParameter for every user input — never string concatenation.
  4. Use ExecuteReaderAsync for reads; transactions for multi-statement writes.
  5. Verify in SSMS — check execution plan, row counts, and connection pool metrics.

Anti-pattern (SQL concat, sync calls, DataSet for huge reports)

// ❌ BAD — SQL concat, sync call, no disposal
public List<Order> GetOrders(string status) {
    var conn = new SqlConnection(_connStr);
    conn.Open();
    var cmd = new SqlCommand("SELECT * FROM Orders WHERE Status = '" + status + "'", conn);
    var reader = cmd.ExecuteReader(); // sync, blocks thread pool
    // connection never disposed — pool exhaustion under load
    return Parse(reader);
}

Production-style ADO.NET data access

// ✅ CORRECT — Audit Trails on ShopNest (Audit Logs)
public async Task<IReadOnlyList<OrderDto>> GetByStatusAsync(string status, CancellationToken ct) {
    await using var conn = new SqlConnection(_config.GetConnectionString("ShopNestDb"));
    await conn.OpenAsync(ct);
    await using var cmd = new SqlCommand("usp_Orders_GetByStatus", conn) {
        CommandType = CommandType.StoredProcedure
    };
    cmd.Parameters.Add("@Status", SqlDbType.NVarChar, 20).Value = status;
    var list = new List<OrderDto>();
    await using var reader = await cmd.ExecuteReaderAsync(ct);
    while (await reader.ReadAsync(ct))
        list.Add(new OrderDto(reader.GetInt32(0), reader.GetDecimal(1), reader.GetString(2)));
    return list;
}

Complete example

await using var tx = await conn.BeginTransactionAsync(ct);
// Audit Trails on ShopNest Audit Logs

SQL performance and connection management — Audit Trails

  • Connection pooling — default enabled; never disable without load testing; watch pool exhaustion (error 10053/10054)
  • Parameterized queries — always use SqlParameter; prevents SQL injection and enables plan cache reuse
  • Async — ExecuteReaderAsync/ExecuteNonQueryAsync free thread pool under load
  • CommandBehavior.SequentialAccess — stream large BLOB/text columns without loading full row into memory
  • Indexes — align with WHERE/JOIN columns; use SQL Server DMVs to find missing indexes

Real-World Example 1 — Government Pension Legacy Modernization

MANDATORY enterprise scenario (Government / PSU): Audit Trails in ShopNest.DataAccess Audit Logs.

Business problem

20-year-old VB6 + inline SQL pension system migrated to ASP.NET Core. ADO.NET wraps existing stored procedures — no ORM rewrite — minimizing regression risk while adding connection pooling and async I/O.

Architecture

Legacy SPs (unchanged) ← AdoNetLegacyBridge → ASP.NET Core Web API
  → Repository per bounded context (Pension, Disbursement, Audit)
  → Strangler Fig: new modules EF Core, legacy modules ADO.NET

Production ADO.NET code

// Bridge pattern — call legacy SP by name
public async Task<PensionDetail?> GetPensionAsync(string pensionId, CancellationToken ct)
{
    const string sql = "EXEC dbo.usp_GetPensionDetail @PensionId";
    await using var conn = new SqlConnection(_legacyConnStr);
    await using var cmd = new SqlCommand(sql, conn);
    cmd.Parameters.Add("@PensionId", SqlDbType.VarChar, 15).Value = pensionId;
    await conn.OpenAsync(ct);
    await using var r = await cmd.ExecuteReaderAsync(ct);
    return r.Read() ? MapPension(r) : null;
}

Outcome

Migration delivered in 8 months vs 24-month full rewrite estimate; 99.2% SP compatibility on day one.

Real-World Example 2 — Razorpay-Style Payment Reconciliation

MANDATORY enterprise scenario (Payment Gateway): Audit Trails in ShopNest.DataAccess Audit Logs.

Business problem

End-of-day reconciliation matches 1M gateway transactions against internal ledger. ADO.NET table-valued parameters feed set-based MERGE in SQL Server — impossible to express efficiently in LINQ.

Architecture

Gateway CSV → TVP dbo.TransactionBatch → usp_ReconcilePayments
  → MERGE Payments.Ledger → Output mismatches to ReconciliationExceptions

Production ADO.NET code

var tvp = new SqlParameter("@Batch", SqlDbType.Structured)
{
    TypeName = "dbo.TransactionBatchType",
    Value = BuildDataTable(transactions)
};
cmd.Parameters.Add(tvp);
await cmd.ExecuteNonQueryAsync(ct);

Outcome

Reconciliation completes in 12 minutes; EF Core prototype timed out at 45 minutes on same hardware.

ADO.NET with ASP.NET Core — Audit Trails

Register IAuditLogsRepository as Scoped in DI. Never hold SqlConnection across requests. Use IConfiguration for connection strings; User Secrets locally, Azure Key Vault in production.

builder.Services.AddScoped<IOrderRepository, OrderRepository>();
builder.Services.AddHealthChecks().AddSqlServer(connectionString);

Stored procedures and SQL safety

Enterprise ShopNest modules use versioned stored procedures (usp_ prefix). Never concatenate user input — always SqlParameter. Log slow queries (>500ms) with Serilog and review execution plans in SSMS.

Common errors & fixes

  • SQL built with string concatenation from user input — Use SqlParameter with typed values for every dynamic value.
  • Not disposing SqlConnection / SqlDataReader — Use await using for connection, command, and reader — return connections to pool.
  • Loading million-row reports into DataTable — Stream with SqlDataReader and yield batches; avoid DataSet for large data.
  • Hard-coding connection strings in repository classes — IConfiguration + User Secrets locally; Azure Key Vault in production.

Best practices

  • 🟢 SqlParameter for every dynamic value — zero string concatenation
  • 🟢 await using for SqlConnection, SqlCommand, SqlDataReader — return to pool
  • 🟡 Async ADO.NET end-to-end on ASP.NET Core request paths
  • 🟡 Stream large reports with SqlDataReader; avoid DataSet for millions of rows
  • 🔴 SqlTransaction for multi-statement financial writes with explicit rollback
  • 🔴 Connection strings in Key Vault — never committed to Git

Interview questions

Fresher level

Q1: What is Audit Trails in ADO.NET Core?
A: Audit Trails on ShopNest Audit Logs: SqlConnection lifecycle, SqlCommand with parameters, async execution, and disposal for connection pool health.

Q2: ADO.NET vs EF Core — when to use which?
A: ADO.NET for stored procedures, bulk load, streaming reports, and legacy SQL; EF Core for rapid CRUD and migrations. ShopNest uses both.

Q3: How do you prevent SQL injection in ADO.NET?
A: Always SqlParameter with typed SqlDbType — never string concatenation, even for "trusted" internal tools.

Mid / senior level

Q4: Explain connection pooling and why disposal matters.
A: SqlConnection.Close/Dispose returns the physical connection to the pool. Leaked connections exhaust Max Pool Size and cause timeouts.

Q5: How do you handle transactions in ADO.NET?
A: SqlTransaction with try/commit/catch/rollback; choose isolation level (ReadCommitted default); retry deadlocks with Polly.

Q6: How would you optimize a slow stored procedure report?
A: Check execution plan in SSMS, add covering indexes, avoid SELECT *, stream with SqlDataReader, consider read replica for analytics.

Coding round

Implement a parameterized ADO.NET repository method for ShopNest Audit Logs — show SqlConnection, SqlCommand, SqlParameter, async disposal, and one xUnit integration test.

Summary & next steps

  • Article 39: Audit Trails — Complete Guide
  • Module: Module 4: Transactions and Error Handling · Level: INTERMEDIATE
  • Applied to ShopNest.DataAccess — Audit Logs

Previous: Logging — Complete Guide
Next: ACID Principles — Complete Guide

Practice: Run today's SQL in SSMS with execution plan — commit with feat(adonet): article-039.

FAQ

Q1: What is Audit Trails?

Audit Trails helps ShopNest.DataAccess implement high-performance Audit Logs data access with Microsoft.Data.SqlClient and SQL Server.

Q2: Do I need EF Core to learn ADO.NET?

No — ADO.NET is the foundation. Many Indian banking and ERP projects still rely on stored procedures wrapped in ADO.NET.

Q3: Is ADO.NET asked in interviews?

Yes — SqlConnection, parameters, transactions, and ADO.NET vs EF appear in TCS, Infosys, and product company .NET rounds.

Q4: Which .NET version?

Examples target .NET 8 LTS with Microsoft.Data.SqlClient and async ADO.NET throughout.

Q5: How does this fit ShopNest.DataAccess?

Article 39 strengthens Audit Logs. By Article 100 you have a portfolio-ready enterprise data layer.

Questions on this lesson 0

Sign in to ask a question or upvote helpful answers.

No questions yet — be the first to ask!

ADO.NET Core Tutorial
Course syllabus

ADO.NET Core Tutorial

Module 1: ADO.NET Fundamentals
Module 2: CRUD Operations
Module 3: Stored Procedures
Module 4: Transactions and Error Handling
Module 5: Performance Optimization
Module 6: ASP.NET Core Integration
Module 7: Advanced Enterprise Topics
Module 8: Testing and Debugging
Module 9: Cloud and DevOps
Module 10: Real-World Enterprise Projects
Toolliyo Assistant
Ask about tutorials, ebooks, training, pricing, mentor services, and support. I use public site content only—not admin or internal tools.

care@toolliyo.com

Need callback? Share your details