I have built a web application that is structured in a n-layer architecture, i.e. UI, BLL, API (WebAPI), DAL. What I would like to achieve with this separation of concern is to enable basic auditing on the DAL, i.e. RowCreatedBy, RowUpdatedBy and so forth, however I want to find out what is the best way to pass the user identity from the UI layer down to my Data Access Layer without adding it as a parameter on all my crud calls. The option that is there is using Thread.CurrentPrincipal, however it could work,but the catch is my application is hosted in IIS under an apppool with a specific identity set. I would like the CurrentUser to be available throughout all my application layer. Please advise the best approach?
NB: I know people may have asked this, but from the other references I have seen, none satisfy my scenario.