5

I've encrypted some columns in an Azure SQL Database, using Always Encrypted and a column master key stored in an Azure Key Vault, but I'm having trouble accessing them from my application using Entity Framework.

There's a recent MSDN article and an older blog post that explain how to set up a SqlConnection to use Always Encrypted with an Azure Key Vault, so I'm guessing that a normal DbContext could be created using the constructor that accepts a DbConnection.

The problem is that I'm using an IdentityDbContext, which doesn't have that constructor - the only constructor that takes a DbConnection also takes a DbCompiledModel, which is beyond my pay-grade at the moment.

Can anyone explain how to set up an IdentityDbContext to use the Key Vault?

Jonathan Sayce
  • 9,359
  • 5
  • 37
  • 51
  • I'm investigating ... found a mention of adding "Column Encryption Setting=Enabled" in ConnectionString, and the need to add a SqlParameter for an encrypted column. Here: https://azure.microsoft.com/en-us/documentation/articles/sql-database-always-encrypted/#strongimportantstrong Are you encrypting a column or the whole database? – OzBob Jul 04 '16 at 03:13

1 Answers1

0

It seems that EF team have a test that uses encryption.

var connectionStringBuilder = new SqlConnectionStringBuilder(SqlServerTestStore.CreateConnectionString("adventureworks"))
{
    Encrypt = encryptionEnabled
};
var options = new DbContextOptionsBuilder();
options.UseSqlServer(connectionStringBuilder.ConnectionString);

using (var context = new AdventureWorksContext(options.Options))
{
    context.Database.OpenConnection();
    Assert.Equal(ConnectionState.Open, context.Database.GetDbConnection().State);
}

TODO: test IdentityDbContext Constructor exposes same constructor as AdventureWorksContext.

OzBob
  • 4,227
  • 1
  • 39
  • 48