In my azure I created SQL database in that I enabled the Auditing & Threat Detection option for logging audits and threat detections.
Please see the below figure for more information of what I did in Azure SQL database.
I wrote the below code in my controller for detecting SQL Injection threat.
public List<UsersTable> GetUsersTablebyUserName(string username)
{
SqlCommand sqlCmd = new SqlCommand(
"SELECT * FROM UsersTables WHERE UserName='" + username +"'",
new SqlConnection(connectionString.ToString()));
UsersTable userInfo = null;
List<UsersTable> userInfoList = new List<UsersTable>();
using (sqlCmd.Connection = new SqlConnection(connectionString.ToString()))
{
try
{
sqlCmd.Connection.Open();
SqlDataReader reader = sqlCmd.ExecuteReader();
if (reader.HasRows)
{
while (reader.Read())
{
userInfo = new UsersTable()
{
ID = (int)reader[0],
UserName=reader[1].ToString(),
Password=reader[2].ToString()
};
userInfoList.Add(userInfo);
}
}
else
{
return userInfoList;
}
}
catch (Exception ex)
{
throw;
}
}
return userInfoList;
}
After executed the above code successfully, I downloaded the logs from azure portal and open it in excel like this below figure.
Even when I pass the username like test or '1'='1 but it will not track the threat detection in my logs it always shows the access status as success.
How can I see whenever threat detection happen or someone pass the text like test or '1'=’1 to my above SQL Query?
