Using Always Encrypted with the Entity Framework and Azure Key Vault

Question

Using Always Encrypted with the Entity Framework and Azure Key Vault

I encrypted several columns in the Azure SQL database using Always Encrypted and the master column key stored in the Azure Key keystore, but I had problems accessing them from my application using the Entity Framework.

An MSDN article and an older blog post were posted there that explained how to configure SqlConnection to use Always Encrypted using the Azure key store, so I assume that a regular DbContext can be created using the / a> constructor , which accepts DbConnection.

The problem is that I use IdentityDbContextone that does not have this constructor - the only constructor that accepts DbConnectionalso accepts a value DbCompiledModelthat currently goes beyond my salary.

Can someone explain how to configure IdentityDbContextto use a keystore?

+4

sql-server entity-framework azure-keyvault always-encrypted

Jonathan sayce Jun 09 '16 at 17:45

source share

1 answer

Ozbob · Answer 1 · 2016-07-04T03:42:29+0000

It seems that the EF team has a test that uses encryption .

var connectionStringBuilder = new SqlConnectionStringBuilder(SqlServerTestStore.CreateConnectionString("adventureworks"))
{
    Encrypt = encryptionEnabled
};
var options = new DbContextOptionsBuilder();
options.UseSqlServer(connectionStringBuilder.ConnectionString);

using (var context = new AdventureWorksContext(options.Options))
{
    context.Database.OpenConnection();
    Assert.Equal(ConnectionState.Open, context.Database.GetDbConnection().State);
}

TODO: test IdentityDbContext Constructor provides the same constructor as AdventureWorksContext.

Using Always Encrypted with the Entity Framework and Azure Key Vault

More articles: