1. 技术文章
  2. Insert into table via stored procedure from client application using always encrypted AzureKey vault

Insert into table via stored procedure from client application using always encrypted AzureKey vault

╄→尐↘猪︶ㄣ 提交于 2019-12-12 05:28:04

问题


I'm created a client application that do all the encrypt and decrypt values using Always Encryption.

I've used Azure Key vault to store my Keys. I've followed this. It worked for me fine with the hardcoded query (INSERT INTO ....)

But when I tried with a stored procedure, it didn't work. I've already referred to this Stack Post. But the solutions/answer didn't solve my problems unfortunately. So I've decided to open a new question.

This is my C# code 

SqlCommand cmd = _sqlconn.CreateCommand();

// Use parameterized SQL to insert the data
cmd.CommandText = @"INSERT INTO [dbo].[Patients] ([SSN], [FirstName], [LastName], [BirthDate]) VALUES (@SSN, @FirstName, @LastName, @BirthDate);";

SqlParameter paramSSN = cmd.CreateParameter();
paramSSN.ParameterName = @"@SSN";
paramSSN.SqlDbType = SqlDbType.Char;
paramSSN.DbType = DbType.AnsiStringFixedLength;
paramSSN.Direction = ParameterDirection.Input;
paramSSN.Value = ssn;
paramSSN.Size = 11;
cmd.Parameters.Add(paramSSN);

SqlParameter paramFirstName = cmd.CreateParameter();
paramFirstName.ParameterName = @"@FirstName";
paramFirstName.DbType = DbType.String;
paramFirstName.Direction = ParameterDirection.Input;
paramFirstName.Value = firstName;
paramFirstName.Size = 50;
cmd.Parameters.Add(paramFirstName);

SqlParameter paramLastName = cmd.CreateParameter();
paramLastName.ParameterName = @"@LastName";
paramLastName.DbType = DbType.String;
paramLastName.Direction = ParameterDirection.Input;
paramLastName.Value = lastName;
paramLastName.Size = 50;
cmd.Parameters.Add(paramLastName);

SqlParameter paramBirthdate = cmd.CreateParameter();
paramBirthdate.ParameterName = @"@BirthDate";
paramBirthdate.SqlDbType = SqlDbType.Date;
paramBirthdate.Direction = ParameterDirection.Input;
paramBirthdate.Value = birthdate;
cmd.Parameters.Add(paramBirthdate);

cmd.ExecuteNonQuery();

When I changed a little bit for using the stored procedure. It throws error like

Additional information: Operand type clash: char is incompatible with varchar(20) encrypted with (encryption_type = 'DETERMINISTIC', encryption_algorithm_name = 'AEAD_AES_256_CBC_HMAC_SHA_256', column_encryption_key_name = 'CEK_Auto1', column_encryption_key_database_name = 'TestDB') collation_name = 'SQL_Latin1_General_CP1_CI_AS'

string execute = @"[dbo].[insertsp]";

SqlCommand cmd = new SqlCommand(execute, _sqlconn);
cmd.CommandType = CommandType.StoredProcedure;

    SqlParameter paramSSN = cmd.CreateParameter();
    paramSSN.ParameterName = @"@SSN";
    paramSSN.SqlDbType = SqlDbType.Char;
    paramSSN.DbType = DbType.AnsiStringFixedLength;
    paramSSN.Direction = ParameterDirection.Input;
    paramSSN.Value = ssn;
    paramSSN.Size = 11;
    cmd.Parameters.Add(paramSSN);

    SqlParameter paramFirstName = cmd.CreateParameter();
    paramFirstName.ParameterName = @"@FirstName";
    paramFirstName.DbType = DbType.String;
    paramFirstName.Direction = ParameterDirection.Input;
    paramFirstName.Value = firstName;
    paramFirstName.Size = 50;
    cmd.Parameters.Add(paramFirstName);

    SqlParameter paramLastName = cmd.CreateParameter();
    paramLastName.ParameterName = @"@LastName";
    paramLastName.DbType = DbType.String;
    paramLastName.Direction = ParameterDirection.Input;
    paramLastName.Value = lastName;
    paramLastName.Size = 50;
    cmd.Parameters.Add(paramLastName);

    SqlParameter paramBirthdate = cmd.CreateParameter();
    paramBirthdate.ParameterName = @"@BirthDate";
    paramBirthdate.SqlDbType = SqlDbType.Date;
    paramBirthdate.Direction = ParameterDirection.Input;
    paramBirthdate.Value = birthdate;
    cmd.Parameters.Add(paramBirthdate);

    cmd.ExecuteNonQuery();

This is my schema after the Encryption enabled

CREATE TABLE [dbo].[patients]
(
    [ssn] [varchar](20) COLLATE Latin1_General_BIN2 ENCRYPTED WITH (COLUMN_ENCRYPTION_KEY = [CEK_Auto1], ENCRYPTION_TYPE = Deterministic, ALGORITHM = 'AEAD_AES_256_CBC_HMAC_SHA_256') NULL,
    [FirstName] [varchar](50) NULL,
    [LastName] [varchar](50) NULL,
    [BirthDate] [datetime] NULL
)

(PS: I've already enabled the Column Encryption Setting=enabled in my connection string. Also tried with EXEC sys.sp_refresh_parameter_encryption @name = '[dbo].[sp]' - neither works for me)


回答1:


Just a Case Sensitive Issue (@ssn and @SSN).

Please not to forget that

SQL is not caSe SenSitIve

C# is CASE SENSITIVE



来源:https://stackoverflow.com/questions/45103280/insert-into-table-via-stored-procedure-from-client-application-using-always-encr

标签
c#
azure
azure-sql-database
always-encrypted
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!