使用始终加密的AzureKey保险库

时间:2017-07-14 12:42:23

标签: c# azure azure-sql-database always-encrypted

我创建了一个客户端应用程序,它使用Always Encryption完成所有加密和解密值。

我使用Azure Key保管库来存储我的密钥。我跟着this。使用硬编码查询(INSERT INTO ....)

对我很有用

但是当我尝试使用存储过程时,它无效。我已经提到了这个Stack Post。但不幸的是,解决方案/答案并没有解决我的问题。所以我决定开一个新问题。

这是我的C#代码

SqlCommand cmd = _sqlconn.CreateCommand();

// Use parameterized SQL to insert the data
cmd.CommandText = @"INSERT INTO [dbo].[Patients] ([SSN], [FirstName], [LastName], [BirthDate]) VALUES (@SSN, @FirstName, @LastName, @BirthDate);";

SqlParameter paramSSN = cmd.CreateParameter();
paramSSN.ParameterName = @"@SSN";
paramSSN.SqlDbType = SqlDbType.Char;
paramSSN.DbType = DbType.AnsiStringFixedLength;
paramSSN.Direction = ParameterDirection.Input;
paramSSN.Value = ssn;
paramSSN.Size = 11;
cmd.Parameters.Add(paramSSN);

SqlParameter paramFirstName = cmd.CreateParameter();
paramFirstName.ParameterName = @"@FirstName";
paramFirstName.DbType = DbType.String;
paramFirstName.Direction = ParameterDirection.Input;
paramFirstName.Value = firstName;
paramFirstName.Size = 50;
cmd.Parameters.Add(paramFirstName);

SqlParameter paramLastName = cmd.CreateParameter();
paramLastName.ParameterName = @"@LastName";
paramLastName.DbType = DbType.String;
paramLastName.Direction = ParameterDirection.Input;
paramLastName.Value = lastName;
paramLastName.Size = 50;
cmd.Parameters.Add(paramLastName);

SqlParameter paramBirthdate = cmd.CreateParameter();
paramBirthdate.ParameterName = @"@BirthDate";
paramBirthdate.SqlDbType = SqlDbType.Date;
paramBirthdate.Direction = ParameterDirection.Input;
paramBirthdate.Value = birthdate;
cmd.Parameters.Add(paramBirthdate);

cmd.ExecuteNonQuery();

当我改变一点使用存储过程时。它会抛出错误,如

  

其他信息:操作数类型冲突:char是与(将encryption_type = 'DETERMINISTIC',encryption_algorithm_name = 'AEAD_AES_256_CBC_HMAC_SHA_256',column_encryption_key_name = 'CEK_Auto1',column_encryption_key_database_name = 'TESTDB')COLLATION_NAME = 'SQL_Latin1_General_CP1_CI_AS' 加密VARCHAR(20)不相容

string execute = @"[dbo].[insertsp]";

SqlCommand cmd = new SqlCommand(execute, _sqlconn);
cmd.CommandType = CommandType.StoredProcedure;

    SqlParameter paramSSN = cmd.CreateParameter();
    paramSSN.ParameterName = @"@SSN";
    paramSSN.SqlDbType = SqlDbType.Char;
    paramSSN.DbType = DbType.AnsiStringFixedLength;
    paramSSN.Direction = ParameterDirection.Input;
    paramSSN.Value = ssn;
    paramSSN.Size = 11;
    cmd.Parameters.Add(paramSSN);

    SqlParameter paramFirstName = cmd.CreateParameter();
    paramFirstName.ParameterName = @"@FirstName";
    paramFirstName.DbType = DbType.String;
    paramFirstName.Direction = ParameterDirection.Input;
    paramFirstName.Value = firstName;
    paramFirstName.Size = 50;
    cmd.Parameters.Add(paramFirstName);

    SqlParameter paramLastName = cmd.CreateParameter();
    paramLastName.ParameterName = @"@LastName";
    paramLastName.DbType = DbType.String;
    paramLastName.Direction = ParameterDirection.Input;
    paramLastName.Value = lastName;
    paramLastName.Size = 50;
    cmd.Parameters.Add(paramLastName);

    SqlParameter paramBirthdate = cmd.CreateParameter();
    paramBirthdate.ParameterName = @"@BirthDate";
    paramBirthdate.SqlDbType = SqlDbType.Date;
    paramBirthdate.Direction = ParameterDirection.Input;
    paramBirthdate.Value = birthdate;
    cmd.Parameters.Add(paramBirthdate);

    cmd.ExecuteNonQuery();

这是启用加密后的架构

CREATE TABLE [dbo].[patients]
(
    [ssn] [varchar](20) COLLATE Latin1_General_BIN2 ENCRYPTED WITH (COLUMN_ENCRYPTION_KEY = [CEK_Auto1], ENCRYPTION_TYPE = Deterministic, ALGORITHM = 'AEAD_AES_256_CBC_HMAC_SHA_256') NULL,
    [FirstName] [varchar](50) NULL,
    [LastName] [varchar](50) NULL,
    [BirthDate] [datetime] NULL
)

(PS:我已经在我的连接字符串中启用了列加密设置=启用。也尝试使用EXEC sys.sp_refresh_parameter_encryption @name = '[dbo].[sp]' - 对我来说都不适用)

1 个答案:

答案 0 :(得分:1)

只是一个区分大小写的问题(@ssn和@SSN)。

请不要忘记

SQL不是caS SenSitIve

C#是案例敏感