Los*_*les 12 sql-server .net-core sql-server-2016 always-encrypted
我正在尝试使用带有.NET Core的SQL Server 2016的Always Encrypted功能,并且似乎无法使用(还).试图Microsoft.SqlServer.Management.AlwaysEncrypted.AzureKeyVaultProvider从Nuget 导入,我得到一个错误,说明它不兼容:
包Microsoft.SqlServer.Management.AlwaysEncrypted.AzureKeyVaultProvider 1.0.201501028与netstandard1.6不兼容(.NETStandard,Version = v1.6)
有关如何/在何处获得兼容版本的任何想法?
Tim*_*ens 16
.Net Core 3.1 LTS 现在支持 Always Encrypted。
您必须使用 Microsoft.Data.SqlClient.AlwaysEncrypted.AzureKeyVaultProvider nuget 包
Install-Package Microsoft.Data.SqlClient.AlwaysEncrypted.AzureKeyVaultProvider -Version 1.1.1
确保您有 Keyvault 设置。
调试您在 VS 中的帐户必须具有访问密钥库的足够权限。(发布时,应用程序本身必须具有足够的权限:请参阅https://docs.microsoft.com/en-us/azure/key-vault/managed-identity)仅获取和列出权限可能是不够的。
然后在 program.cs 中:
using Microsoft.AspNetCore.Hosting;
using Microsoft.Azure.KeyVault;
using Microsoft.Azure.Services.AppAuthentication;
using Microsoft.Data.SqlClient;
using Microsoft.Data.SqlClient.AlwaysEncrypted.AzureKeyVaultProvider;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.Configuration.AzureKeyVault;
using Microsoft.Extensions.Hosting;
//namespaces etc omitted
public static IHostBuilder CreateHostBuilder(string[] args) =>
Host.CreateDefaultBuilder(args)
.ConfigureAppConfiguration((context, config) =>
{
var keyVaultEndpoint = GetKeyVaultEndpoint();
if (!string.IsNullOrEmpty(keyVaultEndpoint))
{
var azureServiceTokenProvider = new AzureServiceTokenProvider();
var keyVaultClient = new KeyVaultClient(
new KeyVaultClient.AuthenticationCallback(
azureServiceTokenProvider.KeyVaultTokenCallback));
config.AddAzureKeyVault(keyVaultEndpoint, keyVaultClient, new DefaultKeyVaultSecretManager());
SqlColumnEncryptionAzureKeyVaultProvider sqlColumnEncryptionAzureKeyVaultProvider = new SqlColumnEncryptionAzureKeyVaultProvider(new KeyVaultClient.AuthenticationCallback(
azureServiceTokenProvider.KeyVaultTokenCallback));
SqlConnection.RegisterColumnEncryptionKeyStoreProviders(customProviders: new Dictionary<string, SqlColumnEncryptionKeyStoreProvider>(capacity: 1, comparer: StringComparer.OrdinalIgnoreCase)
{
{
SqlColumnEncryptionAzureKeyVaultProvider.ProviderName, sqlColumnEncryptionAzureKeyVaultProvider
}
});
}
})
.ConfigureWebHostDefaults(webBuilder =>
{
webBuilder.UseStartup<Startup>();
});
private static string GetKeyVaultEndpoint() => "https://YOURKEYVAULT.vault.azure.net/";
}
在 StartUp.cs 配置服务中:
using Microsoft.Data.SqlClient;
//Code omitted
services.AddDbContext<EnitiesModel>(options =>
options.UseSqlServer(new SqlConnection(Configuration.GetConnectionString("EntitiesModel"))));
确保您的连接字符串包含 Column Encryption Setting=Enabled 参数:
"ConnectionStrings": {
"EntitiesModel": "Server=SOMESERVER.database.windows.net;Database=SOMEDB;Trusted_Connection=False;Encrypt=True;Integrated Security=False;
MultipleActiveResultSets=true;persist security info=True;user id=SOMEDBACCOUNT;password=SOMEPASSWORD;
Column Encryption Setting=enabled;"
}
小问题:如果您使用数据库脚手架,请确保模型连接字符串也具有列加密设置!(如果你没有改变它,它是带有 VS 警告的脚手架后 DBModel 类内部的标准)
这应该能让你启动并运行......
小智 10
免责声明:我是微软的项目经理
.NET Core目前不支持Always Encrypted.这是我们的路线图,我们还没有时间表.
现在.NET Core 3.0 Preview 5支持它,它提供了一个支持 Always Encrypted 等的新SqlClient。有关更多信息,请参阅此评论。
对于 Key Vault 提供程序,您需要改用Microsoft.Data.SqlClient.AlwaysEncrypted.AzureKeyVaultProvider。