Error inserting data with EF6 and Always encrypted

always-encrypted azure-sql-database entity-framework-6 poco


We are experiencing some issues with EF6 and Always encrypted feature.

I believe we need to set up something into DBContext, in order to instruct how to encrypt or decrypt columns, but I couldn't find a way to do this.

We already have an ADO access layer, and it works perfectly with encrypted fields. We would rather use EF instead of ADO.

Symptoms are:

  1. With EF, We are able to query the data. And decryption process works fine.
  2. Insertion process throws error below:

Operand type clash: varchar is incompatible with varchar(8000) encrypted with (encryption_type = 'DETERMINISTIC', encryption_algorithm_name = 'AEAD_AES_256_CBC_HMAC_SHA_256', column_encryption_key_name = 'CEK_Auto1', column_encryption_key_database_name = 'Development_v2_qa') collation_name = 'SQL_Latin1_General_CP1_CI_AS'**

  1. Query with where clause, using an encrypted field, throws same error.

Technologies used:

  • EF6 with Poco entities.
  • AzureKeyVault for storing encryp/decryp masterkey.
  • Using SSL Certidicate to authenticate against KeyVault
  • Connection string contains "Column Encryption Setting=enabled;"
  • AzureSqlServer
  • FWK4.6
  • ADO

We have some code which works fine with ADO. It works fine with every SqlConnection

// Instantiate our custom AKV column master key provider.
// It uses the GetToken function as the callback function to authenticate to AKV
SqlColumnEncryptionAzureKeyVaultProvider akvprov = new SqlColumnEncryptionAzureKeyVaultProvider();
akvprov.KeyVaultClient = SecureConfigurationManager.KeyVaultClient;
// Register the instance of custom provider to SqlConnection
Dictionary<string, SqlColumnEncryptionKeyStoreProvider> providers = new Dictionary<string, SqlColumnEncryptionKeyStoreProvider>();
// "SqlColumnEncryptionAzureKeyVaultProvider.ProviderName" is the name of the provider. It must match the string we used when we created the column master key
providers.Add(SqlColumnEncryptionAzureKeyVaultProvider.ProviderName, akvprov);
1/20/2017 12:14:36 AM

Popular Answer

Yep, I just found the same problem, needed to add

[Column(TypeName = "varchar(max)")]

in the POCO type before the field for it to work. Be nice if the error was a bit clearer (and nicer still if NVARCHAR did actually work)

10/18/2017 12:47:52 AM

Related Questions


Licensed under: CC-BY-SA with attribution
Not affiliated with Stack Overflow
Licensed under: CC-BY-SA with attribution
Not affiliated with Stack Overflow