C#•3y ago

❔ Enabling "Always Encrypted" created a clash of datatypes

My normal working code

_dbContext.MyClass.Add(MyObject);

_dbContext.MyClass.Add(MyObject);

crashes when enabling encryption and saving.

Operand type clash: nvarchar is incompatible with nvarchar(4000) encrypted..

I tried changing forcing the nvarchar to 4000 and I enabled everything I saw in the docs.

JakenVeina•5/26/23, 10:06 PM

what docs?

JakenVeina•5/26/23, 10:07 PM

what is _dbContext?

JakenVeina•5/26/23, 10:07 PM

what is nvarchar?

OkOkOP•5/26/23, 10:10 PM

The docs for Always Encrypted

_dbContext is your run-of-the-mill pattern inheriting from dbContext

nvarchar is a standard datatype in Sql-server

OkOkOP•5/26/23, 10:10 PM

https://learn.microsoft.com/en-us/sql/relational-databases/security/encryption/always-encrypted-tutorial-getting-started?tabs=ssms&view=sql-server-ver16&viewFallbackFrom=azuresql

Tutorial: Getting started with Always Encrypted - SQL Server

This tutorial teaches you how to encrypt columns using Always Encrypted and how to query encrypted columns in SQL Server, Azure SQL Database, and Azure SQL Managed Instance.

JakenVeina•5/26/23, 10:14 PM

that doesn't appear to reference EF Core at all

JakenVeina•5/26/23, 10:15 PM

how are you configuring this for EF Core?

OkOkOP•5/26/23, 10:16 PM

It does not, I don't seem to be able to find much about using Always Encrypted with EF.

JakenVeina•5/26/23, 10:16 PM

might not be supported

JakenVeina•5/26/23, 10:17 PM

reading the error, and similar errors online, it seems to me that EF is sending unencrpyted strings to the database

OkOkOP•5/26/23, 10:17 PM

But EF is just converted to normal SQL before reaching the DB?

JakenVeina•5/26/23, 10:17 PM

which the database treats as values that are incompatible with an encrypted column

JakenVeina•5/26/23, 10:17 PM

which makes sense, the entire point of Always Encrypted is that the database never sees the unencrypted values

JakenVeina•5/26/23, 10:18 PM

EF would have to be instructed about which columns need to be encrpyted before being sent

OOkOk But EF is just converted to normal SQL before reaching the DB?

JakenVeina•5/26/23, 10:18 PM

yes, and that's the part it can't do correctly

OkOkOP•5/26/23, 10:18 PM

I was wondering if the DB would intelligently look at the data and see it is unencrypted and reject it, or if it wouldn't matter as long as the data is not over 4000 nvarchars

JakenVeina•5/26/23, 10:19 PM

nope

JakenVeina•5/26/23, 10:19 PM

EF doesn't work that way

JakenVeina•5/26/23, 10:19 PM

EF's concept of what the database is is 100% based on the EF modeling code you either write or have generated

JakenVeina•5/26/23, 10:20 PM

if you don't tell it which columns are encrypted, it can't know

OkOkOP•5/26/23, 10:20 PM

Just looking at the database column, it claims that the datatype is just as before the encryption, a un-nullable nvarchar(max)

JakenVeina•5/26/23, 10:21 PM

but it's encrypted

OkOkOP•5/26/23, 10:21 PM

Is that a different datatype?

JakenVeina•5/26/23, 10:21 PM

which, from what I can tell, makes it NOT the same data type

OkOkOP•5/26/23, 10:21 PM

Okey because that is what I was wondering

JakenVeina•5/26/23, 10:21 PM

that's my understanding from looking at the docs and such for about 5 minutes, anyway

Accord•5/27/23, 10:25 PM

Was this issue resolved? If so, run

/close

/close

otherwise I will mark this as stale and this post will be archived until there is new activity.