Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
EF6 not able to work with encrypted columns in some cases
See original GitHub issueHello
Recently, I added an encrypted nullable datetime column to a table in our MSSQL database (using Always Encrypted via documentation for e.g. https://blogs.msdn.microsoft.com/sqlsecurity/2015/08/27/using-always-encrypted-with-entity-framework-6/) and have run into some inexplicable issues:
- Similar to https://github.com/aspnet/EntityFramework6/issues/265 I am seemingly unable to retrieve entities with navigational properties that have an encrypted column. And so the following code:
using (var ctx = new DbContext())
{
return ctx.Locations.Where(...).Include(l => l.UserLocations.Select(ul => ul.User)).ToList();
}
does not work when I’ve added an encrypted, nullable datetime field to User. It fails with the following exception: Operand type clash: datetime2 is incompatible with datetime2(7) encrypted with (encryption_type = 'RANDOMIZED', encryption_algorithm_name = 'AEAD_AES_256_CBC_HMAC_SHA_256', column_encryption_key_name = 'cek_user_dob', column_encryption_key_database_name = 'DB') (actually it’s in the inner exception)
- I have found that I am also unable to update the encrypted value from my web app i.e.
using (var ctx = new DbContext())
{
var user = ctx.Users.Single(...);
user.DateOfBirth = DateTime.Now;
await ctx.SaveChangesAsync();
}
This fails with the following exception: Operand type clash: datetime2(7) encrypted with (encryption_type = 'RANDOMIZED', encryption_algorithm_name = 'AEAD_AES_256_CBC_HMAC_SHA_256', column_encryption_key_name = 'cek_user_dob', column_encryption_key_database_name = 'DB') is incompatible with datetime encrypted with (encryption_type = 'RANDOMIZED', encryption_algorithm_name = 'AEAD_AES_256_CBC_HMAC_SHA_256', column_encryption_key_name = 'cek_user_dob', column_encryption_key_database_name = 'DB') Statement(s) could not be prepared.
I have found however that other operations appear to work i.e. retrieving one or more users e.g.
using (var ctx = new DbContext())
{
return
await ctx.Users
.Include(...)
.FirstOrDefaultAsync(...);
}
We were previously on EF 6.1.3 - I have since updated to EF 6.2.0 but this is still a problem for me. I can confirm that User.DateOfBirth is not being used as a filter for my queries, nor is it the PK of the User table.
Would you be able to shed any light on this please?
Issue Analytics
- State:
- Created 6 years ago
- Reactions:2
- Comments:9 (2 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
I got a similar problem with the following (obfuscated) code:
Which generated: https://gist.github.com/thuannguy/20901ac26ce7bdfc408b07b89f324d53 (I have greatly cut it off!)
The problem here is that when joining many tables, EF had to generate a complex query with many UNION which in turn needed a bunch of default values such as
and if that column is correspondingly union with an encrypted column, I got the incompatible issue. Due to NDA, I can’t publish database schema of the product I’m developing. I will try to see if I can provide a simplified schema when I have time (probably not any time soon 😞 ). I believe this is a known, long time issue that still has no solution. People who encounter it have to either abandon Always Encrypted usage or refactoring their database schemas which is not always a viable option.
anyone found a solution for using EF with Sql server 2016(with some tables having columns encrypted). Even, a simple select on column encrypted table is not working for me. Some workaround could be of great help.