Is it possible to have an EF Core middleware or something that can apply to filter to every query?

Ryan Cole 21 Reputation points
2022-04-25T22:44:59.117+00:00

Hi folks,

I've got an existing ASP.NET Core web application that uses EF Core for the database queries. A requirement has come up that requires me to basically filter every query's result using some logic that takes into consideration a user's "permissions". So like, if a user should not be allowed to ever see a particular column in the results, or if a user should never be able to see a particular row with a specific id, etc.

Like I said, this is an existing application and so I'm wondering if there's a nice spot to put some sort of global EF filter in place? As opposed to writing my own method and going through the entire ASP.NET application and modifying every location that uses EF Core.

Is there something like a middleware for EF Core perhaps? Or global filtering before or after a query is realized?

I'm trying to get an idea of what my options might be here before I go and modify hundreds of lines of code.

Thanks!

Entity Framework Core
Entity Framework Core
A lightweight, extensible, open-source, and cross-platform version of the Entity Framework data access technology.
725 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Bruce (SqlWork.com) 61,186 Reputation points
    2022-04-26T18:13:01.15+00:00

    as long as the permission are in the database, and mapped to EF, and the connection is logged in as the user, you could use global filters to filter rows, but not columns.

    to handle column filtering you could use column masking (again requires the connection use the user login):

    https://learn.microsoft.com/en-us/azure/azure-sql/database/dynamic-data-masking-overview?view=azuresql

    note: security should never be an after thought, you should always design the system with security requirements. in this case, you should probably recode the system, rather than looking for a quick hack.

    0 comments No comments