gebeurtenis
31 mrt, 23 - 2 apr, 23
De grootste SQL-, Fabric- en Power BI-leerevenement. 31 maart – 2 april. Gebruik code FABINSIDER om $ 400 te besparen.
Zorg dat u zich vandaag nog registreertTutorial: Develop a .NET application using Always Encrypted with secure enclaves
Applies to: 
SQL Server 2019 (15.x) and later - Windows only
Azure SQL Database
Applies to:
.NET Framework
.NET Core 
.NET Standard
This tutorial teaches you how to develop an application that issues database queries that use a server-side secure enclave for Always Encrypted with secure enclaves.
Make sure you've completed one of the Getting started using Always Encrypted with secure enclaves tutorials before following the below steps in this tutorial.
In addition, you need Visual Studio (version 2022 is recommended) - you can download it from https://visualstudio.microsoft.com/. Your application development environment must use .NET Framework 4.6.1 or later or .NET Core 3.1 or later.
To use Always Encrypted with secure enclaves in a .NET Framework application, you need to make sure your application targets .NET Framework 4.6.1 or higher. To use Always Encrypted with secure enclaves in a .NET Core application, you need to make sure your application targets .NET Core 3.1 or higher.
In addition, if you store your column master key in Azure Key Vault, you also need to integrate your application with the Microsoft.Data.SqlClient.AlwaysEncrypted.AzureKeyVaultProvider NuGet.
Open Visual Studio.
Create a new C# Console App (.NET Framework / Core) project.
Make sure your project targets at least .NET Framework 4.6 or .NET Core 3.1. Right-click on the project in Solution Explorer, select Properties and set the Target framework.
Install the following NuGet package by going to Tools (main menu) > NuGet Package Manager > Package Manager Console. Run the following code in the Package Manager Console.
PowerShellInstall-Package Microsoft.Data.SqlClient -Version 5.0.1If you use Azure Key Vault for storing your column master keys, install the following NuGet packages by going to Tools (main menu) > NuGet Package Manager > Package Manager Console. Run the following code in the Package Manager Console.
PowerShellInstall-Package Microsoft.Data.SqlClient.AlwaysEncrypted.AzureKeyVaultProvider -Version 3.0.0 Install-Package Microsoft.IdentityModel.Clients.ActiveDirectory
Your application will connect to the ContosoHR database that was created in one of the tutorials, see Prerequisites and it will run a query that contains the LIKE predicate on the SSN column and a range comparison on the Salary column.
Replace the content of the Program.cs file (generated by Visual Studio) with the following code.
csusing System; using Microsoft.Data.SqlClient; using System.Data; namespace ConsoleApp1 { class Program { static void Main(string[] args) { // Connection string for SQL Server string connectionString = "Data Source = myserver; Initial Catalog = ContosoHR; Column Encryption Setting = Enabled;Attestation Protocol = HGS; Enclave Attestation Url = http://hgs.bastion.local/Attestation; Integrated Security = true"; // Connection string for Azure SQL Database with Intel SGX enclaves //string connectionString = "Data Source = myserver.database.windows.net; Initial Catalog = ContosoHR; Column Encryption Setting = Enabled;Attestation Protocol = AAS; Enclave Attestation Url = https://myattestationprovider.uks.attest.azure.net/attest/SgxEnclave; User ID=user; Password=<password>"; // Connection string for Azure SQL Database with VBS enclaves //string connectionString = "Data Source = myserver.database.windows.net; Initial Catalog = ContosoHR; Column Encryption Setting = Enabled;Attestation Protocol = None; User ID=user; Password=<password>"; using (SqlConnection connection = new SqlConnection(connectionString)) { connection.Open(); SqlCommand cmd = connection.CreateCommand(); cmd.CommandText = @"SELECT [SSN], [FirstName], [LastName], [Salary] FROM [HR].[Employees] WHERE [SSN] LIKE @SSNPattern AND [Salary] > @MinSalary;"; SqlParameter paramSSNPattern = cmd.CreateParameter(); paramSSNPattern.ParameterName = @"@SSNPattern"; paramSSNPattern.DbType = DbType.AnsiStringFixedLength; paramSSNPattern.Direction = ParameterDirection.Input; paramSSNPattern.Value = "%9838"; paramSSNPattern.Size = 11; cmd.Parameters.Add(paramSSNPattern); SqlParameter MinSalary = cmd.CreateParameter(); MinSalary.ParameterName = @"@MinSalary"; MinSalary.DbType = DbType.Currency; MinSalary.Direction = ParameterDirection.Input; MinSalary.Value = 20000; cmd.Parameters.Add(MinSalary); cmd.ExecuteNonQuery(); SqlDataReader reader = cmd.ExecuteReader(); while (reader.Read()) { Console.WriteLine(reader[0] + ", " + reader[1] + ", " + reader[2] + ", " + reader[3]); } Console.ReadKey(); } } } }Update the database connection string.
- Set the valid server name and your database authentication settings.
- If you're using attestation for your database, set Enclave Attestation Protocol to the correct value for your attestation service (
HGSfor Host Guardian Service orAASfor Microsoft Azure Attestation). Otherwise, set Enclave Attestation Protocol toNone.
Build and run the application.
Aanvullende resources
Training
Leertraject
Een beveiligde omgeving implementeren voor een databaseservice - Training
Een beveiligde omgeving implementeren voor een databaseservice
Certificering
Microsoft-gecertificeerd: Azure Cosmos DB-ontwikkelaarsspecialisatie - Certifications
Schrijf efficiënte query's, maak indexeringsbeleid, beheer en inrichting van resources in de SQL-API en SDK met Microsoft Azure Cosmos DB.
Documentatie
-
Maak kolomhoofdsleutels voor Always Encrypted & aan - SQL Server
Meer informatie over het selecteren van een sleutelarchief en het maken van kolomhoofdsleutels voor SQL Server Always Encrypted.