0

I have one application which is finished and working. But recently arrived security instruction that every DB access have to be done via stored procedures and it applies for users and applications too.

This application run at ASP .NET MVC framework (version 4) and have ORM declared this kind of way

[Table("TableName1")]
public class TableName1
{
    [Key]
    public int ID { get; set; }

    [MaxLength(250), Index("IX_NameCountry", 1, IsUnique = true, IsClustered = false)]
    public string Name { get; set; }
    ...
}

public ICollection<TableName2> TableName2
        {
            get
            {
                return Database.SqlQuery<TableName2>("SELECT * FROM dbo.TableName2").ToList();
            }
        }

Im beginner with MVC and EF, but i found that EF6 support stored procedure mapping. What is the easiest way of rewriting the application ? I would very thankful for one example how i can remap the table mapping :-)

thank you

Muflix
  • 6,192
  • 17
  • 77
  • 153
  • 1
    That is a really *really* bad decision, on the part of someone. They are now adding a maintenance nightmare and slowing down (or making completely redundant) any SQL/LINQ code. – iCollect.it Ltd May 06 '15 at 14:25

1 Answers1

1

See: How to call Stored Procedure in Entity Framework 6 (Code-First)?

As a side, depending on your application size this could be a huge undertaking to something that sounds like a knee jerk reaction by someone in response to something.

I would tactfully respond by explaining it would be better to spend resources for you (and your team) to review the existing code base where you tough the DB and fix any security holes. Request your app to be pen tested.

There could be risk to the business / users because the bugs this could potentially introduce - think of all those LINQ Expressions you will have to translate to SQL :)

Community
  • 1
  • 1
SimonGates
  • 5,961
  • 4
  • 40
  • 52
  • Thank you, i know its a nightmare, but the application is not so big, but is little more complicated, therefore i dont want to be rewriting the LINQ expressions. I thought there could be a way that data will still look like as an object to the framework, but data will be not loaded from the tables but from procedures. I think about exception request too for this application, but in vision of planned security audit i have no positive expectation. Of course that we will test the application before releasing it to business :-)) Thank you for the link, i will look into that. – Muflix May 06 '15 at 15:40