Dynamic data masking with Entity framework

Question

Is it possible to use SQL's Dynamic data masking with Entity framework?

If it is possible, is there any way to combine it with Asp.Identity? Project I'm working on requires that data is masked for certain user roles and visible to others.

We are using database first approach and Entity framework with data fields masked with:

MASKED WITH (FUNCTION = 'default()')

Data needs to be visible to admins and remain masked to other user roles. User roles are defined thru Asp.identity.

How users roles are defined? In SQL table or you are using SQL security groups? — gotqn, Aug 29 '18 at 14:00
User roles are defined in SQL table. For example, user roles are: admin, developer, user, etc... They are used in controllers with annotations: [Authorize(Roles = "admin, developer, user")] — Matt, Aug 29 '18 at 14:05

score 2 · Answer 1 · answered Feb 27 '19 at 16:21

If it suits well your app architecture you can try approach from this blog post this blog post.

In two words you can create special db user which will represent your "other user roles". And then create two instances of DbContext: one for admin and one for the rest of your roles. So, basically, it's all about user identity provided in connection string.

Correct instance of DbContext with right connection string based on current user you can, for example, provide with dependency injection.

Thanks for your answer. As far as I've seen, this may be the only solution. — Matt, Mar 01 '19 at 15:00

Dynamic data masking with Entity framework

1 Answers1

Linked