{"id":15430552,"url":"https://github.com/lenisha/core-msodbc-ae","last_synced_at":"2025-11-09T07:30:33.621Z","repository":{"id":116070344,"uuid":"159841066","full_name":"lenisha/core-msodbc-ae","owner":"lenisha","description":"ODBC driver in PCF app with AlwaysEncrypted demo","archived":false,"fork":false,"pushed_at":"2020-03-27T06:56:52.000Z","size":9550,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2024-10-18T06:16:18.091Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/lenisha.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-11-30T15:17:06.000Z","updated_at":"2020-04-26T16:14:15.000Z","dependencies_parsed_at":null,"dependency_job_id":"265d432a-a9b9-4b35-ba77-8eb3a425ef10","html_url":"https://github.com/lenisha/core-msodbc-ae","commit_stats":{"total_commits":13,"total_committers":1,"mean_commits":13.0,"dds":0.0,"last_synced_commit":"294781fce8b467d20ce86fdf44fd121bb720c84f"},"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lenisha%2Fcore-msodbc-ae","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lenisha%2Fcore-msodbc-ae/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lenisha%2Fcore-msodbc-ae/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lenisha%2Fcore-msodbc-ae/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/lenisha","download_url":"https://codeload.github.com/lenisha/core-msodbc-ae/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":239571542,"owners_count":19661164,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-10-01T18:16:55.362Z","updated_at":"2025-11-09T07:30:33.568Z","avatar_url":"https://github.com/lenisha.png","language":"C","funding_links":[],"categories":[],"sub_categories":[],"readme":"## PCF ASP.NET Core Application using SQLServer AlwaysEncrypted on Linux (with ODBC)\n\nThis project demonstrates very simple .NET Core application connecting to SQL Server using ODBC driver.\nDriver details are here: https://docs.microsoft.com/en-us/sql/connect/odbc/linux-mac/installing-the-microsoft-odbc-driver-for-sql-server?view=sql-server-2017\n\n## Application setup\n\nApplications uses Nuget package `System.Data.ODBC` and corresponding OdbcConnection and DataReader - rfor details refer to `HomeController.cs`\n\n###  MS ODBC driver files for Linux 16\nFor the Core application to be able to use it ODBC driver WITHOUT installing it, all the required libraries should be included along with the application.\nIn this example all Ubuntu 16 related libraries and resources are included with the application in `msodbcsql17` directory. (driver version 17.5.2)\nDuring `publish` this directory is copied alond with other application artifacts.\n\nFor the driver to load required libraries and find system ini files, following environment variables have to be set:\n- `LD_LIBRARY_PATH` - points to directory where all driver *.so files are located. For application published to PCF: `/home/vcap/app/msodbcsql17`\n- `ODBCSYSINI` - points to directory where `odbcinst.ini` is located with information about Microsoft ODBC Driver 17. For application published to PCF: `/home/vcap/app/msodbcsql17`\n\nExample could be found in this project `manifest.yml` \n\n### SQL Setup\n\n- Create SQL Database and follow AlwaysEncrypted documentation to grant sql user required permissions. \n- Create Key Vault and service principal that has required persmissions to access and use keys (created and used by AlwaysEncrpted)\n- Create SQL Table and data \nThis example uses very simple SQL table that could be created\n \n ```\nCREATE TABLE dbo.Persons  \n               ( First_Name varchar(25) NOT NULL,  \n                 Last_Name varchar(50) NULL)  \nGO \n\nINSERT Persons Values ('Test', 'Blah blah');\nINSERT Persons Values ('Test2', 'mine blah');\nINSERT Persons Values ('Test3', 'ohhhh blah');\n\nGO\n\n select * from [dbo].[Persons];\n\n  ```\n \n - Use AlwaysEncrypted SSMS wizard or powershell to encrypt one of the columns\n\n### SQL Connection \n\nODBC driver uses connection string in the following format\n\n```    \nDriver={ODBC Driver 17 for SQL Server}; \nServer=tcp:\u003cserver\u003e.database.windows.net,1433;Database=\u003cdatabase\u003e;\nUid=\u003cdb user\u003e;\nPwd=\u003cdb user password\u003e;\nEncrypt=yes;TrustServerCertificate=no;Connection Timeout=30;\n```\nAnd following settings are added to enable AlwaysEncrypted\n```\nColumnEncryption=Enabled; \nKeyStoreAuthentication=KeyVaultClientSecret;\nKeyStorePrincipalId=\u003cspn app id\u003e;\nKeyStoreSecret=\u003cspn secret\u003e;\n```\n\nIn this example full connection string is combined from settings in `appsettings.json` or environment variables that override json file.\n\nRefer to `manifest.yml` for example  of setting connection string variables:\n```\n     ODBC__Server: \"tcp:\u003cserver\u003e,1433\"\n     ODBC__Database: \u003cdb name\u003e\n     ODBC__Uid: \u003cdb user\u003e\n     ODBC__Pwd: \u003cdb user password\u003e\n     ODBC__ColumnEncryption: Enabled\n     ODBC__KeyStoreAuthentication: KeyVaultClientSecret\n     ODBC__KeyStorePrincipalId: \u003cspn id\u003e\n     ODBC__KeyStoreSecret: \u003cspn secret\u003e\n```\n\nMake sure Service Principal is granted access policy for KeyVault Keys including all Cryptographic Operations\n\n### Build and Run\n\nSet all the ODBC connectivity vaules in `manifest.yml` with your SQL server/db and service principal credentials.\n\n- Build and publish the app:\n\n```\ndotnet restore\ndotnet build\ndotnet publish -c Release \n```\n\nNote: added in project file to point to linux runtime (used by PCF cells) and .net runtime that is used by dotnetcore2.1 buildpack \n```\n    \u003cTargetFramework\u003enetcoreapp2.1\u003c/TargetFramework\u003e\n\t\u003cRuntimeIdentifiers\u003eubuntu.16.04-x64\u003c/RuntimeIdentifiers\u003e\n\t\u003cRuntimeFrameworkVersion\u003e2.1.4\u003c/RuntimeFrameworkVersion\u003e\n```\n\n- Navigate to publish directory and push the application and specify buildpack (manifest will be located there as well)\n\n```\ncd bin/Release/netcoreapp2.1/publish\ncf push -f manifest.yml \n```\n\n- Navigate to application home - this page will retrive and show data that was encrypted\n\n#### Note: Tested on both PCF and Ubuntu 14 VM \nTo test on Ubuntu VM with dotnet runtime installed, set all required env variables and run\n```\ndotnet coremvc.dll\n```\n\n## Update driver Notes\n\nOn linux VM install [ODBC Driver](https://docs.microsoft.com/en-us/sql/connect/odbc/linux-mac/installing-the-microsoft-odbc-driver-for-sql-server?view=sql-server-ver15#ubuntu17)\n\nVerify install at `/opt/microsoft/msodbcsql17` , will need all files in installed directory\nand some libraries from dependencies.\nList dependencoes with `ldd` command:\n\n```\nazureuser@xenial:/opt/microsoft/msodbcsql17$ ldd lib64/libmsodbcsql-17.5.so.2.1 \n        linux-vdso.so.1 =\u003e  (0x00007ffff958f000)\n        libdl.so.2 =\u003e /lib/x86_64-linux-gnu/libdl.so.2 (0x00007ffa7091d000)\n        librt.so.1 =\u003e /lib/x86_64-linux-gnu/librt.so.1 (0x00007ffa70715000)\n        libodbcinst.so.2 =\u003e /usr/lib/x86_64-linux-gnu/libodbcinst.so.2 (0x00007ffa704fa000)\n        libkrb5.so.3 =\u003e /usr/lib/x86_64-linux-gnu/libkrb5.so.3 (0x00007ffa70228000)\n        libgssapi_krb5.so.2 =\u003e /usr/lib/x86_64-linux-gnu/libgssapi_krb5.so.2 (0x00007ffa6ffde000)\n        libstdc++.so.6 =\u003e /usr/lib/x86_64-linux-gnu/libstdc++.so.6 (0x00007ffa6fc5c000)\n        libm.so.6 =\u003e /lib/x86_64-linux-gnu/libm.so.6 (0x00007ffa6f953000)\n        libgcc_s.so.1 =\u003e /lib/x86_64-linux-gnu/libgcc_s.so.1 (0x00007ffa6f73d000)\n        libpthread.so.0 =\u003e /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007ffa6f520000)\n        libc.so.6 =\u003e /lib/x86_64-linux-gnu/libc.so.6 (0x00007ffa6f156000)\n        /lib64/ld-linux-x86-64.so.2 (0x00007ffa70f38000)\n        libk5crypto.so.3 =\u003e /usr/lib/x86_64-linux-gnu/libk5crypto.so.3 (0x00007ffa6ef27000)\n        libcom_err.so.2 =\u003e /lib/x86_64-linux-gnu/libcom_err.so.2 (0x00007ffa6ed23000)\n        libkrb5support.so.0 =\u003e /usr/lib/x86_64-linux-gnu/libkrb5support.so.0 (0x00007ffa6eb18000)\n        libkeyutils.so.1 =\u003e /lib/x86_64-linux-gnu/libkeyutils.so.1 (0x00007ffa6e914000)\n        libresolv.so.2 =\u003e /lib/x86_64-linux-gnu/libresolv.so.2 (0x00007ffa6e6f9000)\n ```       \n\n Add all `/usr/lib/x86_64-linux-gnu/libodbc*.so.2` libraries","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flenisha%2Fcore-msodbc-ae","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flenisha%2Fcore-msodbc-ae","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flenisha%2Fcore-msodbc-ae/lists"}