EF1000: Possible SQL injection vulnerability

ASP.NET 5, Entity Framework 7 & SQL Server 2014 - multiple dbContexts, SQL views

I have created a solution in Visual Studio 2015 consisting of a Web project (using the ASP.NET 5 Beta 6 Web Application Preview Template), and a Model project (using Entity Framework 7 Beta 6)....I got to the point where I could get data from a SQL Server database and display it on a page. Then, I wanted to try pulling data from two different datab...

Is it possible to execute custom SQL query using EF7

I decided to move one of my projects to Entity Framework 7 (rc1-final). I am targeting SQL Server and ...EntityFramework.MicrosoftSqlServer... package is also installed....I have only one problem: it seems like I can't execute custom SQL query in order to fetch some objects from DB....DatabaseFacade... object (which can be accessed via ...DbContext...

Is it possible to perform a SQL Injection on a application that uses Entity Framework?

Can ...Entity Framework... be hacked? ...Is it possible to perform a ...SQL Injection... on a application that uses EF? ...If so, can someone please provide a full example of how that might be done? I couldn't find any specific to EF in C#.

VS Solution Explorer Analyzers exclamation: ef1000 "possible sql injection vulnerability"

Just unload the project and reload it again, the warning is disappeared. ...The source...UPDATE for Visual Studio 2019:...If you use Visual Studio 2019 you have always to get last version. So if there are any updates available just install it....Click on Help => Check for Updates => Update.

VS Solution Explorer Analyzers exclamation: ef1000 "possible sql injection vulnerability"

Just unload the project and reload it again, the warning is disappeared. ...The source...UPDATE for Visual Studio 2019:...If you use Visual Studio 2019 you have always to get last version. So if there are any updates available just install it....Click on Help => Check for Updates => Update.

How can I avoid SQL injection in this EF Core query?

Since EF Core does not currently execute group by queries in the database, I'm using the following query to get the job done (...InvoiceQuery... is a ...DbQuery... type):...long merchantId = 177; var invTokens = new List<string> {"qasas", "efsac"}; string inClause = string.Join(",", invTokens); string query = $@"SELECT i.Token, i.Balance, COALESCE...

Refreshing Azure Active Directory access token in ASP.NET Core with dependency injection for SQL Database

I have an ASP.NET Core website (with Razor pages) that is using an Azure SQL Database with Entity Framework Core. I create the database context in the Startup.cs for dependency injection. The tricky part is that I'm using Azure Active Directory authentication against the database with Managed Identity from my App Service. So my connection string do...

ASP.NET Core - Repository dependency injection fails on Singleton injection

I am using ...SoapCore... to create a web service for my ASP.NET Core MVC application....I am using Entity Framework Core and a simple Repository pattern to get my DB data....I am injecting my repository classes via ....AddSingleton()... in my Startup.cs:...services.AddSingleton<IImportRepository, ImportRepository>(); services.AddSingleton<IWebServ...

FromSqlRaw parameter from a List<String> that is safe from sql injection

I am having an issue where I need to perform a raw query using entity framework core that requires a list of strings as its parameter for a Where IN statement and I can get the query to work, but I am worried about SQL Injection attacks. My query will look something like this:... public static string BulkGetColumn3Query { get ...

SQL query to LINQ expression - Entity Core Framework 3 + SQL Server

DECLARE @thirtyDaysAgo DATETIME = getdate()-30 SELECT sum(case when CreatedWhen >= @thirtyDaysAgo then 1 else 0 end) lessThan30, sum(case when CreatedWhen < @thirtyDaysAgo then 1 else 0 end) Greaterthan30 FROM ThisAwesomeTable ...Cannot figure out how to convert this to a fluent query....The intent is to count the number of rows that were created...

Is this possible run query SQL select statement on dynamically table name?

I create dynamically table when website is active with this code:...public void CreateTable(string tableName, string field1, double field2, ...) { string Raw = string.Format("CREATE TABLE [{0}] ([ID] UNIQUEIDENTIFIER NOT NULL, [{1}] NVARCHAR (MAX) NOT NULL, [{2}] FLOAT NOT NULL, ..., , CONSTRAINT[PK_{0}] PRIMARY KEY CLUSTERED([ID] ASC);", tableNa...