In this tip, we are going to create an assembly using .NET managed code to encrypt and decrypt a
string. After that, we will use the same assembly to create a CLR function in SQL server as a scalar function.
We can create a function within SQL Server that depends on a SQL assembly which itself is compiled using any of the .NET framework Common Language Runtime (CLR) managed code.
Beginning with SQL Server 2005, we can write user-defined functions which are of scalar (which returns single value) and table-valued function types. However, in this blog post, we are dealing with Scalar type CLR functions.
T-SQL has a lot of inbuilt functions and features. However to custom our own complex logic, we use any CLR managed code like C# or VB.NET, etc., and incorporate it in SQL environment.
Here are the steps to create Scalar CLR functions:
Create a project of type "Class Library" using Visual Studio.
static methods. In our case, "
Encrypt" and "
SqlFunction()" attribute to all the functions that need to be accessed from SQL Server. This attribute can be found in "Microsoft.SqlServer.Server" namespace.
Compile & build the application in "Release" mode to get the assembly (.dll) from the Bin folder.
Now go to SQL Server MS; select your database and create New Query and execute the following statements below to enable CLR:
sp_configure 'clr enabled', 1;
If you encounter any compatibility level errors, then check to see your database compatibility level using:
If it is set to
100 or above, execute the following statement to set it to
sp_dbcmptlevel 'SQLCLR', 90
Before adding the 'DLL' to the SQL assemblies, you need to set the database to trustworthy. This can be used to reduce threats that can exist as a result of attaching a database that contains (malicious) assemblies with an
UNSAFE permission setting:
ALTER DATABASE SET TRUSTWORTHY ON
Now expand your database node to go to "Assemblies" located under "Programmability" and create a new assembly.
Browse the DLL path from the Bin/Release folder.
Note: Assembly name will pick automatically from the imported DLL file.
Now, click the button next to Assembly owner to select the appropriate owner from the existing user list. From the "Select Assembly Owner" window, click browse... button to see all list of owners. Select appropriate names (In my case, I chose "
dbo" user) from the list and click OK.
Next, we need to set valid permissions. As we are using
static "Encrypt" and
"Decrypt" methods, we need to set the permissions to "
Unrestricted" mode as shown below:
If everything works well, you will see an assembly created within Assemblies node.
(Note: In case you get any errors, check the steps #5, #6 and #7.)
So far, most of the work is done. All we need to do now is to create two scalar functions under "Functions/Scalar-valued Functions" node. We will create
Decrypt functions in SQL Server with an external name specific to the assembly namespace. Execute the following query to create external names:
CREATE FUNCTION [dbo].Encrypt(@Input nvarchar(max)) RETURNS nvarchar(max)
EXTERNAL NAME EDCLR.EDCLR.Encrypt
CREATE FUNCTION [dbo].Decrypt(@Input nvarchar(max)) RETURNS nvarchar(max)
EXTERNAL NAME EDCLR.EDCLR.Decrypt;
When everything is ready, use the following query to
Encrypt the given
Select dbo.Encrypt('Hello World')
and use function to
Decrypt the given encrypted
These scalar functions can be used to encrypt any sensitive information within SQL without depending on the code. Visit MSDN to know more about CLR functions.
Points of Interest
Make sure you reconfigure your database to enable CLR.