使用存儲過程從 AspNetUsers 表中檢索所有或單個用戶

Question

我看到很多關於 ASP.Net Core Identity 使用存儲過程存儲 DATA 的信息，我嘗試並使用相同的方法從 SQL 中的 AspNetUsers 表中檢索/獲取所有或單個用戶詳細信息，但沒有成功。 下面是我的代碼。

我的存儲過程

alter PROCEDURE [dbo].[spEmployeeDetails]


@EmployeeID varchar(50) = ''

AS
BEGIN
    IF(@EmployeeID !='')
    BEGIN
        SELECT * FROM AspNetUsers WHERE EmployeeId like @EmployeeID + '%'
    END
    ELSE
    BEGIN
        SELECT * FROM AspNetUsers
    END
END

Model class

 public class AppUsers:IdentityUser
    {
      
        public string EmployeeId { get; set; }  
        public string FName { get; set; }  
        public string LName { get; set; }  
        public string Nationality { get; set; }  
        public string PositionTitle { get; set; }  
        public string Department { get; set; }
        public string DepartmentCode { get; set; }
        public string PosCode { get; set; }
        public string Grade { get; set; }
}

服務 class

  public AppUsers GetaUser(string id)
        {
          
            var getuser = context.AppUsers.FromSqlRaw($"spEmployeeDetails {id}").ToList();

            return getuser.FirstOrDefault();

        }

我得到的錯誤是

InvalidOperationException: 'FromSqlRaw' or 'FromSqlInterpolated' was called with non-composable SQL and with a query composing over it. Consider calling 'AsEnumerable' after the method to perform the composition on the client side.

我也試過這段代碼，但沒有運氣

     IEnumerable<AppraisalUsers> objd = context.AppraisalUsers.FromSqlRaw($"spEmployeeDetails {id}").AsEnumerable<AppraisalUsers>();

誰能幫我從身份框架生成的 AspNetUsers 表中檢索用戶

我正在研究Core3.1

Answer 1

您應該使用FromSqlInterPolated而不是FromSqlRaw來阻止 sql 注入攻擊。

您可以嘗試像這樣添加 SQL 參數名稱

context.AppUsers.FromSqlInterPolated ($"exec spEmployeeDetails @EmployeeID={id}")

您也可以將其編寫為純 ef 核心代碼

return context.AppUsers.FirstOrDefault(e => e.EmployeeId == id);