I am an anti-ORM person, and I personally would create a Stored Procedure to do this and pass in your "parameters" as a delineated string.
Without knowing what type the field values are in your program or database and what they may contain; I am going to base this off of a common type (string or numeric) and I am going to just use a comma as a deliminator
Here is a sample SQL Stored Procedure
CREATE PROCEDURE dbo.MyTable_Delete_ByIdentifierAndValues (
@Identifier INT,
@FieldValues NVARCHAR(8000),
@Delineator NCHAR(1) = ','
) AS
BEGIN
DELETE MyTable
WHERE identifier = @Identifier
AND [value] IN ( SELECT value FROM STRING_SPLIT(@FieldValues, @Delineator);
END
GO
And here is the rough C# code to utilize it
SqlConnection conn = new SqlConnection(connectionstring);
string Delineator = ",";
int RowsAffected = -1;
SqlCommand cmd = new SqlCommand("dbo.MyTable_Delete_ByIdentifierAndValues", conn);
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.AddWithValue("@Indetifier", );
cmd.Parameters.AddWithValue("@FieldValues", );
cmd.Paramaters.AddWithValue("Delineator", Delineator);
conn.Open();
RowsAffected = cmd.ExecuteNonQuery();
conn.Close();