Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Deployment of ADO.NET Data Service

Tags:

security

wcf-data-services

What is the best way to secure ADO.NET data services? Has anyone used this in production, if yes what security options have you used?

like image 525
user80855 Avatar asked Apr 13 '09 00:04

user80855

People also ask

What is Microsoft ADO.NET data services?

ADO.NET is a set of classes that expose data access services for . NET Framework programmers. ADO.NET provides a rich set of components for creating distributed, data-sharing applications.

What is deployment in ASP NET?

Deployment refers to the process of copying an asp.net web application from the development system to the server on which the application will be run.

What is ADO.NET and what is an ADO.NET DataSet?

An ADO.NET DataSet contains a collection of zero or more tables represented by DataTable objects. The DataTableCollection contains all the DataTable objects in a DataSet. A DataTable is defined in the System. Data namespace and represents a single table of memory-resident data.

What is ADO what is its purpose?

ActiveX Data Objects (ADO) is an application program interface from Microsoft that lets a programmer writing Windows applications get access to a relational or non-relational database from both Microsoft and other database providers.

2 Answers

Here is a blog entry that explains in depth how to secure an ADO .NET Data Service.

like image 57
tbreffni Avatar answered Oct 02 '22 04:10

tbreffni

@tbreffni posts a good blog entry. In addition to that within your ado.net data service you set entity access rules to control how access is provided for the different entities in the underlying entity data model.

Assuming you have code as follows:

public class Northwind : DataService<NorthwindEntities>
{
    public static void InitializeService(IDataServiceConfiguration
                                                   config)
    {
        config.SetEntitySetAccessRule("*", EntitySetRights.All);
    }
}

the SetEntitySetAccessRule method allows you to reference either the entire entity model or just a specific entity set and then define permissions based on the EntitySetRights enumeration. The following values are in the enumeration:

None Denies all rights to access data.

ReadSingle Authorization to read single data items.

ReadMultiple Authorization to read sets of data.

WriteAppend Authorization to create new data items in data sets.

WriteReplace Authorization to replace data.

WriteDelete Authorization to delete data items from data sets.

WriteMerge Authorization to merge data.

AllRead Authorization to read data.

AllWrite Authorization to write data.

All Authorization to create, read, update, and delete data.

A walkthrough for using the Microsoft ADO.NET Services walks through this process here. The EntitySetRights enumeration is documented here.

like image 27
t3rse Avatar answered Oct 02 '22 05:10

t3rse
Sign in to Comment

Related questions

How to check if user is a Domain User or Local User?
Protecting twitter keys on Android
Should I use ValidateAntiForgeryToken in every POST request? [closed]
Veracode Insecure Temporary File error when using java.io.File.createTempFile
AcceptSecurityContext fails when application is running as a service
Security concerns with base64 encoded images
In Rails, can the secret_key_base be updated without losing previously signed data?
Why does Spring Security use default pre authentication checks?
Where to put security when using DDD - domain driven design
Secure Excel Workbook (with VBA) from reuse with different data
How in Django/Python can I ensure safety from WYSIWYG-entered HTML?
Since which java version SHA-256 and SHA256withRSA are supported for timestamp at signed jar files
Does the JSSE in Oracle JDK8 implements TLS Fallback SCSV?
Should I send the id token from my SPA to my rest backend?
Decryption of openssl packets with static certificates
(Fortify) Category: Android Bad Practices: Missing Google Play Services Updated Security Provider (1 Issues)
JWT with SPA without a server
Setting up simple SAFE http server in Python3
Link keyrings in initramfs using syscall()
Guidelines to build a secure JWT authentication process?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!