Menu
What is the best way to secure ADO.NET data services? Has anyone used this in production, if yes what security options have you used?
525
ADO.NET is a set of classes that expose data access services for . NET Framework programmers. ADO.NET provides a rich set of components for creating distributed, data-sharing applications.
Deployment refers to the process of copying an asp.net web application from the development system to the server on which the application will be run.
An ADO.NET DataSet contains a collection of zero or more tables represented by DataTable objects. The DataTableCollection contains all the DataTable objects in a DataSet. A DataTable is defined in the System. Data namespace and represents a single table of memory-resident data.
ActiveX Data Objects (ADO) is an application program interface from Microsoft that lets a programmer writing Windows applications get access to a relational or non-relational database from both Microsoft and other database providers.
Here is a blog entry that explains in depth how to secure an ADO .NET Data Service.
57
@tbreffni posts a good blog entry. In addition to that within your ado.net data service you set entity access rules to control how access is provided for the different entities in the underlying entity data model.
Assuming you have code as follows:
public class Northwind : DataService<NorthwindEntities>
{
public static void InitializeService(IDataServiceConfiguration
config)
{
config.SetEntitySetAccessRule("*", EntitySetRights.All);
}
}
the SetEntitySetAccessRule method allows you to reference either the entire entity model or just a specific entity set and then define permissions based on the EntitySetRights enumeration. The following values are in the enumeration:
None Denies all rights to access data.
ReadSingle Authorization to read single data items.
ReadMultiple Authorization to read sets of data.
WriteAppend Authorization to create new data items in data sets.
WriteReplace Authorization to replace data.
WriteDelete Authorization to delete data items from data sets.
WriteMerge Authorization to merge data.
AllRead Authorization to read data.
AllWrite Authorization to write data.
All Authorization to create, read, update, and delete data.
A walkthrough for using the Microsoft ADO.NET Services walks through this process here. The EntitySetRights enumeration is documented here.
27
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
