Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

WCF, Entity Framework & Data Contracts

Using VS 2008 & .NET 3.5 SP1:

I am using WCF to allow clients to connect to a service that reads and writes database entries using Entity Framework. By default the entities that are generated automatically from the database have the DataContract attribute applied.

Unfortunately many of the fields are exposed are not meant for consumption by the client (i.e. - records of who is accessing what data, etc.) and for security reasons I would rather keep them from being exposed. Is there any way to avoid Entity Framework classes from being exposed in this manner?

Note: This is not a duplicate of How to prevent private properties in .NET entities from being exposed as public via services?. In that question the user wishes to selectively display certain fields, whereas I would like the entity to not be exposed as a DataContract at all.

Thanks in advance.

like image 482
Malcolm Avatar asked Jul 13 '09 20:07

Malcolm


People also ask

Can we use Entity Framework in WCF service?

WCF Services should have explicit boundaries. The WCF Service Library template can be used to create WCF Services that will be hosted by the WCF Service Host, and these can be tested using the WCF Service Test Client. Entity Framework can be used to model backend databases.

What is WCF in .NET framework?

Windows Communication Foundation (WCF) is a framework for building service-oriented applications. Using WCF, you can send data as asynchronous messages from one service endpoint to another. A service endpoint can be part of a continuously available service hosted by IIS, or it can be a service hosted in an application.

What is WPF and WCF?

WCF = Windows COMMUNICATION Foundation. WPF = Windows PRESENTATION Foundation. WCF deals with communication (in simple terms - sending and receiving data as well as formatting and serialization involved), WPF deals with presentation (UI) Follow this answer to receive notifications.

Is WCF deprecated?

NET, its heyday had passed and new technologies like gRPC were seen as the way forward. WCF was deprecated and handed over to the community, and developers working on . NET 5 and beyond were encouraged to look at alternative approaches to build service-oriented architectures. The move away from WCF in the new .


3 Answers

Are you aware that your entities do not need to map one to one with the database? In particular, you can leave out columns, or even entire tables that are not relevant.

The entity model is meant to be a conceptual model. You can easily create a set of entities for exposure to one set of clients (web services, perhaps), and another set, mapping to the same database, that is meant for a different client (web application, perhaps).

On the other hand, I always recommend against ever exposing Entity Framework objects through a web service. Microsoft unfortunately exposes implementation-dependent properties by marking them with [DataMember]. I just now tried this with a simple service returning a SalesOrderHeader from AdventureWorks. My client received proxy versions of the following EF types:

  • EntityKeyMember
  • StructuralObject
  • EntityObject
  • EntityKey
  • EntityReference
  • RelatedEnd

These are not things your clients need to know about.

I prefer exposing Data Transfer Objects, and copying the properties from one to the other. Obviously, this is better done through reflection or code generation, than by hand. I've done it through code generation in the past (T4 templates).

An option I haven't tried is AutoMapper.

like image 122
John Saunders Avatar answered Oct 02 '22 06:10

John Saunders


We use separate classes for the DataContract objects. We have an interface with one method, ToContract(), and all of our entities implement this interface in a partial class file. It's extra work, and it's boilerplate, but it seems the simplest way to get the separation and granularity of control we need.

like image 38
Robert Avatar answered Oct 02 '22 05:10

Robert


I basically see two things you can do:

  1. Either you remove those items you don't want to expose from the DataContract by manually removing the [DataMember] attribute on those items; in that case, WCF will not serialize the properties out
  2. You define your own WCF DataContract classes with just those members you want, and you come up with a logic to convert from your EF entities to your WCF DataContract, using e.g. something like AutoMapper to eliminate (or at least limit) the tedious assigment operations between EF and WCF entities.

Marc

like image 36
marc_s Avatar answered Oct 02 '22 06:10

marc_s