Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

WCF OData service with Reflection Provider

Tags:

.net

wcf

odata

We need to provide an API for an Activity Feed (think of Facebook) and we decided to give OData a try. We are using .NET so we went for WCF Data Service but we don't use Entity Framework (or any other ORM) so we will use the Reflection Provider. Because we have complex business logic for our retrieval methods we decided to expose them as service operations. However we want to expose Delete/Update and single entity selection as a normal OData REST resource. My question is how can we implement a data source for the reflection provider that restricts access to collections but allows access to single entities (requested by key), allows DELETE/PUT/POST verbs and also allows accessing child collections of single entities (i.e. service/Categories(1)/Products). Basically I only want to restrict access to base collections (i.e. service/Categories or service/Products)

like image 776
Stilgar Avatar asked Sep 17 '10 11:09

Stilgar

1 Answers

There isn't a great answer here.

There are two settings you can use inside InitializeService(..)

config.SetEntitySetAccessRule("Feed", EntitySetRights.ReadSingle);
config.SetEntitySetPageSize("Feed", 1);

Unfortunately neither do exactly what you want:

  1. EntitySetRights.ReadSingle limits you to returning just one object from that set. Which fails because it doesn't allow this /Categories(1)/Products AND it also allows /Categories?$filter=... to return a row.
  2. SetEntitySetPageSize restricts the amount of initial load hitting the server to just one record but you can follow the $skiptoken to go and get the rest of the data one record at a time and just like (1) it allows arbitrary queries not just key predicates.

That leaves you with only one realistic option. Visiting the LINQ expression and working out if you allow what is being attempted.

Since you are using the Reflection provider, you basically need to wrap the IQueryables being returned from your 'context' class and look for invalid queries, before passing them on.

Not something for the fainted hearted.

If you do decide to go down that path you'll find my IQueryable wrapping example useful, and you should check out Viteks blog post series on Data Service expressions too.

Hope this helps

Alex (OData Program Manager)

like image 165
Alex James Avatar answered Nov 04 '22 20:11

Alex James
Sign in to Comment

Related questions

Is it safe to install .Net 3.5 SP1 after .Net 4.0 RC has already been installed?
How to read raw bytes from an SD card?
can I use .NET Framework 4.0 with VS2008?
Killing a deadlocked Task in .NET 4 TPL
Uninstall out-of-browser silverlight application programmatically
Referencing assemblies created with ILMerge in Visual Studio projects
Weird compatibility problem with .Net 3.5 and 4.0 assemblies (NATUPnPLib)
Can floating-point precision be thread-dependent?
Unboxing to unknown type
casting string to bool using nHibernate Criteria
Why do i get E_ACCESSDENIED when reading public shortcuts through Shell32?
Is there a .net 4.0 provider for IBM DB2?
Failed to queue test run: Unable to start the agent process(Visual Studio 2010)
Copy local and system dlls' - what is the point?
How to get user name and password from url in ASP.NET?
Diagnosing why DebuggerTypeProxy attributes are not working
How might I strongly sign an external DLL while retaining its assembly metadata?
Notify One object when a property of another object changes
How can I reference TeamFoundation assemblies in my project?
Infragistics license file add itself to project?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!