Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

WCF OData service with Reflection Provider

Tags:

.net

wcf

odata

We need to provide an API for an Activity Feed (think of Facebook) and we decided to give OData a try. We are using .NET so we went for WCF Data Service but we don't use Entity Framework (or any other ORM) so we will use the Reflection Provider. Because we have complex business logic for our retrieval methods we decided to expose them as service operations. However we want to expose Delete/Update and single entity selection as a normal OData REST resource. My question is how can we implement a data source for the reflection provider that restricts access to collections but allows access to single entities (requested by key), allows DELETE/PUT/POST verbs and also allows accessing child collections of single entities (i.e. service/Categories(1)/Products). Basically I only want to restrict access to base collections (i.e. service/Categories or service/Products)

like image 776
Stilgar Avatar asked Sep 17 '10 11:09

Stilgar


1 Answers

There isn't a great answer here.

There are two settings you can use inside InitializeService(..)

config.SetEntitySetAccessRule("Feed", EntitySetRights.ReadSingle);
config.SetEntitySetPageSize("Feed", 1);

Unfortunately neither do exactly what you want:

  1. EntitySetRights.ReadSingle limits you to returning just one object from that set. Which fails because it doesn't allow this /Categories(1)/Products AND it also allows /Categories?$filter=... to return a row.
  2. SetEntitySetPageSize restricts the amount of initial load hitting the server to just one record but you can follow the $skiptoken to go and get the rest of the data one record at a time and just like (1) it allows arbitrary queries not just key predicates.

That leaves you with only one realistic option. Visiting the LINQ expression and working out if you allow what is being attempted.

Since you are using the Reflection provider, you basically need to wrap the IQueryables being returned from your 'context' class and look for invalid queries, before passing them on.

Not something for the fainted hearted.

If you do decide to go down that path you'll find my IQueryable wrapping example useful, and you should check out Viteks blog post series on Data Service expressions too.

Hope this helps

Alex (OData Program Manager)

like image 165
Alex James Avatar answered Nov 04 '22 20:11

Alex James