Reputation: 117
WCF Data Services ability to restrict returned fields
I'm using WCF Data Services to provide data to be consumed from authorised clients. Is possible to limit which fields are returned (or perhaps strip out the data with query interceptor)?
For a very simplistic example, say I have the following table:
Id
Name
DateOfBirth
I'm exposing this entity through WCF Services and it's being consumed by a Kendo UI grid. I would only want the DateOfBirth field returned if the user was an admin. The grid configuration would reflect this.
I could use Web API to project these results, but I'd ideally like to have it talking to just one service. While OData allows me to project using $select in the query from the client, this could allow a malicious user to alter the query and gain access to data they shouldn't have. I'm interested to know if I can actually limit what fields that are exposed on the server without having to use another service or check that the $select is valid.
Thanks,
Upvotes: 4
Views: 185
Answers (1)
Reputation: 1120
Yes, you can do it, based on security roles. Here is an example: IDataContractSurrogate
Upvotes: 1
Related Questions
- Add restrictions to WCF in method/data member
- Expose particular fields in WCF
- WCF Data Service - Restrict visibility and logging queries
- WCF Data Service, don't expose all columns
- Wcf - Hiding Properties?
- How to show only some fields on web service result?
- Is it possible to prevent WCF services from inspecting object properties on the client?
- WCF Data Services Security Options
- Limit Access Using WCF Data Services
- how to limit access to a silverlight-enabled data service?