问题
I'm using WCF Data Services to provide data to be consumed from authorised clients. Is possible to limit which fields are returned (or perhaps strip out the data with query interceptor)?
For a very simplistic example, say I have the following table:
Id
Name
DateOfBirth
I'm exposing this entity through WCF Services and it's being consumed by a Kendo UI grid. I would only want the DateOfBirth field returned if the user was an admin. The grid configuration would reflect this.
I could use Web API to project these results, but I'd ideally like to have it talking to just one service. While OData allows me to project using $select in the query from the client, this could allow a malicious user to alter the query and gain access to data they shouldn't have. I'm interested to know if I can actually limit what fields that are exposed on the server without having to use another service or check that the $select is valid.
Thanks,
回答1:
Yes, you can do it, based on security roles. Here is an example: IDataContractSurrogate
来源:https://stackoverflow.com/questions/23069608/wcf-data-services-ability-to-restrict-returned-fields