WCF 数据服务限制返回字段的能力 [英] WCF Data Services ability to restrict returned fields

问题描述

我正在使用 WCF 数据服务来提供要从授权客户端使用的数据.是否可以限制返回哪些字段(或者可能使用查询拦截器去除数据)?

I'm using WCF Data Services to provide data to be consumed from authorised clients. Is possible to limit which fields are returned (or perhaps strip out the data with query interceptor)?

举一个非常简单的例子，假设我有下表:

For a very simplistic example, say I have the following table:

 Id
 Name
 DateOfBirth

我正在通过 WCF 服务公开此实体，并且它正由 Kendo UI 网格使用.如果用户是管理员，我只希望返回 DateOfBirth 字段.网格配置将反映这一点.

I'm exposing this entity through WCF Services and it's being consumed by a Kendo UI grid. I would only want the DateOfBirth field returned if the user was an admin. The grid configuration would reflect this.

我可以使用 Web API 来投射这些结果，但理想情况下，我希望它只与一项服务对话.虽然 OData 允许我在来自客户端的查询中使用 $select 进行投影，但这可能允许恶意用户更改查询并访问他们不应该拥有的数据.我很想知道我是否真的可以限制在服务器上公开的字段，而不必使用其他服务或检查 $select 是否有效.

I could use Web API to project these results, but I'd ideally like to have it talking to just one service. While OData allows me to project using $select in the query from the client, this could allow a malicious user to alter the query and gain access to data they shouldn't have. I'm interested to know if I can actually limit what fields that are exposed on the server without having to use another service or check that the $select is valid.

谢谢，

推荐答案

是的，根据安全角色，您可以做到.这是一个示例:IDataContractSurrogate

Yes, you can do it, based on security roles. Here is an example: IDataContractSurrogate

这篇关于WCF 数据服务限制返回字段的能力的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！