具有反射提供程序的 WCF OData 服务
我们需要为活动源(想想 Facebook)提供 API,因此我们决定尝试一下 OData。我们使用 .NET,因此我们使用 WCF 数据服务,但我们不使用实体框架(或任何其他 ORM),因此我们将使用反射提供程序。由于我们的检索方法具有复杂的业务逻辑,因此我们决定将它们公开为服务操作。但是,我们希望将删除/更新和单个实体选择公开为普通的 OData REST 资源。我的问题是我们如何为反射提供程序实现一个数据源,该数据源限制对集合的访问,但允许访问单个实体(通过密钥请求),允许 DELETE/PUT/POST 动词,还允许访问单个实体的子集合(即服务) /类别(1)/产品)。基本上我只想限制对基本集合的访问(即服务/类别或服务/产品)
We need to provide an API for an Activity Feed (think of Facebook) and we decided to give OData a try. We are using .NET so we went for WCF Data Service but we don't use Entity Framework (or any other ORM) so we will use the Reflection Provider. Because we have complex business logic for our retrieval methods we decided to expose them as service operations. However we want to expose Delete/Update and single entity selection as a normal OData REST resource. My question is how can we implement a data source for the reflection provider that restricts access to collections but allows access to single entities (requested by key), allows DELETE/PUT/POST verbs and also allows accessing child collections of single entities (i.e. service/Categories(1)/Products). Basically I only want to restrict access to base collections (i.e. service/Categories or service/Products)
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
这里没有一个很好的答案。
您可以在 InitializeService(..) 内部使用两个设置,
不幸的是,这两个设置都不能完全满足您的需求:
EntitySetRights.ReadSingle限制您只能从该集合中返回一个对象。失败是因为它不允许 /Categories(1)/Products 并且它还允许 /Categories?$filter=... 返回一行。SetEntitySetPageSize将服务器的初始负载量限制为仅一条记录,但您可以按照 $skiptoken 一次获取一条记录的其余数据,就像 (1) 它允许任意查询而不仅仅是关键谓词。这让你只剩下一个现实的选择。访问 LINQ 表达式并确定是否允许正在尝试的操作。
由于您使用的是 Reflection 提供程序,因此您基本上需要包装从“上下文”类返回的 IQueryables,并在传递它们之前查找无效查询。
不适合胆小的人。
如果您决定走这条路,您会发现我的 IQueryable 包装示例 有用,您应该查看关于数据服务表达式的 Viteks 博客文章系列。
希望这对
Alex(OData 项目经理)有帮助
There isn't a great answer here.
There are two settings you can use inside InitializeService(..)
Unfortunately neither do exactly what you want:
EntitySetRights.ReadSinglelimits you to returning just one object from that set. Which fails because it doesn't allow this /Categories(1)/Products AND it also allows /Categories?$filter=... to return a row.SetEntitySetPageSizerestricts the amount of initial load hitting the server to just one record but you can follow the $skiptoken to go and get the rest of the data one record at a time and just like (1) it allows arbitrary queries not just key predicates.That leaves you with only one realistic option. Visiting the LINQ expression and working out if you allow what is being attempted.
Since you are using the Reflection provider, you basically need to wrap the IQueryables being returned from your 'context' class and look for invalid queries, before passing them on.
Not something for the fainted hearted.
If you do decide to go down that path you'll find my IQueryable wrapping example useful, and you should check out Viteks blog post series on Data Service expressions too.
Hope this helps
Alex (OData Program Manager)