如何仅允许来自WCF数据服务ServiceOperation的访问

发布于 2024-12-25 20:44:59 字数 854 浏览 1 评论 0原文

我将 WCF 与 ASP.NET MVC 应用程序一起使用，我的数据服务从我的 (EF 4.1) .mdf 文件获取数据。但我想通过身份验证显示一些字段，例如：

public static void InitializeService(DataServiceConfiguration config)
{
    config.SetEntitySetAccessRule("Exercies", EntitySetRights.All);
    config.SetServiceOperationAccessRule("GetAllExercies", ServiceOperationRights.All);
    config.DataServiceBehavior.MaxProtocolVersion = DataServiceProtocolVersion.V3;
}
[WebGet]
public IQueryable<Exercise> GetAllExercies(string name, string pass)
{
    if (Membership.ValidateUser(name, pass))
        return CurrentDataSource.Exercies;
    else
        return CurrentDataSource.Exercies.Where(e => e.Public == true);
}

现在，当用户访问 httx://localhost/MyService.svc/Exercies 时，尽管没有给出用户名和通行证，但他们可以获得所有内容。
我的临时解决方案是将 GetAllExercies 重命名为 Exercies 但我不确定是否有更好的方法......

原文

I use WCF with my ASP.NET MVC app, my data service get data from my (EF 4.1) .mdf file. But there is some feild that I want to show with authentication, for example:

public static void InitializeService(DataServiceConfiguration config)
{
    config.SetEntitySetAccessRule("Exercies", EntitySetRights.All);
    config.SetServiceOperationAccessRule("GetAllExercies", ServiceOperationRights.All);
    config.DataServiceBehavior.MaxProtocolVersion = DataServiceProtocolVersion.V3;
}
[WebGet]
public IQueryable<Exercise> GetAllExercies(string name, string pass)
{
    if (Membership.ValidateUser(name, pass))
        return CurrentDataSource.Exercies;
    else
        return CurrentDataSource.Exercies.Where(e => e.Public == true);
}

Now when user access httx://localhost/MyService.svc/Exercies, they can get everything although they are not given the username and pass.
My temporary solution is re name GetAllExercies to just Exercies but I not sure is there any better way...

分享到QQ

分享到微博