Can someone tell me if this is possible with my WCF-based oData feed and let me hush what to look for or how to start?
1) Authentication . I would like to make sure that only someone who has already authenticated using the ASP.NET membership system is available to the oData service.
2) Filter . Suppose that I am returning a list of student classes ... I would like to make students consider only the classes in which they were enrolled (based on username), and not those that have not yet been published.
3) Check . I'm not sure if this is necessary, but in case some smart hacker finds a hole in the MSDP oData protocol, I would like to check the results of my Frame data object before streaming to the client. This applies if a singleton DAL exists, thereby creating concurrency problems. See 5:15 this video for an example.
The test I want to do is to verify that each row returned has a username column that is equal to the current session username.
[EDIT]
4) Encryption . This is similar to # 3, but I would like to obfuscate the primary key before sending it to the client. In one case, a PC is a social security number, and I do not want it to be cached or otherwise sent downstream. I would need to decrypt this in the OData record as well.
source
share