C# WCF数据服务为表列而不是整个表设置访问规则
在我的wcf数据服务中,我通过以下操作防止客户端修改客户:C# WCF数据服务为表列而不是整个表设置访问规则,c#,entity-framework,permissions,wcf-data-services,C#,Entity Framework,Permissions,Wcf Data Services,在我的wcf数据服务中,我通过以下操作防止客户端修改客户: // This method is called only once to initialize service-wide policies. public static void InitializeService(DataServiceConfiguration config) { // TODO: set rules to indicate which entity sets and service operations
// This method is called only once to initialize service-wide policies.
public static void InitializeService(DataServiceConfiguration config)
{
// TODO: set rules to indicate which entity sets and service operations are visible, updatable, etc.
config.SetEntitySetAccessRule("Customers", EntitySetRights.None); // <------- HERE
config.DataServiceBehavior.MaxProtocolVersion = DataServiceProtocolVersion.V3;
}
//此方法只调用一次以初始化服务范围策略。
公共静态void InitializeService(DataServiceConfiguration配置)
{
//TODO:设置规则以指示哪些实体集和服务操作是可见的、可更新的等。
config.SetEntitySetAccessRule(“Customers”,EntitySetRights.None);//这可以通过ChangeInterceptor完成。如果您想允许客户端修改客户,但不允许他们更改md5密码,请执行以下操作:
[ChangeInterceptor("Customers")] // table to query intercept
public void WindowsServiceChange(Customer customerEntity, UpdateOperations operations)
{
// make sure following colums are not changed
if (this.CurrentDataSource.Entry(customerEntity).Property("Password").IsModified)
{
// client attempted to update a column he was not supposed to update
throw new DataServiceException(400, "Access to update column denied");
}
// else do nothing
}
将此方法放置在数据服务中,每次客户端尝试修改或更新客户时,它都会使用该方法。该方法还可以帮助您验证客户的属性,甚至可以在将其插入数据库之前更新其属性