ADO.NET Data Services : Operations and Interceptors

  • Article

Introduction

In this post I will talk about Operations & Interceptors functionalities included into ADO.NET Data Services.

For more information on Data Services, I suggest you to read my previous posts:

Operations

If you need to aggregate an operation, instead of creating the rule on the client side (on each sort of client application), you can centralize it easily on the server side using Operators.

In the following example, GetProductsByColor returns all products of a specific color.

 

Code Snippet

  1. [WebGet]
  2. public IQueryable<Product> GetProductsByColor(string color)
  3. {
  4.     return from product in this.CurrentDataSource.Products
  5.            where string.Compare(color, product.Color) == 0
  6.            select product;
  7. }

The WebGetAttibute is used to request your service via REST.

Inside the method, you just have to write your Linq query on the CurrentDataSource to get the desired result.

You also need to define the Service Operation Access Control. You have to grant read access to the operation. Here is the code to add in the InitializeService method:

Code Snippet

  1.  
  2. config.SetServiceOperationAccessRule("GetProductsByColor", ServiceOperationRights.AllRead);

InitializeService is the method where you already have granted access to the Data Service.

And finally, you can execute the code with this URL:

https://localhost:34570/AdventureWorksService.svc/GetProductsByColor?color='Red' 

 

Interceptors

Interceptors is the Data Services mechanism to customize logic on the server side. With this mechanism, you can intercept queries and add specific restriction rules.

Example 1 : Interceptor on a query request

In the following example, you will create :

- a filter to check if the person requesting the DataService service on the Products entity is member of the Admin role (defined for example with ASP.NET role provider), else an exception is thrown;

- only Products where SellEndDate property is  not null;

Open you DataService class. Don't forget to add at the top of you file:

Code Snippet

  1.  
  2. using System.Linq.Expressions;

Create the filter method on the product entity. You need to create a function prefixed with QueryInterceptor attribute. This attribute expects the name of the entity on which the interceptor will be applied (as defined in the Data Service Workspace https://localhost:34570/AdventureWorksService.svc/). The method has to follow a specific signature.

Code Snippet

  1. [QueryInterceptor("Products")]
  2. public Expression<Func<Product, bool>> FilterProducts()
  3. {
  4.     if (HttpContext.Current.User.IsInRole("Admin"))
  5.         return (p => p.SellEndDate !=null);
  6.     else
  7.         throw new UnauthorizedAccessException("You don't have access to this information");
  8. }
Example 2 : Interceptor on a change query (Add, Change, Delete, … operation)

In this example, I’m just checking that only Admins have granted privileges for adding,updating or deleting Product entity set. The signature of the method is a little bit different from previous example.

Code Snippet

  1. [ChangeInterceptor("Products")]
  2. public void onChangeProducts(Product product, UpdateOperations operations)
  3. {
  4.     if (!HttpContext.Current.User.IsInRole("Admin"))
  5.         throw new UnauthorizedAccessException("You don't have access to this information");
  6. }

For more information, I suggest you to read MSDN documentation.

Comments