Restricted Access in EF 4 and ASP.NET 4.0 Membership

Question

Hello,

Almost every request (or update/insertion) for data in our application needs to restrict the operation to rows belonging to the current ASP.NET Membership user.

Is there a simple way to include the current user's Context in each data access? It seems like it would be useful to have an interceptor for each query where we could include the user's ID.

What's the best way to handle this scenario using ASP.NET 4 and EF 4?

---

Author: ASP.NET 3.5 For Dummies

Answer 1

Hi Ken,

We don't have general query interception mechanisms yet, but something you could do is wrap the ObjectContext and its queries in a repository, then have the repository always add this additional filter to all queries before they are actually executed.

Does this help?
Diego

---

This posting is provided "AS IS" with no warranties, and confers no rights.

Answer 2

Thanks for the info. I guess I'm going to need a code sample or documentation about the "repository".

Ken

---

Author: ASP.NET 3.5 For Dummies

Answer 3

Hi Ken,

The Repository is a common and useful pattern in Domain Driven Design. It is commonly used to encapsulate all the data access concerns of an application. Here you will find Martin Fowler's description:

http://www.martinfowler.com/eaaCatalog/repository.html

In the following blog series Faisal Mohamood describes a simple implementation of the Repository pattern using Entity Framework:

http://blogs.msdn.com/adonet/comments/9763349.aspx

The benefit for your requirement would be the fact that all the queries of your application need to go through the repository, so the repository can simply manipulate the queries before they are executed, for instance adding a filter using LINQ.

Hope this helps,
Diego

---

This posting is provided "AS IS" with no warranties, and confers no rights.