none
Exlude fields from linq query without changing nor using new

    Question

  • Hello everybody,

    i want to filter out particular fields from a linq query for security reasons. I know that you can do this while writing a query by using new { a = b, c = d} but this returns a new anonymous type and has to be done for each and every linq query.

    So I thought to do this in a generic way. Each developer should put his query into a Security-Checker which will update the query to only return fields, that are allowed for the current users role to see. So i need a way to filter the fields return by a linq query without changing the return types.

    I think this solution is quite better when using different access types. For Example when using odata request for a user model and the requesting user is not an administration, the returned user objects will not contain data, that should be only requested by an administrator. 

    Any ideas how to solve that or may be some concerns about the idea itself are appreciated.

    Kind regards 

    Andi


    .NET Developer

    Sunday, July 21, 2013 10:56 AM

Answers

  • Hi Rudsen;

    When you query a particular table and in your select do not use new keyword the query will return all columns of the row. Now if you want to return only some of the columns then you have to use the new keyword like this new { ... "The list of columns separated by a comma or new ClassName { classProperty = columnValue, ... }, the first giving a anonymous type and the second returning a collection of ClassName type.

    My suggestion would be to use the second option.

       


    Fernando (MCSD)

    If a post answers your question, please click "Mark As Answer" on that post and "Mark as Helpful".

    NOTE: If I ask for code, please provide something that I can drop directly into a project and run (including XAML), or an actual application project. I'm trying to help a lot of people, so I don't have time to figure out weird snippets with undefined objects and unknown namespaces.

    Sunday, July 21, 2013 2:18 PM
  • Security as you are talking about it should be a function of the database.  If you are using SQL Server you can use security to limit what a particular user is allowed to see.  Most times you will not allow the user any direct access to the tables but force them to use views of the data.



    Lloyd Sheen

    Sunday, July 21, 2013 6:26 PM

All replies

  • Hi Rudsen;

    When you query a particular table and in your select do not use new keyword the query will return all columns of the row. Now if you want to return only some of the columns then you have to use the new keyword like this new { ... "The list of columns separated by a comma or new ClassName { classProperty = columnValue, ... }, the first giving a anonymous type and the second returning a collection of ClassName type.

    My suggestion would be to use the second option.

       


    Fernando (MCSD)

    If a post answers your question, please click "Mark As Answer" on that post and "Mark as Helpful".

    NOTE: If I ask for code, please provide something that I can drop directly into a project and run (including XAML), or an actual application project. I'm trying to help a lot of people, so I don't have time to figure out weird snippets with undefined objects and unknown namespaces.

    Sunday, July 21, 2013 2:18 PM
  • Security as you are talking about it should be a function of the database.  If you are using SQL Server you can use security to limit what a particular user is allowed to see.  Most times you will not allow the user any direct access to the tables but force them to use views of the data.



    Lloyd Sheen

    Sunday, July 21, 2013 6:26 PM