Authenticating WCF Data Services with LiveId RRS feed

  • Question

  • I have some data that I'd like to share using WCF Data Services using a RESTful interface. e.g. a Netflix like movie data store.

    However, I would only want that:

    1) Only users authenticated via LiveId to be able to access the data

    2) I should be able to log the LiveId to query mapping (i.e. which LiveId user made which RESTFUL call onto my DataService). Could you point me to a sample?

    I'm unable to find a good way to tie LiveId to WCF data Services and I'm also unable to have a Generic Query Interceptor to trap all queries e.g. something like QueryInterceptor(*). Am I missing something?


    Thursday, April 15, 2010 3:42 AM

All replies

  • You will need to have the users authenticate once, and then you will be given a unique identifier from LIVE that can be used in your application to uniquely identify the user.  To keep from having to have them authenticate more than once per session, you can use the HttpModule to check if the Live ID signing cookie exists.  You can store the logged in user information in a custom cookie if you don't want to use asp.net sessions or other dependencies.

    There isn't a way to add a "catch-all" query interceptor, you will need one for each entity set.


    Friday, April 30, 2010 6:47 AM
  • Hi,

    Instead of using QueryInterceptors for auth, a better place to put that code is probably ProcessingPipeline event handlers. These events are fired for any request comming to the service as oppose to the QueryInterceptor which is only fired on GET and only for the given entity set.


    And you probably want to handle the ProcessingRequest event:



    Vitek Karas [MSFT]
    Friday, April 30, 2010 4:27 PM