locked
Using Client Access Policy and SetEntitySetAccessRule RRS feed

  • Question

  • Hi,

    I have a couple of questions about security:

    • Using the file "clientaccesspolicy.xml" you can restrict access to your WCF service. Is the use of this file still valid for WCF Data Services?
    • I want to restrict access to the WCF service only to the websites http://www.aaa.com and http://www.bbb.com and deny all others. How should I configure this in the XML file?
    • Using DataServiceConfiguration.SetEntitySetAccessRule I can configure what users can do with entities. Is it possible to differentiate between the website that calls the service (for example, if http://www.aaa.com calls the services it only has read access and when the other site http://www.bbb.com calls the services it has read and write access; I could imagine you can figure out who the caller (referrer) is)?

    Thank you in advance.

    Regards,

    Johan Machielse
    http://johanmachielse.blogspot.com/

    Tuesday, August 16, 2011 1:02 PM

Answers

  • Hello,

    The clientaccesspolicy.xml is being used to support cross domain calls that are allowed to have access. Take a look at http://msdn.microsoft.com/en-us/library/cc645032(VS.95).aspx for how to use it.

    SetEntitySetAceessRule can only be used to set access rights on individual resources but there is no check mechanism for the caller.

    Best regards,


    Monica Frintu
    Tuesday, August 16, 2011 10:46 PM
    Moderator

All replies

  • Hello,

    The clientaccesspolicy.xml is being used to support cross domain calls that are allowed to have access. Take a look at http://msdn.microsoft.com/en-us/library/cc645032(VS.95).aspx for how to use it.

    SetEntitySetAceessRule can only be used to set access rights on individual resources but there is no check mechanism for the caller.

    Best regards,


    Monica Frintu
    Tuesday, August 16, 2011 10:46 PM
    Moderator
  • Hi Johan,

    I am writing to check the status of the issue on your side.  Would you mind letting us know the result of the suggestions?

    If you need further assistance, please feel free to let me know.   I will be more than happy to be of assistance.

    Have a nice day.


    Alan Chen[MSFT]
    MSDN Community Support | Feedback to us
    Get or Request Code Sample from Microsoft
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    Friday, August 26, 2011 3:15 AM
    Moderator