locked
ADO.NET DataServices User Specific Data Sample RRS feed

  • General discussion

  • Hi!

    I recently bundled together information and held a presentation in our local MS dev event about controlling the user-specific access when servicing ADO.NET DataService to the wide Internet public.


    The implementation provides overall layer to account specific data, that frees the application logic to not "care" about it, hence there is no way to accidentially overcome the limitations, regardless how the object model is used.

    And this also holds true for the request level authenticated requests (such as for example using Live ID authentication); the data that isn't supposed to be served to the user, is never served to the user.


    I apologize the material being only in PowerPoint form for the time being (_eng) version being the English one, however complete example solution is included as well. To use the Live ID authentication, it requires the registration of Live ID solution and entering the values (app ID and app secret) to the web.config.

    Note! For Live application the return back URL must point to the authrequest handling aspx, not back to the main form => This is what you should also check back to the Live ID how-tos to get the proper picture; not a difficult subject overall.

    Other way is to code the "hardcoded commented lines" or implement them differently. Everything happens in the Global.asax's AuthenticateRequest; so fill in any custom implementation there and you are good to go.


    I'll keep an eye on this thread for the subject. I don't have the time to be a dedicated blogger, hence there is no blog (at least for now) for this..


    The package download is available at

    http://public.protonit.net/Presentations/TechDays2009/


    Br,

    Kalle Launiala, Consultant & CEO
    ProtonIT Oy
    Friday, March 27, 2009 5:56 AM