Using MembershipProvider to secure access to a service

3 posts, 1 answers
  1. Praveen
    Praveen avatar
    9 posts
    Member since:
    Oct 2007

    Posted 30 Aug 2012 Link to this post

    I want to secure access to an OpenAccess Data Service using OData v3 (which is wrappered around an rlinq OpenAccess file), using our custom MembershipProvider.

    I was pointed at http://blogs.msdn.com/b/astoriateam/archive/2010/07/21/odata-and-authentication-part-7-forms-authentication.aspx and I've implemented QueryIntercept.


    However, HttpContext.Current is always null (even in a web environment) so I can never test the authentication state (and thus the filter always returns an empty collection). What am I missing?

    
    
    [QueryInterceptor("Things")]
    public Expression<Func<Thing, bool>> ThingFilter()
    {
        Expression<Func<Thing, bool>> ret = null;
     
        if (HttpContext.Current == null || !HttpContext.Current.Request.IsAuthenticated)
            ret = (Thing t) => false;
        else
            ret = (Thing t) => SecurityContext.CheckPermission(t, CommonPermissions.Read)
                          && t.State == ThingState.Active;
            
        return ret;
    }

  2. Answer
    Alexander
    Admin
    Alexander avatar
    727 posts

    Posted 03 Sep 2012 Link to this post

    Hello Praveen,

    By default the HTTP runtime does not process requests to WCF services, so you would not be able to access HttpContext.Current like in a web page. You could, however, enable the ASP.Net compatibility mode for the service and take advantage of the ASP.Net API. All you need to do is add this configuration to the Web.config file:
    <system.serviceModel>
        <serviceHostingEnvironment aspNetCompatibilityEnabled="true" />
    </system.serviceModel>
    The code you already have should work afterwards.

    More information about this problem could be found in this article. Hope that helps.

    Greetings,
    Alexander
    the Telerik team
    Follow @OpenAccessORM Twitter channel to be the first one to get the latest updates on new releases, tips and tricks and sneak peeks at our product labs!
  3. DevCraft banner
  4. Praveen
    Praveen avatar
    9 posts
    Member since:
    Oct 2007

    Posted 04 Sep 2012 Link to this post

    Perhaps that's something that could be added to the documentation?

    Many thanks
Back to Top