Using MembershipProvider to secure access to a service

Thread is closed for posting
3 posts, 1 answers
  1. Praveen
    Praveen avatar
    9 posts
    Member since:
    Oct 2007

    Posted 30 Aug 2012 Link to this post

    I want to secure access to an OpenAccess Data Service using OData v3 (which is wrappered around an rlinq OpenAccess file), using our custom MembershipProvider.

    I was pointed at and I've implemented QueryIntercept.

    However, HttpContext.Current is always null (even in a web environment) so I can never test the authentication state (and thus the filter always returns an empty collection). What am I missing?

    public Expression<Func<Thing, bool>> ThingFilter()
        Expression<Func<Thing, bool>> ret = null;
        if (HttpContext.Current == null || !HttpContext.Current.Request.IsAuthenticated)
            ret = (Thing t) => false;
            ret = (Thing t) => SecurityContext.CheckPermission(t, CommonPermissions.Read)
                          && t.State == ThingState.Active;
        return ret;

  2. Answer
    Alexander avatar
    727 posts

    Posted 03 Sep 2012 Link to this post

    Hello Praveen,

    By default the HTTP runtime does not process requests to WCF services, so you would not be able to access HttpContext.Current like in a web page. You could, however, enable the ASP.Net compatibility mode for the service and take advantage of the ASP.Net API. All you need to do is add this configuration to the Web.config file:
        <serviceHostingEnvironment aspNetCompatibilityEnabled="true" />
    The code you already have should work afterwards.

    More information about this problem could be found in this article. Hope that helps.

    the Telerik team
    Follow @OpenAccessORM Twitter channel to be the first one to get the latest updates on new releases, tips and tricks and sneak peeks at our product labs!
  3. Praveen
    Praveen avatar
    9 posts
    Member since:
    Oct 2007

    Posted 04 Sep 2012 Link to this post

    Perhaps that's something that could be added to the documentation?

    Many thanks
Back to Top