This question is locked. New answers and comments are not allowed.
I want to secure access to an OpenAccess Data Service using OData v3 (which is wrappered around an rlinq OpenAccess file), using our custom MembershipProvider.
I was pointed at http://blogs.msdn.com/b/astoriateam/archive/2010/07/21/odata-and-authentication-part-7-forms-authentication.aspx and I've implemented QueryIntercept.
However, HttpContext.Current is always null (even in a web environment) so I can never test the authentication state (and thus the filter always returns an empty collection). What am I missing?
I was pointed at http://blogs.msdn.com/b/astoriateam/archive/2010/07/21/odata-and-authentication-part-7-forms-authentication.aspx and I've implemented QueryIntercept.
However, HttpContext.Current is always null (even in a web environment) so I can never test the authentication state (and thus the filter always returns an empty collection). What am I missing?
[QueryInterceptor(
"Things"
)]
public
Expression<Func<Thing,
bool
>> ThingFilter()
{
Expression<Func<Thing,
bool
>> ret =
null
;
if
(HttpContext.Current ==
null
|| !HttpContext.Current.Request.IsAuthenticated)
ret = (Thing t) =>
false
;
else
ret = (Thing t) => SecurityContext.CheckPermission(t, CommonPermissions.Read)
&& t.State == ThingState.Active;
return
ret;
}