WCF-Odata(v3) Kendo UI Authentication

Thread is closed for posting
2 posts, 0 answers
  1. Dan
    Dan avatar
    4 posts
    Member since:
    Jul 2013

    Posted 17 Dec 2013 Link to this post


    I am using a template "WCF Data Services with KendoUI" from the Starter Kit for my project and I am somewhat a newbie.
    I have been searching for a good example of how to do proper odata authentication and data validation.
    I have seen multiple approaches including 
    "OnStartProcessingRequest", "QueryInterceptor" and more...
    I have requirements.
     --Not all request endpoint require authentication (from trusted domain)
     --Some READ requests  require authentication, some don't
     --want to incorporate openauthen
     --allow .net membership also
    I just wanted to hear if the experts here think would be the best practices for this.
    Any applicable examples would be deeply appreciated.
    Many thanks.
  2. Viktor Zhivkov
    Viktor Zhivkov avatar
    324 posts

    Posted 20 Dec 2013 Link to this post


    Before starting to implement your security you should consider how you services will be used (internet/intranet), how user's identity will be verified (username + password or using domain accounts) and against which trusted sources (local application specific lookup tables or Active Directory), do you need any transport security and so on. Without having clear vision what should be the security set up for you applications and environment there is no way to set for a single mechanism and implementation.

    When looking how to secure your Data Services you should now that services generated by OpenAccess work the same way as the Microsoft ones so any experience or knowledge that you have can be safely transferred to OpenAccess ones.

    When you are hosting Data Services outside of IIS, you will have to deal with a lot of features that come out of the box with IIS-hosted services. Unfortunately there is very little information about the topic on the internet, but I have compiled a list of articles that can give you some directions:

    Speaking of data validation you should consider using ChangeInterceptors for each endpoint that needs validation. You can find more information at:

    Viktor Zhivkov
    OpenAccess ORM Q3 2013 simplifies your model operations even further providing you with greater flexibility. Check out the list of new features shipped with our latest release!
Back to Top