OData - WCF Data Services Best Practices from TechEd

Yesterday I promised to share all the code from my Best Practices – Creating an OData Service using WCF Data Services session at TechED.

Note: you can find a recording of that session here.

So here goes, essentially this is what I did:

  1. Downloaded, unzipped, opened and ran the MVC Music Store Sample

  2. Added an album to my cart, registered and ordered the album.

  3. Added a data service to that project to expose the Entity Framework model already in the Music Store sample:

    public class MusicService : DataService<MusicStoreEntities>
        

  4. Added specific EntitySetAccessRules:

    // We don’t want the Data service to expose carts at all config.SetEntitySetAccessRule(
    "Carts",
    EntitySetRights.None
    );
    // You can only get 1 OrderDetail at a time
    config.SetEntitySetAccessRule(
    "OrderDetails",
    EntitySetRights.ReadSingle
    );
    // Everything else you can read & query.
    config.SetEntitySetAccessRule(
    "*",
    EntitySetRights.AllRead
    );

  5. Added Server Driven Paging limits:

    config.SetEntitySetPageSize("*", 5);

  6. Added a query interceptor to only allow users to see just the own orders:

    [QueryInterceptor("Orders")]
    public Expression<Func<Order, bool>> OrdersFilter()
    {
    var user = HttpContext.Current.User.Identity.Name;
    if (string.IsNullOrEmpty(user))
    return (Order o) => false;
    else if (user== "Administrator")
    return (Order o) => true;
    else
    return (Order o) => o.Username == user;
    }

  7. Made my service web browser friendly by Configuring the EDMX to map Genre.Name to the Entry/Title and Genre.Description to the Entry/Summary.

    See the EDMX in the final copy of the source to see how.

  8. Added a ClientAccessPolicy.xml so that Silverlight apps hosted on different sites can interact with our Data Service.

    NOTE: The two sites in question need to be in the same internet zone!
     

  9. Demoed using some JQuery JSON code that accesses the MusicService from the same site.

    NOTE: this doesn’t work x-site, for that you need JSONP.

  10. Added support for JSONP by applying the [DataServicesJSONP.JSONPSupportBehavior] attribute to our MusicService.

    You can download the source from CodeGallery.

  11. Demoed some JQuery JSONP code that accesses the MusicService from a remote site.

  12. Configured ASP.NET to expose an authentication service, so non-browser agents can easily connect and logon to the Forms Authentication service, by adding this to the web.config:

<system.web.extensions>
<scripting>
<webServices>
<authenticationService enabled="true" requireSSL="false"/>
</webServices>
</scripting>
</system.web.extensions>

  • Tested the authentication service using Fiddler by sending this RAW request to authenticate:

    POST https://localhost:1397/Authentication_JSON_AppService.axd/Login HTTP/1.1
    Content-Type: application/json

    { "userName": "Alex", "password": "password", "createPersistentCookie":false}

  • Opened this Data Services client application to show how to authenticate against the forms authentication service.

You can download the finally copy of the Music Service code if you want.

Enjoy and good luck.