In WCF Data Services, you must explicitly grant access to the resources that are exposed by a data service. This means that after you create a new data service, you must still explicitly provide access to individual resources as entity sets. This topic shows how to enable read and write access to five of the entity sets in the Northwind data service that is created when you complete the quickstart. Because the EntitySetRights enumeration is defined by using the FlagsAttribute, you can use a logical OR operator to specify multiple permissions for a single entity set.
Any client that can access the ASP.NET application can also access the resources exposed by the data service. In a production data service, to prevent unauthorized access to resources, you should also secure the application itself. For more information, see NIB: ASP.NET Security.
To enable access to the data service
In the code for the data service, replace the placeholder code in the
InitializeServicefunction with the following:
// Grant only the rights needed to support the client application. config.SetEntitySetAccessRule("Orders", EntitySetRights.AllRead | EntitySetRights.WriteMerge | EntitySetRights.WriteReplace ); config.SetEntitySetAccessRule("Order_Details", EntitySetRights.AllRead | EntitySetRights.AllWrite); config.SetEntitySetAccessRule("Customers", EntitySetRights.AllRead);
' Grant only the rights needed to support the client application. config.SetEntitySetAccessRule("Orders", EntitySetRights.AllRead _ Or EntitySetRights.WriteMerge _ Or EntitySetRights.WriteReplace) config.SetEntitySetAccessRule("Order_Details", EntitySetRights.AllRead _ Or EntitySetRights.AllWrite) config.SetEntitySetAccessRule("Customers", EntitySetRights.AllRead)
This enables clients to have read and write access to the
Order_Detailsentity sets and read-only access to the