WCF SQL Queries && Services Access

Question

0.00/5 (No votes)

See more:

Hi everybody,

I'm writing a client-server application, where the client uses WCF services to execute SQL queries (INSERT, UPDATE, SELECT, etc.) on tables by invoking services methods. The point is how to define access for it (i.e. some clients are permitted to "select" records, others insert, select and update on the other table). There are many variations of Access and many tables, so most of the clients have to belong to their individual access groups. I can sort out only one solution:

1) Every table has hour services for INSERT, UPdate, SELECT, DELETE.
8 tables x 4 services = services. Adding one more table gives us another +4 so I am not sure if this is the way to go.

Any point how to do it?

Sorry for my English.

Posted 7-Dec-09 8:50am

zloty20

Updated 8-Dec-09 11:59am

Deeksha Shenoy

v3

Add a Solution

2 solutions

Solution 1

A better way to implement would be to have an addition table with the following fields.

userid -- varchar(50) ????
SelectAllowed - Yes/No
InsertAllowed - Yes/No
UpdateAllowed - Yes/No
DeleteAllowed - Yes/No

Upon receipt of the WCF request, you can validate the userid against the database to make sure that he/she has permission for relevant action.

Posted 7-Dec-09 23:53pm

raelango

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Vinayaka Krishna Shenoy · Accepted Answer · 2010-08-21T02:44:00

Hi,

I would suggest you to Create a couple of tables which holds the user and their roles respectivilley.

for instance - Read only role, Update only role, read update role etc....

And tie up the user to the respective roles.

As soon as the user logs into the system, based on his role do the respective operation.

Hence the conclusion is that, from the wcf perspective(No need to check any access rights) , before making the call from the client application ,check for the respective role and if he has the access allow him or deny him.

You can look at options such as asp.net membership provider,Sql role provider, declarative/imperative security etc.

I hope this helps!.

Regards,
-Vinayak