Limit or modify query of OData source using WCF Data Services

2
votes

If I am exposing a collection of objects through OData using WCF Data Services, and I want to prevent the user from doing queries that may be too complex or consume too many resources, and I able to hook into the query somehow before the results are returned?

From what I understand, if a user does a LINQ query on the client side, this is converted to a REST URL with all the queries parameters, and then the query is done on the server side. If so, this is what I am wanting to be able to hook in somehow and possibly limit them to only certain operations.

1
wcf-data-servicesodata
I found the [QueryInterceptor] attribute which does allow me to filter out specific entities from the result collection. But, still would like to have more control. Maybe inspect the URL and modify if neededRon

1 Answers

1
votes

On the server each incomming query is translated into a LINQ expression which is then executed against the IQueryable exposed by the data context. You can wrap the IQueryable, inspect the LINQ to be executed and fail if you find it too complex. I wrote a series of blog posts about the LINQ expression trees which the service will generate and what queries they map to. http://blogs.msdn.com/b/vitek/archive/2010/02/25/data-services-expressions-part-1-intro.aspx The second part also has a sample how to intercept the query (the sample there writes it out, but you can add your inspection code there as well).