How to: Enable Access to the Data Service (WCF Data Services)
In WCF Data Services, you must explicitly grant access to the resources that are exposed by a data service. This means that after you create a new data service, you must still explicitly provide access to individual resources as entity sets. This topic shows how to enable read and write access to five of the entity sets in the Northwind data service that is created when you complete the quickstart. Because the EntitySetRights enumeration is defined by using the FlagsAttribute, you can use a logical OR operator to specify multiple permissions for a single entity set.
Any client that can access the ASP.NET application can also access the resources exposed by the data service. In a production data service, to prevent unauthorized access to resources, you should also secure the application itself. For more information, see ASP.NET Security.
To enable access to the data service
In the code for the data service, replace the placeholder code in the InitializeService function with the following:
' Grant only the rights needed to support the client application. config.SetEntitySetAccessRule("Orders", EntitySetRights.AllRead _ Or EntitySetRights.WriteMerge _ Or EntitySetRights.WriteReplace) config.SetEntitySetAccessRule("Order_Details", EntitySetRights.AllRead _ Or EntitySetRights.AllWrite) config.SetEntitySetAccessRule("Customers", EntitySetRights.AllRead)
This enables clients to have read and write access to the Orders and Order_Details entity sets and read-only access to the Customers entity sets.