.NET Framework Class Library
QueryInterceptorAttribute Class

The QueryInterceptorAttribute on a method annotates it as a query interceptor on the specified entity set.

Namespace:  System.Data.Services
Assembly:  System.Data.Services (in System.Data.Services.dll)
Syntax
Visual Basic (Declaration) 
<AttributeUsageAttribute(AttributeTargets.Method, AllowMultiple := True, Inherited := True)> _
Public NotInheritable Class QueryInterceptorAttribute _
    Inherits Attribute
Visual Basic (Usage) 
Dim instance As QueryInterceptorAttribute
C# 
[AttributeUsageAttribute(AttributeTargets.Method, AllowMultiple = true, Inherited = true)]
public sealed class QueryInterceptorAttribute : Attribute
Visual C++ 
[AttributeUsageAttribute(AttributeTargets::Method, AllowMultiple = true, Inherited = true)]
public ref class QueryInterceptorAttribute sealed : public Attribute
JScript 
public final class QueryInterceptorAttribute extends Attribute
Remarks

Entity set-level authorization and validation is implemented by methods annotated with the QueryInterceptorAttribute. ADO.NET Data Services do not implement security policies but instead provide the infrastructure required for service developers to write their own security rules and business validation.

Entity set access control and validation is enabled through query operations by using query composition. To control entity-based access, implement a method-per-entity set according to the following rules:

The method must have public scope and be annotated with the QueryInterceptorAttribute, taking the name of a entity set as a parameter.

The method must accept no parameters.

The method must return an expression of type Expression<Func<T, bool>> that is the filter to be composed for the entity set.
Examples

The following example controls access to the Customers entity set. Each Customer can only see Orders associated with that Customer. 

[QueryInterceptor("Orders")]
public Expression<Func<Order, bool>> FilterOrders() 
{
    return o => o.Customer.Name == /* Current principal name. */;
} 
 
// Insures that the user accessing the customer(s) has the appropriate
// rights as defined in the QueryRules object to access the customer
// resource(s).
 
[QueryInterceptor ("Customers")]
public Expression<Func<Customer, bool>> FilterCustomers() 
{
  return c => c.Name == /* Current principal name. */ &&
              this.CurrentDataSource.QueryRules.Contains(
                rule => rule.Name == c.Name &&
                        rule.CustomerAllowedToQuery == true
              );
}
Inheritance Hierarchy
System..::.Object
  System..::.Attribute
    System.Data.Services..::.QueryInterceptorAttribute
Thread Safety
Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.
Platforms

Windows 7, Windows Vista, Windows XP SP2, Windows Server 2008 R2, Windows Server 2008, Windows Server 2003

The .NET Framework and .NET Compact Framework do not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.
Version Information

.NET Framework

Supported in: 3.5 SP1
See Also

Reference

QueryInterceptorAttribute Members
System.Data.Services Namespace
Tags :


Community Content

ssta
Simple VB Example
Imports System.Linq
Imports System.Linq.Expressions

























<QueryInterceptor("Customers")> _
Public Function FilterCustomers() As Expression(Of Func(Of Customers, Boolean))
     Return Function(c) c.Deleted = False 
End Function





Page view tracker