QueryInterceptorAttribute Class

The QueryInterceptorAttribute on a method annotates it as a query interceptor on the specified entity set.


Namespace:  System.Data.Services
Assembly:  Microsoft.Data.Services (in Microsoft.Data.Services.dll)

[AttributeUsageAttribute(AttributeTargets.Method, AllowMultiple = true, Inherited = true)]
public sealed class QueryInterceptorAttribute : Attribute

The QueryInterceptorAttribute type exposes the following members.

Public methodQueryInterceptorAttributeInitializes a new instance of the QueryInterceptorAttribute class for the entity set specified by the entitySetName parameter.

Public propertyEntitySetNameGets the name of the entity set that contains the entity to which the interceptor applies.
Public propertyTypeId (Inherited from Attribute.)

Public methodEquals (Inherited from Attribute.)
Public methodGetHashCode (Inherited from Attribute.)
Public methodGetType (Inherited from Object.)
Public methodIsDefaultAttribute (Inherited from Attribute.)
Public methodMatch (Inherited from Attribute.)
Public methodToString (Inherited from Object.)

Entity set-level authorization and validation is implemented by methods annotated with the QueryInterceptorAttribute. WCF Data Servicess do not implement security policies but instead provide the infrastructure required for service developers to write their own security rules and business validation.

Entity set access control and validation is enabled through query operations by using query composition. To control entity-based access, implement a method-per-entity set according to the following rules:

The method must have public scope and be annotated with the QueryInterceptorAttribute, taking the name of a entity set as a parameter.

The method must accept no parameters.

The method must return an expression of type Expression<Func<T, bool>> that is the filter to be composed for the entity set.

The following example controls access to the Customers entity set. Each Customer can only see Orders associated with that Customer.

public Expression<Func<Order, bool>> FilterOrders() 
    return o => o.Customer.Name == /* Current principal name. */;
// Insures that the user accessing the customer(s) has the appropriate
// rights as defined in the QueryRules object to access the customer
// resource(s).
[QueryInterceptor ("Customers")]
public Expression<Func<Customer, bool>> FilterCustomers() 
  return c => c.Name == /* Current principal name. */ &&
                rule => rule.Name == c.Name &&
                        rule.CustomerAllowedToQuery == true

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.