So the major hurdle to get past is thinking that all WebAPI requests (using the OData syntax) are stateless. Of course, in a stateless environment this makes this more difficult.
However, with the WebAPI endpoint secured through web.config
requiring an authenticated (stateful) request, we should be able to grab the UserName (or UserID or any other custom property when using a custom membership provider), by something like var userId = ((CustomIdentity)HttpContext.Current.User.Identity).UserId
.
Once this is established, we will need to add something like "WHERE UserID = userId;" before the request is issued:
var unitOfWork = new Repository.UnitOfWork(_db);
var users = options.ApplyTo(unitOfWork.Repository<MyTable>().Queryable
.Include(w => w.NavigationProperty1)
.Where(u => u.UserId == UserContext.Identity.UserId)
.OrderBy(o => o.SomeProperty))
.Cast<MyTable>().ToList();
Additional suggestions welcome.