WCF Data Service set access rule for table columns instead of the whole table

Question

In my wcf data service I prevent clients from modifying customers by doing:

// This method is called only once to initialize service-wide policies.
public static void InitializeService(DataServiceConfiguration config)
{
    // TODO: set rules to indicate which entity sets and service operations are visible, updatable, etc.

    config.SetEntitySetAccessRule("Customers", EntitySetRights.None); // <------- HERE

    config.DataServiceBehavior.MaxProtocolVersion = DataServiceProtocolVersion.V3;
}

Is there a way of setting rules on a specific column of the table customers? for example I want to only enable reading on the column CustomerPassword.

A solution will be move all the parts of the customer that I dont want the client on modifying to a separate table. This approach will require me to change a lot my database It will be amazing if I could set up permisions on table columns instead of on the whole table.

Also, Even if I where to move all the customer columns that I don't want clients on modifying such as CustomerPassword, DateConnected, etc How will I prevent a client from modifying the ID of that customer. There is always going to be one column that I could not protect.

Answer 1

This can be done with a ChangeInterceptor. If you want to allow clients to modify customers for instance but do not enable them to change the md5 password then do:

[ChangeInterceptor("Customers")] // table to query intercept
public void WindowsServiceChange(Customer customerEntity, UpdateOperations operations)
{            
        // make sure following colums are not changed
        if (this.CurrentDataSource.Entry(customerEntity).Property("Password").IsModified)
        {
            // client attempted to update a column he was not supposed to update
            throw new DataServiceException(400, "Access to update column denied");
        }

        // else do nothing
}

Place this method inside the data service and every time a client tries to modify or update a customer it will go through that method. That method could also help you validate the customer's properties. and even update its properties prior to insert it to the database.