Databases Reference
In-Depth Information
_Suppliers = base.CreateObjectSet<Supplier>(“Suppliers”);
return _Suppliers;
}
}
private ObjectSet<Supplier> _Suppliers;
Now the code in the first snippet peforms authorization check and throws a
SecurityException
when the application tries to access the
Suppliers
property and the
current user does not have the permission to read it.
NOTE
Yo u ca n n o t c h an g e imp l em ent ati on of t he ent i ty set prop er ties d ire ctly in the cod e
generated by the Entity Designer without losing the changes the next time the code is
regenerated. As discussed in Chapter 8, you need to replace the built-in generator with
a T4-based template provided by the ADO.NET team and modify the template logic
responsible for generating these properties.
Unfortunately (from the perspective of implementing security), you could also retrieve
suppliers throught the
Products
object set, with the help of the
Supplier
navigation
property:
using (var context = new NorthwindEntities())
{
var supplierInformation = context.Products.Select(p => p.Supplier);
}
And if that weren't enough, you could also use projection and return supplier information
in objects of an anonymous type:
using (var context = new NorthwindEntities())
{
var supplierInformation = context.Products
.Select(p => new { p.Supplier.CompanyName, p.Supplier.Address });
}
Code in the last two examples is compiled into LINQ expressions. You cannot inject the
authorization logic by simply changing implementation of the
Supplier
navigation prop-
erty of the Product entity because the property getter will not be called during query
execution. At this time, you have to leave this problem unsolved because in the current
version, the Entity Framework does not provide extensibility mechanisms that would
allow implementing Read authorization in all possible scenarios.
