Home/ Questions/Q 8269585
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-08T06:16:56+00:00

(WCFDS = WCF Data Services 5,backed by Entity Framework, using oData v3, formatted as

  • 0

(WCFDS = WCF Data Services 5,backed by Entity Framework, using oData v3, formatted as JSON, served up via IIS7 and protected by Windows authentication.)

The crux is accessing the WCFDS in an authenticated manner from an AJAX call.

To this end, I have a client as an ASP.Net Web Application with Windows authentication set in Web.config and a Service Reference pointing to the WCFDS.

I want to use client-side JavaScript to access the Service Reference. How can I do this?

I thought about creating an aspx page, hosting in the client and direct calls from JavaScript code to this page, which would then retrieve data through the Service Reference – but I’m at a loss over how to expose the full functionality of the Service Reference in this manner (there are dozens of entities).

Can anyone help with advice?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    The Windows authorization settings in web.config are not directly related to WCF Data Services, so you probably won’t need to set anything there. You WILL need to set your settings up properly in IIS.

    There are a number of good articles out there about using Windows authorization over WCF Data Services; in a nutshell you have a wide degree of freedom in how you choose to expose authorization (ranging from filtering out individual entities from a feed to throwing 401/403s).

    A couple of good articles to read through:

    The simplest code you could possibly write would be something along the lines of:

    namespace Scratch.Web
{
    [ServiceBehavior(IncludeExceptionDetailInFaults = true)]
    public class ScratchService : DataService<ScratchContext>
    {
        [QueryInterceptor("Products")]
        public Expression<Func<Product, bool>> ProductsAuthorization()
        {
            if (!HttpContext.Current.Request.IsAuthenticated)
            {
                return (p) => false;
            }
            return (p) => HttpContext.Current.User.IsInRole("AllowAccessToProducts");
        }

        // ...rest of service code...
    }
}

    Note that everything on the client side is controlled by the browser, so you don’t really need to do anything there (the biggest step might be to add the site to Trusted Sites so it doesn’t prompt you for your credentials if you’re on a domain-joined machine).

    • 0