How to: Validate Data
This article is relevant to entity models that utilize the deprecated Visual Studio integration of Telerik Data Access. The current documentation of the Data Access framework is available here.
WCF Data Services enables an application to intercept request messages so that you can add custom logic to an application. You can use this custom logic to validate data in incoming messages. You can also use it to further restrict the scope of a query request, such as to insert a custom authorization policy on a per request basis. Interception is performed by specially attributed methods in the data service. These methods are called by the ADO.NET Data Services at the appropriate point in message processing.
The following attributes are supported for interception:
- QueryInterceptorAttribute - methods with this attribute are called when an HTTP GET request is received.
- ChangeInterceptorAttribute - methods with this attribute are called when an HTTP request other than HTTP GET request is received.
Extending the Data Service Class
In order to perform validation, you will need to define specially attributed methods in the data service class. As it is described in How to: Extend Data Service, the recommended way to do this it to use partial classes.
Query Interceptor
Query interceptor methods are called when processing an HTTP GET request. They must return a lambda expression that determines whether an instance of the validated entity should be returned. The following is an example definition of a query interceptor:
public partial class EntitiesModelService
{
[System.Data.Services.QueryInterceptor( "Cars" )]
public System.Linq.Expressions.Expression<Func<Car, bool>> OnQueryCars()
{
return o => o.CarYear == 2001;
}
}
Partial Public Class EntitiesModelService
<Data.Services.QueryInterceptor("Cars")>
Public Function OnQueryCars() As Linq.Expressions.Expression(Of Func(Of Car, Boolean))
Return Function(o) o.CarYear = 2001
End Function
End Class
Change Interceptor
Change interceptors are called when processing non-query operations. They must return void (Nothing in VB) and accept the following two parameters:
- A parameter of a type that is compatible with the entity type that will be validated.
- A parameter of type UpdateOperations reflecting the operation that the request is trying to perform.
The following is an example definition of a change interceptor:
public partial class EntitiesModelService
{
[ChangeInterceptor( "Cars" )]
public void OnChangeCars( Car car, UpdateOperations operations )
{
if ( operations == UpdateOperations.Add ||
operations == UpdateOperations.Change )
{
if ( car.Make == "VW" )
throw new DataServiceException( 400,
"A car with make equals to VW, cannot be modified" );
}
else if ( operations == UpdateOperations.Delete )
{
throw new DataServiceException( 400,
"Cars cannot be deleted" );
}
}
}
Partial Public Class EntitiesModelService
<ChangeInterceptor("Cars")>
Public Sub OnChangeCars(ByVal car_Renamed As Car, ByVal operations As UpdateOperations)
If operations = UpdateOperations.Add OrElse operations = UpdateOperations.Change Then
If car_Renamed.Make = "VW" Then
Throw New DataServiceException(400, "A car with make equals to VW, cannot be modified")
End If
ElseIf operations = UpdateOperations.Delete Then
Throw New DataServiceException(400, "Cars cannot be deleted")
End If
End Sub
End Class