Limiting access to fields for web service client

  • Thread starter Thread starter dev
  • Start date Start date
D

dev

Hello,

I have a web service that returns an entity (C# class). I would like to
disallow access to some of the members in write access to the WebService
clients. Setting them private or protected in the class definition can
not be achieved since in the WebService they must be writeable.

Dummy example to explain if it is not clear:

In WebService definition:

// ...
class MyClass
{
public int id;
public int name;
};

// ...
MyClass WebService_GetMyClass()
{
MyClass mc = new MyClass();
mc.id = 1; // id must be public
mc.name = "foo";
}

void WebService_UpdateMyClass(MyClass mc)
{
// ...
}

WebService client:

MyClass mc = WS.WebService_GetMyClass();
mc.id = 22; // <== this is what I want to avoid *******
WS.WebService_UpdateMyClass(mc);


Thanks for your answers.
 
Thus wrote Dev,
Hello,

I have a web service that returns an entity (C# class). I would like
to disallow access to some of the members in write access to the
WebService clients. Setting them private or protected in the class
definition can not be achieved since in the WebService they must be
writeable.

Dummy example to explain if it is not clear:

In WebService definition:

// ...
class MyClass
{
public int id;
public int name;
};
// ...
MyClass WebService_GetMyClass()
{
MyClass mc = new MyClass();
mc.id = 1; // id must be public
mc.name = "foo";
}
void WebService_UpdateMyClass(MyClass mc)
{
// ...
}
WebService client:

MyClass mc = WS.WebService_GetMyClass();
mc.id = 22; // <== this is what I want to avoid *******
WS.WebService_UpdateMyClass(mc);
Thanks for your answers.
Click to expand...

The overall model of transmitting an object across process boundaries while
still trying to maintain control over is dangerously flawed. Web Services
are all about exchaging messages. If you don't want to make information visible
on the receiver's side, don't put that information in your message.

Cheers,
 
Back
Top