Are WCF Data Services (Astoria) a good choice for a Line of Business application?

Question

One of our architects is building a new reference architecture for the next generation of one of our company's applications. The prototype is an ASP.NET MVC 2 web app that sits on top of WCF Data Services (Astoria) and uses EntityFramework 4 for data access and object mapping.

The prototype application manages roles of users, so the services do things like creating/updating/deleting users, adding application access/abilities/roles to users, etc. So from a security standpoint, no one should be able to hit a data service outside of the application and have any of those actions take place.

I originally thought that WCF Data Services were meant for OData implementations and "open" services on the web, and that line of business apps should still use traditional WCF services for their adaptability, security, and other features. Am I way off base here? Are WCF Data Services a good choice to call from MVC controllers? Can they handle things like authentication and security as easily as traditional WCF services?

Answer 1

Update:

The new question is basically "Can WCF Data Services restrict access?", Yes.

---

These questions are hard to answer because you haven't posted your requirements, SLAs, or security needs. WCF Data Services are fine for my LoB but may no be for yours depending on all sorts of details you haven't posted.

Two Thoughts:

1) WCF Data Services are REST only and don't have the same security of options as a hand rolled WCF Service. Do you have to lock everything down like the Kremlin? WCF Data Services may not be your cup of tea.

2) WCF Data Services are perfect for for read-only, "SELECT TOP 50 * FROM PRODUCT" type service methods. Normally you'd have to write a couple of WCF Service methods for each entity type of your app. By leveraging WCF Data Services on top of a normal WCF service you can save yourself a lot of time writing the same read methods over and over again.