Field Security
In order to support access control on a per field level , Harmony Core provides AuthorizeFieldAttribute. Use in conjunction with an ASP.Net Identity Provider this do one of two things. It can restrict access to a field to sessions that have been authenticated, or it can restrict access to sessions that have a particular role assigned to them. Roles are specified by passing in a comma separated list of the roles that should have access to this following field. If no roles are specified, then the field requires the user to be logged in but not with any particular role.
In order to support this authorization filtering we have another attribute that gets applied to controllers where you want this behavior. HarmonyFieldSecurity, this is a replacement for EnableQuery and as such it takes all the same arguments. The only difference is HarmonyFieldSecurity changes the request dispatching mechanism to remove non visible fields from the EDM Model for the current request.