I want to design a project which will require that 100+ users have access to their own polygon records. This is not a collaborative effort, a user adds polygons, and only this user (and I as the admin) will be able to see their polygons. In theory, i should be able to create one feature class, the columns would then be "Polygon_Name, Polygon_ID, User_ID and Polygon_geometry".
I can create the feature & geodata services to serve the feature class , i can secure the services with token-based authorization and i can query based on the USER_ID column so only the polygon records of the appropriate user returns. But the way i understand it (and please correct me if I'm wrong), at this point, the only thing preventing users from seeing another's records is the querytask which is done from within the client(and therefore has no security).
Other than creating a different feature class and feature service for each of the 100+ users (which is not feasible), is there any other way of doing this?
Can the querytask be intercepted, checked and then sent along?
Can I use the featurelayer & editor purely for the user interface, but then have the polygon submitted to a WCF service which adds or edits an existing polygon in a feature class through web adf (or yet another featurelayer & feature service which only the admin has access to?)
Any thoughts on this would be greatly appreciated
