But when you define everything (Request & Response DTO’s in the ServiceModel project), you can’t put any security related restrictions (RequirePermission, RequireRole, etc…).
If I put everything (Request DTOS / Response DTO’s) in my ServiceInterface project, no clients will be able to access it for strongly typed calls. Maybe I’ve been staring at this too long?
Ahhhh that’s where my confusion is happening. DTOs, stored in the servicemodel project, define contracts with routes (Route attribute). Services define security constraints.
I thought I remember reading request DTOs handle that as well, but I must have gotten it confused.
Is the only reason I see examples with everything (Request DTOs, response DTOs, db POCOs) all inlined in the ServieInterface is for simplicities sake?