The issue is created on behalf of a request on aspnet.uservoice.com:
>
Currently, there is no way to influence in what way $expand binds additional models. I would very much like to have some control over what models are binded, in order to apply authorization on these binded models.
>
Half a year ago I already created a StackOverflow thread (http://stackoverflow.com/questions/18254600/modify-binding-of-expand-function-when-unauthorized) with the exact same problem. Since I think that there is not enough attention paid to this problem, I've created this UserVoice thread.
http://aspnet.uservoice.com/forums/147201-asp-net-web-api/suggestions/5318252-authorization-on-expand-functionality
>
Currently, there is no way to influence in what way $expand binds additional models. I would very much like to have some control over what models are binded, in order to apply authorization on these binded models.
>
Half a year ago I already created a StackOverflow thread (http://stackoverflow.com/questions/18254600/modify-binding-of-expand-function-when-unauthorized) with the exact same problem. Since I think that there is not enough attention paid to this problem, I've created this UserVoice thread.
http://aspnet.uservoice.com/forums/147201-asp-net-web-api/suggestions/5318252-authorization-on-expand-functionality