Filtering by user on the server-side with WCF Data Services

I'm trying to create an WCF Data Services service which allows documents to be downloaded from a server, to client applications running .NET 4.0.

The documents should only be downloadable by the user which owns them. Users can be authenticated on the server with a username and password. And I've found a way of sending the user credentials from the client to the server (DataServiceContext.Credentials).

The area that I'm struggling with is being able to restrict the documents returned by the service to just the subset owned by the user. I can check that the username and password is valid easily enough but I'm not sure how I should then use that to filter the results.

I don't have a complex model on the server, just a list of documents and associated user accounts. Some documents may be shared between a number of users开发者_运维问答.

Am I trying to do something which WCF Data Services isn't really designed for?

---

I think I've found a good solution - query interceptors:

How to: Intercept Data Service Messages (WCF Data Services)