logo
small logo
  • Products
  • Buy
  • Support
  • Articles
  • Forgot password?
    • en
    • ru
    • pt
    • es
    • JP
    • ZH
  • Home
  • /
  • Articles
  • /
  • How to make a web report authentication
  • How to create the invoice from ASP.Net Core application

    August 31, 2020

    Few believed in the success of the new open-source ASP.Net Core framework from Microsoft. It’s

    read more
  • How to use FastReport reports in PHP application. Part 1.

    October 13, 2019

    FastReport.Net was created specially for the .net platform. Accordingly, web reports work with ASP.Net and

    read more
  • How to use FastReport reports in a PHP application. Part 2.

    October 13, 2019

    In the first part of the article, we created an ASP.Net Core application in which

    read more
  • How to use FastReport reports in a PHP application. Part 3

    October 14, 2019

    This is the final part of the article about using FastReport.Net in conjunction with a

    read more
  • How to create a custom toolbar for web FastReport.NET report

    May 31, 2020

    Many users of report generators are interested in setting up the toolbar when reviewing the

    read more

How to make a web report authentication

October 13, 2019

Every time we generate a web report, ajax request leads to the execution of handlers: WebResource.axd and FastReport.Export.axd. Files with the axd extension are used in ASP.Net applications to get resources from dll libraries: images, javascript and styles.

As a result, we get an HTML report file. But, since the report is generated and located in the IIS cache, then, knowing the generated report ID (which is generated upon request), a malefactor can easily get it. And this is a potential security issue if the report contains confidential data. The way out of this situation can be user authentication. That is, if the report is called by a specific user, then only he can get a copy of it.

We could check the http request for user authentication, but this is not a way out. A malefactor can always spoof a request. The best solution would be session authentication. Until recently, FastReport.Net did not provide such functionality. But in version 2019.3.13 there appeared an event for ajax authentication of report resources loaded via asp handler in WebReport.

The WebReport.CustomAuth event is executed before the report is displayed. At this point, you can check the user in the session. Here is an example of using a new event:

1
2
3
4
5
6
7
8
9
10
11
12
13
public ActionResult Index()
 {
 Session["User"] = "Father Brown";
...
 webReport.CustomAuth += WebReport_CustomAuth;
...
 }
...
 private void WebReport_CustomAuth(object sender, CustomAuthEventArgs e)
 {
 e.AuthPassed = (e.Context.Session["User"] as string) == "Father Brown";
 }
...

 As you can see, first, before creating the report, we set the username in the Http session, subscribe to the event. In the event handler, we perform a user check. If the report is requested by another user, then his name in the session will be different and the report will not be displayed. This example shows user authentication, but you can implement your own version.

Thus, we can significantly improve data security by implementing report authentication.

about product download buy
avatar
Dmitriy Fedyashov
Head of QA
FastReport ASP.NET MVC Core

Add comment
logo
  • 800-985-8986 (English, US)
  • +4930568373928 (German)
  • +55 19 98147-8148 (Portuguese)
  • info@fast-report.com
  • 901 N Pitt Str #325 Alexandria VA 22314
  • Buy
  • Download
  • Documentation
  • Testimonials
  • How to uninstall
  • Ticket system
  • FAQ
  • Tutorial Video
  • Forum
  • Articles
  • Our News
  • Press about us
  • Resellers
  • Our team
  • Contact us

© 1998-2021 by Fast Reports Inc.

  • Privacy Policy