logo
small logo
  • Products
  • Buy
  • Support
  • Articles
  • Customer panel Support
    • en
    • pt
    • es
    • de
    • pl
    • JP
    • ZH
  • Home
  • /
  • Articles
  • /
  • How to make a web report authentication
  • How to use FR Core Web Report in Single Page Application Angular 7

    April 29, 2019

    The concept of one-page apps is finding an increasing number of supporters. One of the

    read more
  • How to create a report from web application code

    February 16, 2022

    Sometimes creating a report can turn into to be a real headache. For example, when

    read more
  • How to use WebReport with ASP .NET Web Core application

    January 17, 2018

    Recently FastReport introduced a new library under the .NET - FastReport Core platform. This is

    read more
  • How to use FastCube .NET in ASP .NET Core application

    May 6, 2021

    1. About FastCube Report generator FastReport .NET covers nearly all requirements of users in report making.

    read more
  • How to use FastCube .NET in the SPA application Knockout.js

    July 21, 2021

    To output the data cube, we will create a SPA application by means of Knockout.js

    read more

How to make a web report authentication

October 13, 2019

Every time we generate a web report, ajax request leads to the execution of handlers: WebResource.axd and FastReport.Export.axd. Files with the axd extension are used in ASP .NET applications to get resources from dll libraries: images, javascript and styles.

As a result, we get an HTML report file. But, since the report is generated and located in the IIS cache, then, knowing the generated report ID (which is generated upon request), a malefactor can easily get it. And this is a potential security issue if the report contains confidential data. The way out of this situation can be user authentication. That is, if the report is called by a specific user, then only he can get a copy of it.

We could check the http request for user authentication, but this is not a way out. A malefactor can always spoof a request. The best solution would be session authentication. Until recently, FastReport.Net did not provide such functionality. But in version 2019.3.13 there appeared an event for ajax authentication of report resources loaded via asp handler in WebReport.

The WebReport.CustomAuth event is executed before the report is displayed. At this point, you can check the user in the session. Here is an example of using a new event:

1
2
3
4
5
6
7
8
9
10
11
12
13
public ActionResult Index()
 {
 Session["User"] = "Father Brown";
...
 webReport.CustomAuth += WebReport_CustomAuth;
...
 }
...
 private void WebReport_CustomAuth(object sender, CustomAuthEventArgs e)
 {
 e.AuthPassed = (e.Context.Session["User"] as string) == "Father Brown";
 }
...

 As you can see, first, before creating the report, we set the username in the Http session, subscribe to the event. In the event handler, we perform a user check. If the report is requested by another user, then his name in the session will be different and the report will not be displayed. This example shows user authentication, but you can implement your own version.

Thus, we can significantly improve data security by implementing report authentication.

about product download buy
avatar
Dmitriy Fedyashov
Technical Writer
Fast Reports Team: Dmitriy Fedyashov - Technical Writer at Fast Reports
FastReport ASP.NET MVC Core

Add comment
logo
  • 800-985-8986 (English, US)
  • +4930568373928 (German)
  • +55 19 98147-8148 (Portuguese)
  • info@fast-report.com
  • 901 N Pitt Str #325 Alexandria VA 22314
  • Buy
  • Download
  • Documentation
  • Testimonials
  • How to uninstall
  • Ticket system
  • FAQ
  • Tutorial Video
  • Forum
  • Articles
  • Our News
  • Press about us
  • Resellers
  • Contact us

© 1998-2022 by Fast Reports Inc.

  • Privacy Policy