logo
small logo
  • Ürünler
  • Satın al
  • Yardım
  • About
  • Kullanıcı paneli Yardım
    • en
    • de
    • JP
    • ZH
  • Anasayfa
  • /
  • Articles
  • /
  • How to make a web report authentication
  • How to use Online Designer in ASP .NET Core

    17 Ocak 2018

    One of the novelties by FastReport .NET 2018 was the adaptation of OnlineDesigner to the

    read more
  • FastReport .NET packages and .NET 5.0

    17 Aralık 2020

    UPD: Applies to the versions of FastReport .NET before 2022.2. License packages are now available

    read more
  • How to use FastReport reports in a PHP application. Part 2.

    13 Ekim 2019

    In the first part of the article, we created an ASP.Net Core application in which

    read more
  • How to create a custom toolbar for web FastReport.NET report

    31 Mayıs 2020

    Many users of report generators are interested in setting up the toolbar when reviewing the

    read more
  • How to create business cards from ASP .Net Core application

    31 Mayıs 2020

    ASP.Net Core Framework is a cross-platform solution for creating web applications. This means that you

    read more

How to make a web report authentication

13 Ekim 2019

Every time we generate a web report, ajax request leads to the execution of handlers: WebResource.axd and FastReport.Export.axd. Files with the axd extension are used in ASP.Net applications to get resources from dll libraries: images, javascript and styles.

As a result, we get an HTML report file. But, since the report is generated and located in the IIS cache, then, knowing the generated report ID (which is generated upon request), a malefactor can easily get it. And this is a potential security issue if the report contains confidential data. The way out of this situation can be user authentication. That is, if the report is called by a specific user, then only he can get a copy of it.

We could check the http request for user authentication, but this is not a way out. A malefactor can always spoof a request. The best solution would be session authentication. Until recently, FastReport.Net did not provide such functionality. But in version 2019.3.13 there appeared an event for ajax authentication of report resources loaded via asp handler in WebReport.

The WebReport.CustomAuth event is executed before the report is displayed. At this point, you can check the user in the session. Here is an example of using a new event:

1
2
3
4
5
6
7
8
9
10
11
12
13
public ActionResult Index()
 {
 Session["User"] = "Father Brown";
...
 webReport.CustomAuth += WebReport_CustomAuth;
...
 }
...
 private void WebReport_CustomAuth(object sender, CustomAuthEventArgs e)
 {
 e.AuthPassed = (e.Context.Session["User"] as string) == "Father Brown";
 }
...

 As you can see, first, before creating the report, we set the username in the Http session, subscribe to the event. In the event handler, we perform a user check. If the report is requested by another user, then his name in the session will be different and the report will not be displayed. This example shows user authentication, but you can implement your own version.

Thus, we can significantly improve data security by implementing report authentication.

ürün hakkında satın al
avatar
Dmitriy Fedyashov
Technical Writer
Fast Reports Team: Dmitriy Fedyashov - Technical Writer at Fast Reports
FastReport ASP.NET MVC Core

Yorum ekle
logo
  • 800-985-8986 (English, US)
  • +4930568373928 (German)
  • +55 19 98147-8148 (Portuguese)
  • info@fast-report.com
  • 901 N Pitt Str #325 Alexandria VA 22314
  • Satın al
  • İndir
  • Dökümantasyon
  • Geribildirimler
  • Ürünlerimizi nasıl kaldırabilirsiniz
  • SSS
  • Başlangıç için Video
  • Forum
  • Articles
  • Haberlerimiz
  • Basında Biz
  • Partnerler
  • Extended licensing
  • Bize Ulaşın

© 1998-2023 by Fast Reports Inc.

  • Gizlilik Politikası