Authorization header ignored in reporting REST api during the actual rendering of the report?

8 posts, 1 answers
  1. Sodi We
    Sodi We avatar
    160 posts
    Member since:
    Apr 2010

    Posted 23 Aug Link to this post

    Hi

    I am currently rewriting an old Silverlight Application in Angular. The original application had some reports which I would like to reuse.

    So I added a REST service to my web api by following the instructions in the docs. This seems to be working (http://localhost:[portnumber]/api/reports/formats returns the expected result). I also created a HTML5 viewer (in Angular), and made sure the authorization token is set (I'm using OAuth).

    Unfortunately the report doesn't show..

    I started to investigate and, as you can see, the network traffic reveals several requests to the report service are triggered. The next to last request appears to contain the contents of the report in html, but in fact this html is just an error page.

    While debugging I discovered that the request doing the actual rendering of the report is not authenticated and HttpContext.Current.User is null.
    My code to retrieve the report data relies on this user and therefor throws an exception. The authorization header is present and correct but is somehow ignored.

    In all other requests to the reportservice the request is authenticated and the current user is correctly filled, just not for this one request doing the rendering.
    Do you have any idea what might be causing this?

  2. Sodi We
    Sodi We avatar
    160 posts
    Member since:
    Apr 2010

    Posted 23 Aug Link to this post

    Attachment containing the network traffic.
  3. DevCraft banner
  4. Sodi We
    Sodi We avatar
    160 posts
    Member since:
    Apr 2010

    Posted 23 Aug Link to this post

    For some reason I cannot attach my screenshot with the network traffic, so instead I will copy paste it:

    telerikReportViewerTemplate-html
    /api/reports/resources/templates
    200
    OK
    xhrjquery.js:8630
    Script
    2.7 KB
    9.5 KB
    90 ms
    82 ms
    fonticons-css
    /api/reports/resources/font
    200
    OK
    stylesheetjquery.js:5221
    Script
    1.1 KB
    1.4 KB
    6 ms
    4 ms
    telerikReportViewer-css
    /api/reports/resources/styles
    200
    OK
    stylesheetjquery.js:5221
    Script
    2.3 KB
    6.4 KB
    5 ms
    4 ms
    TelerikWebUI-woff
    /api/reports/resources/font
    200
    OK
    fontjquery.js:5562
    Script
    96.5 KB
    96.0 KB
    3 ms
    2 ms
    clients
    /api/reports
    200
    OK
    xhrjquery.js:8630
    Script
    323 B
    0 B
    2 ms
    1 ms
    clients
    /api/reports
    200
    OK
    xhrOther685 B
    26 B
    39 ms
    38 ms
    parameters
    /api/reports/clients/152745-f10f
    200
    OK
    xhrjquery.js:8630
    Script
    336 B
    0 B
    10 ms
    10 ms
    instances
    /api/reports/clients/152745-f10f
    200
    OK
    xhrjquery.js:8630
    Script
    336 B
    0 B
    45 ms
    45 ms
    parameters
    /api/reports/clients/152745-f10f
    200
    OK
    xhrOther998 B
    1.2 KB
    263 ms
    262 ms
    instances
    /api/reports/clients/152745-f10f
    201
    Created
    xhrOther523 B
    28 B
    243 ms
    243 ms
    documents
    /api/reports/clients/152745-f10f/instances/152746-fcdb
    200
    OK
    xhrjquery.js:8630
    Script
    336 B
    0 B
    7 ms
    6 ms
    documents
    /api/reports/clients/152745-f10f/instances/152746-fcdb
    202
    Accepted
    xhrOther535 B
    39 B
    90 ms
    89 ms
    info
    /api/reports/clients/152745-f10f/instances/152746-fcdb/documents/152746-775a152746-1ec9
    200
    OK
    xhrjquery.js:8630
    Script
    323 B
    0 B
    41 ms
    41 ms
    info
    /api/reports/clients/152745-f10f/instances/152746-fcdb/documents/152746-775a152746-1ec9
    202
    Accepted
    xhrOther583 B
    87 B
    26 ms
    26 ms
    info
    /api/reports/clients/152745-f10f/instances/152746-fcdb/documents/152746-775a152746-1ec9
    200
    OK
    xhrjquery.js:8630
    Script
    323 B
    0 B
    2 ms
    1 ms
    info
    /api/reports/clients/152745-f10f/instances/152746-fcdb/documents/152746-775a152746-1ec9
    202
    Accepted
    xhrOther583 B
    87 B
    11 ms
    10 ms
    info
    /api/reports/clients/152745-f10f/instances/152746-fcdb/documents/152746-775a152746-1ec9
    200
    OK
    xhrjquery.js:8630
    Script
    323 B
    0 B
    4 ms
    3 ms
    info
    /api/reports/clients/152745-f10f/instances/152746-fcdb/documents/152746-775a152746-1ec9
    200
    OK
    xhrOther729 B
    86 B
    43 ms
    43 ms
    1
    /api/reports/clients/152745-f10f/instances/152746-fcdb/documents/152746-775a152746-1ec9/pages
    200
    OK
    xhrjquery.js:8630
    Script
    323 B
    0 B
    2 ms
    2 ms
    1
    /api/reports/clients/152745-f10f/instances/152746-fcdb/documents/152746-775a152746-1ec9/pages
    200
    OK
    xhrOther2.4 KB
    6.1 KB
    14 ms
    14 ms
    bbbaa6e360344d62a4e9999221dcc503/
    /api/reports/clients/152745-f10f/instances/152746-fcdb/documents/152746-775a152746-1ec9/resources
    200
    OK
    jpegOther9.5 KB
    9.2 KB
    6 ms
    5 ms
    10.00 s15.00 s20.00 s
    21 / 66 requests ❘ 122 KB / 581 KB transferred

  5. Stef
    Admin
    Stef avatar
    3047 posts

    Posted 25 Aug Link to this post

    Hi,

    Below is quote from my response in your support ticket in the same question:
    "The screenshot does not point to any errors on getting the HTML rendered on the server, all requests' responses are 200OK. If the returned HTML contain an error message related to the execution of the data-retrieval method, this will be listed in the response.

    Note that the data-retrieval method is executed in a separate context, and the current user's information will not be available in the data-retrieval's method. The user's information will be available in the Reporting REST service's methods and the report's constructor and events. In case using the data items' NeedDataSource event to set the data is not suitable, you can modify the data-retrieval method to get the id (string, integer) of the current user e.g. Using Parameters with the ObjectDataSource Component. Once you have the id of the user in the method, you can retrieved the user's information.
    "


    The duplicating forum thread is removed to avoid dispersing information in multiple threads.
    If you need further help, please let us continue the discussion in one of the threads in order to keep a better track on the exchanged information.
    thank you for your understanding.

    Regards,
    Stef
    Telerik by Progress
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
  6. Sodi We
    Sodi We avatar
    160 posts
    Member since:
    Apr 2010

    Posted 29 Aug Link to this post

    Thank you for your response. The screenshot was merely to demonstrate everything else seems to be working correctly.

    I already use parameters in my datasource, except for the current user, which comes from the context. Maybe this wasn't the best approach, but it never was an issue in the Silverlight application.

    At least now I know this is indeed the expected behaviour.

  7. Sodi We
    Sodi We avatar
    160 posts
    Member since:
    Apr 2010

    Posted 29 Aug Link to this post

    Thank you for your response. The screenshot was merely to demonstrate everything else seems to be working correctly.

    I already use parameters in my datasource, just not for the current user. I'm not sure if this was the best approach, but it never was an issue in the Silverlight application.

    At least now I know this is the expected behaviour, and additional work is needed to get my old Silverlight reports to work in the HTML5 viewer.

  8. Stef
    Admin
    Stef avatar
    3047 posts

    Posted 29 Aug Link to this post

    Hello,

    At the place you are using the current user in the data-retrieval method, you can add code retrieving the current user by id or other information that can be passed by a report parameter (string, integer value).

    Also the Reporting REST service is a WebAPI based controller and it does not have the ASP.NET Session available in it. The ASP.NET Session has to be enabled additionally - Enable session in Web Api 2 [duplicate](stackoverflow).

    Regards,
    Stef
    Telerik by Progress
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
  9. Answer
    Sodi We
    Sodi We avatar
    160 posts
    Member since:
    Apr 2010

    Posted 31 Aug Link to this post

    I was able to resolve this by using the CurrentPrincipal.Identity. Unlike the request in the current httpcontext, the thread is still authenticated during the rendering of the report. This saves me from having to change dozens of reports and data retrieval methods.

    I have no need for the ASP.Net session.

Back to Top
DevCraft banner