Printing report from HTML 5 viewer require authentication

3 posts, 1 answers
  1. Davide Coletto
    Davide Coletto avatar
    8 posts
    Member since:
    Jun 2005

    Posted 05 Sep 2018 Link to this post

    Hello,
    we've integrated HTML 5 Report Viewer in our solution in a ASP.NET 3.5 Web Site and the Reporting Service is hosted in a separated REST endpoint (.NET 4.6.2) using libraries downloaded from Telerik Private NuGet server.
    The REST enpoint implement Basic Authentication with a Bearer token retrieved from an our external REST endpoint.

    The report viewer works well with authentication but after Print operation require authentication from the browser.
    I see the same behaviour in Google Chrome, Opera.
    How can I remove the authentication box for printing report?
    Monitoring the HTTP traffic with Fiddler I see that the HTTP request for printing don't pass authentication token as previous calls (Request headers -> Security -> Authorization).

    I've tried various configuration for print mode:

    • FORCE_PDF_PLUGIN (as below): Download directly the file and after open it starts the print process.
    • FORCE_PDF_FILE: Show an authentication box in the browser
    • AUTO_SELECT: Show an authentication box in the browser 

    The authentication token is retrieved and setted in the Page_Load event in the ASP.NET page that host the HTML 5 Viewer.

    01.<script type="text/javascript">
    02. 
    03.        function onPageReady(e) {
    04.            console.log("page ready" + JSON.stringify(e));
    05.        }
    06. 
    07.        function onExportBegin(e) {
    08.            console.log("export begin" + JSON.stringify(e));
    09.        }
    10. 
    11.        function onPrintBegin(e) {
    12.            console.log("print begin" + JSON.stringify(e));
    13.        }
    14. 
    15.        $(document).ready(function () {
    16. 
    17.            var reportParams = <%= GetJsonParameters() %>
    18. 
    19.            $("#reportViewerMain")
    20.                .telerik_ReportViewer({
    21.                    serviceUrl: "<%= GetUrlReportingApi() %>",
    22.                    templateUrl: "<%= GetTemplateUrl() %>",
    23.                    authenticationToken: "<%= GetUserToken() %>",
    24.                    reportSource: {
    25.                        report: "<%= GetIdReport() %>",
    26.                        parameters: reportParams
    27.                    },
    28.                    viewMode: telerikReportViewer.ViewModes.INTERACTIVE,
    29.                    scaleMode: telerikReportViewer.ScaleModes.SPECIFIC,
    30.                    printMode: telerikReportViewer.PrintModes.FORCE_PDF_PLUGIN,
    31.                    scale: 1.0,
    32.                    pageReady: onPageReady,
    33.                    exportBegin: onExportBegin,
    34.                    printBegin: onPrintBegin,
    35.                    error: function (e, args) {
    36.                        console.error("Report viewer error: " + args);
    37.                    }
    38.                });
    39.            $("#reportViewerMain").height(window.innerHeight);
    40.        });
    41.    </script>

     

    Telerik version: 12.1.18.620 (Runtime: v4.0.30319)

    IDE version: Visual Studio 2017 Enterprise version 15.8.2

     

    Can you help me?

    Thanks.

     Best regards.

     Fabio

     

  2. Answer
    Todor
    Admin
    Todor avatar
    285 posts

    Posted 10 Sep 2018 Link to this post

    Hello Fabio,

    By design the requests for resources are not authenticated. Note that all the resources are generated with unique random IDs that are practically impossible to guess.

    The observed behavior can be due to the ReportsController actions not requiring authentication by default being overridden, with added authorization logic. I suspect that you have put Authorization to the entire ReportsController. If so, the server will require authorization token that is not sent by the viewer when requesting resources (i.e. upon printing).
    Internally we authorize all the necessary actions. You can remove the additional authorization, which should prevent the browser from requesting the unwanted authorization for printing.

    Regards,
    Todor
    Progress Telerik
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
  3. Davide Coletto
    Davide Coletto avatar
    8 posts
    Member since:
    Jun 2005

    Posted 10 Sep 2018 in reply to Todor Link to this post

    Hello Todor,

    I've checked and done as you suggested and now it works.

    I've needed to change the authorization filter in such a way that the report's controller has been excluded from this check,
    needed for other controllers.

    Thanks for your help and clarifications.

    Regards.
    Fabio

Back to Top