I don't know if this is the right forum, but i have a small question bout security of the self-hosted REST service for the reporting viewer.I am using asp.net core and have a few (secured) pages that show telerik reports. These are .trdp files hosted by ourselves and setup according to https://docs.telerik.com/reporting/telerik-reporting-rest-service-aspnetcore-mvc-core3 ...
This is however a jQuery implementation and from within the code of jquery i can probably easily change the .trdp file name (i use logical names, so not hard to guess) and get a different report. This was not a real big problem, but now certain users should not be able to see certain reports.So this suddenly became a problem.
Does anybody have an idea what the best approach would be to secure this?