This is a migrated thread and some comments may be shown as answers.

Security in the report viewer

1 Answer 66 Views
General Discussions
This is a migrated thread and some comments may be shown as answers.
Alexander
Top achievements
Rank 1
Veteran
Alexander asked on 06 Jul 2020, 10:07 AM

Hi all,

 

I don't know if this is the right forum, but i have a small question bout security of the self-hosted REST service for the reporting viewer.I am using asp.net core and have a few (secured) pages that show telerik reports. These are .trdp files hosted by ourselves and setup according to https://docs.telerik.com/reporting/telerik-reporting-rest-service-aspnetcore-mvc-core3 ... 

 

This is however a jQuery implementation and from within the code of jquery i can probably easily change the .trdp file name (i use logical names, so not hard to guess) and get a different report. This was not a real big problem, but now certain users should not be able to see certain reports.So this suddenly became a problem. 

 

Does anybody have an idea what the best approach would be to secure this?

 

Thanks,

Alexander

1 Answer, 1 is accepted

Sort by
0
Katia
Telerik team
answered on 09 Jul 2020, 06:39 AM

Hi Alexander,

The viewer provides an option to set authentication token that will add a Bearer token in the Authorization header for every request to the REST service. Another option is to resolve the viewer's ReportSource at run-time based on the currently logged in user, this can be done in a custom report resolver. You can also test if overriding the methods of Reporting REST service can be beneficial in your scenario.

We also provide a separate product for centralized reports storage and report users management - Telerik Report Server.

 

Regards,
Katia
Progress Telerik

Progress is here for your business, like always. Read more about the measures we are taking to ensure business continuity and help fight the COVID-19 pandemic.
Our thoughts here at Progress are with those affected by the outbreak.
Tags
General Discussions
Asked by
Alexander
Top achievements
Rank 1
Veteran
Answers by
Katia
Telerik team
Share this question
or