Encrypt parameters between HTML5 viewer and report engine

Progress® Telerik® Reporting Feedback Portal

Create an account Log In

Back to Feed

Request a Feature Report a Bug

Unplanned

Last Updated: 23 Mar 2018 14:32 by ADMIN

Mhd.Ahd

Created on: 28 Nov 2017 09:57

Type: Feature Request

Encrypt parameters between HTML5 viewer and report engine

It would be nice to catch the parameters of the HTML5 viewer and the report engine.
I need to encrypt the parameter Ids that is visible to any man-in-the-middle attacks.

I did encrypt the parameters, and tried to use "CustomReportResolver : IReportResolver" to catch and decrypt it before send to the report engine or the report data source. But the resolver has only the report Id or name.

I'm using UriReportSource because we need to evaluate and try dynamic reports.

3 comments

ADMIN

Milen | Product Manager @DX

Posted on: 23 Mar 2018 14:32

Thank you for your input and advice. No, I do not have a better advice at the moment. You can eventually override the CreateInstance(string clientID, ClientReportSource reportSource) method of the ReportsControllerBase, but it delivers the parameters as JSON dictionary and expects such to be passed to the base method implementation also.

Mhd.Ahd

Posted on: 28 Nov 2017 10:39

I found a workaround to concatenate the parameters in a long string beside the report Id, keeping the parameters clean, then use the custom resolver to get it back and set the report parameters correctly; So, we can use an encrypted text here as report id.

Ref.
* https://www.telerik.com/forums/customreportresolver-where-are-the-parameters
* https://stackoverflow.com/questions/42333356/telerik-html5-report-viewer-client-side-parameters-not-being-applied


Do you have any suggestion or ideal solution other than that?

mido

Posted on: 28 Nov 2017 10:11

i faced the same issue when i try to validate the parameters from the parameters area of the HTML5 viewer before rendering the report.
please adivec