Last Updated: 23 Mar 2018 14:32 by ADMIN
Created on: 28 Nov 2017 09:57
Type: Feature Request
Encrypt parameters between HTML5 viewer and report engine
It would be nice to catch the parameters of the HTML5 viewer and the report engine.
I need to encrypt the parameter Ids that is visible to any man-in-the-middle attacks.

I did encrypt the parameters, and tried to use "CustomReportResolver : IReportResolver" to catch and decrypt it before send to the report engine or the report data source. But the resolver has only the report Id or name.

I'm using UriReportSource because we need to evaluate and try dynamic reports.
Posted on: 23 Mar 2018 14:32
Thank you for your input and advice. No, I do not have a better advice at the moment. You can eventually override the CreateInstance(string clientID, ClientReportSource reportSource) method of the ReportsControllerBase, but it delivers the parameters as JSON dictionary and expects such to be passed to the base method implementation also.
Posted on: 28 Nov 2017 10:39
I found a workaround to concatenate the parameters in a long string beside the report Id, keeping the parameters clean, then use the custom resolver to get it back and set the report parameters correctly; So, we can use an encrypted text here as report id.

* https://www.telerik.com/forums/customreportresolver-where-are-the-parameters
* https://stackoverflow.com/questions/42333356/telerik-html5-report-viewer-client-side-parameters-not-being-applied

Do you have any suggestion or ideal solution other than that? 
Posted on: 28 Nov 2017 10:11
i faced the same issue when i try to validate the parameters from the parameters area of the HTML5 viewer before rendering the report.
please adivec