Last Updated: 09 Oct 2019 13:18 by ADMIN
Created on: 02 Oct 2019 14:23
Type: Bug Report
HTML 5 Viewer shows me wrong data


i have a very big problem with Telerik Reporting after upgrading from version 2017 R3 ( to the latest version.
I tested also the version (2018 R3, 2019 R1 SP1, 2019 R2 SP1).


After installing the newer version, customers see data of other customers!!


I have a multi-tenant system. All of our report data sources filters by the logged in user TenantId (ASP.NET Identity).

But with newer versions if a second user opens the same report, he gets the data from the first user.


You can find a working repro here:


Clone the project and bring it to run. In branch "master" you find the working version, and in the branch "features/v13.2.19.918" you find the broken version.



Attached Files:
Posted on: 09 Oct 2019 13:18

Hi Daniel,

I noticed that you have opened a Support ticket on the same issue. We have answered there. I will summarize our reply also here for the benefit of our community.

With the older versions, each request was processed in a new thread. That's why each user's requests were under his/her identity. However, this way in some cases there were too many threads created server-side, which resulted occasionally in blocking the server.

With the recent versions, starting from, we introduced a dedicated rendering thread queue with a configurable count of threads for the REST Service. The thread queue is created once, upon initialization, e.g. under the user's account that has logged first. Thus, all these threads have the same identity, hence System.Threading.Thread.CurrentPrincipal.Identity is the same user in the context of the Report rendering threads.

Note that with this change we have introduced a new object UserIdentity. It gets the current user from the UI thread and passes its information to the Report rendering thread. The Context property is a Dictionary that may be used to pass any (serializable) information from the UI thread. For a sample, you may check How to use information from HttpContext in Custom Report Resolver KB article. Generally, you need to override the GetUserIdentity method of the ReportsController and fill the Context dictionary there, if you need additional information that is not passed by default.

With the above information in mind, we consider the observed change in the behavior as an improvement in the REST service and not a bug. For that reason, I will mark this bug report as Declined.

Progress Telerik

Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
Posted on: 02 Oct 2019 14:24
Please pay attention to my screenshots.