Articles in this section
Category / Section

How to resolve the image rendering and exporting issue with the ASP.NET MVC Authentication filter

Published:
Updated:

You will get issue on rendering the image and exporting the report from report viewer and report designer in ASP.NET MVC application when Authentication filter has been used for your Web API. You have to ignore the Authentication validation for export and image request with condition of URL and form values.

Regarding security, you will not have any issues in the aspect of security by ignoring the authentication for this GetResource and PostReportAction requests. These requests are used to retrieve the file format content from the server and used with our control based on the framework suggestion to have better experience in usability in downloads and avoid the delay of rendering images with reports.

These requests will be used at the time of exporting and image rendering only, this cannot be used once again by others. This approach is similar to the Amazon Simple Storage Service (Amazon S3) how they are providing access to share the private files,

You can get more details of the implementation approach from these steps,

  1. Before initiating a non-authentication request, we will send the authenticate request to the server to generate the export and image content.
  2. The authenticated request will generate the export with a unique server for the downloadable content and unique id will be shared with the client once the content is ready.
  3. After completing the process of generation, we will get the runtime unique key generated from the client and we will do the non-authentication request post action from the client with a unique key to the content for download and image rendering.
  4. Once the content revival initiated with the server, we could not make use of this URL again to get the generated content once again from the server because the files will be deleted with the server after initiating the action.

You can find the following code reference for ignoring the Authentication in the filter and the sample from this link.

if (context.Request.RequestUri.ToString().Contains("ReportApi/PostReportAction") && HttpContext.Current.Request.Form.Count > 0 && HttpContext.Current.Request.Form.GetValues("reportAction")[0] == "Export")
{
   return;
}
else if (context.Request.RequestUri.ToString().Contains("ReportApi/GetResource"))
{
return;
}


Was this article useful?
Like
Dislike
Help us improve this page
Please provide feedback or comments
Comments (0)
Please sign in to leave a comment
Access denied
Access denied