Search results
Suggest a FeaturePDF

How to resolve the image rendering and exporting issue with ASP.NET Core Authentication middleware

You could not add the authentication for export and image rendering requests from the Report Viewer and Report Designer. So, you have to ignore the authentication for the GetResource and PostFormReportAction methods using the [AllowAnonymous] attribute.

Regarding security, you will not have any issues in the aspect of security by ignoring the authentication for this GetResource and PostFormReportAction requests. These requests are used to retrieve the file format content from the server and used with our control based on the framework suggestion to have better experience in usability in downloads and avoid the delay of rendering images with reports.

These requests will be used at the time of exporting and image rendering only, this cannot be used once again by others. This approach is similar to the Amazon Simple Storage Service (Amazon S3) how they are providing access to share the private files,

You can get more details of the implementation approach from these steps,

  1. Before initiating a non-authentication request, we will send the authenticate request to the server to generate the export and image content.
  2. The authenticated request will generate the exported with a unique server for the downloadable content and unique id will be shared with the client once the content is ready.
  3. After completing the process of generation, we will get the runtime unique key generated from the client and we will do the non-authentication request post action from the client with a unique key to the content for download and image rendering.
  4. Once the content revival initiated with the server, we could not make use of this URL again to get the generated content once again from the server because the files will be deleted with the server after initiating the action.

You can find the following code reference for using the [AllowAnonymous] attribute and sample from this link.

[Authorize]
    [Route("api/[controller]/[action]/{id?}")]
    public class ReportApiController : ControllerBase, IReportController
    {
        …….
        …….

        [ActionName("GetResource")]
        [AcceptVerbs("GET")]
        [AllowAnonymous]
        public object GetResource(ReportResource resource)
        {
            return ReportHelper.GetResource(resource, this, _cache);
        }

        [HttpPost]
        [AllowAnonymous]
        public object PostFormReportAction()
        {
            return ReportHelper.ProcessReport(null, this, this._cache);
        }

        …….
        …….
    }