Security Considerations

This document describes how to avoid possible security risks when deploying a WPF application containing the DashboardControl and consists of the following sections:

Data Connection Security

Handle the DashboardControl.ConfigureDataConnection event to provide the required connection parameters at runtime.

Data Source Security

  • Entity Framework Data Source - Restricting Access to Unauthorized Assemblies

    Entity Framework Data Source (DashboardEFDataSource) does not allow loading of custom assemblies by default.

    To permit loading a specific assembly, handle the DashboardControl.CustomAssemblyLoading event. An unauthorized attempt to load a custom assembly results in a CustomAssemblyLoadingProhibitedException.

  • Object Data Source - Data Validation

    If an end-user opens the dashboard containing the DashboardObjectDataSource, the following message displays before data loading:

    Loading the data sources referenced in this file may harm your computer. Was this file obtained from a trusted source?

    This dialog allows end-users to select whether to trust the object data sources available in the application. You can change this default logic using the DashboardControl.ObjectDataSourceLoadingBehavior property. You can allow loading any object data sources, or you can load object data sources in a safe mode when their data member and data source settings are cleared.

    You can also provide a custom data source validation by handling the ObjectDataSource.BeforeFill event for the specified data source. The corresponding static ObjectDataSource.BeforeFillGlobal event allows you to validate all object data sources in your application.

See Also