Skip to main content
BuyLog In
Business Intelligence Dashboard
Search in…
Docs > WPF Dashboard Viewer > Security Considerations
A newer version of this page is available. .
All docs
V21.1
Business Intelligence Dashboard
Get Started
Basic Concepts and Terminology
Common Features
WinForms Dashboard
Web Dashboard
WPF Dashboard Viewer
Prerequisites
Add Dashboard Control
Create and Load a Dashboard
Create Dashboards in the Visual Studio Designer
Providing Data
Underlying and Displayed Data
Title and Item Captions
Printing and Exporting
Security Considerations
Manage Interactivity Capabilities
Manage Dashboard Layout
Manage Dashboard Parameters
Manage Dashboard State
Localization
Customization
A List of Styles and Templates
Version Compatibility: Default Property Values
Visual Studio Integration
Redistribution and Deployment
Video Tutorials
Migration Guides
Examples
End-User Documentation
.NET Framework API Reference
.NET Core API Reference
HTML JS Control API Reference
ASP.NET Client API Reference
Download CHM

Security Considerations

  • 2 minutes to read

This document describes how to avoid possible security risks when you deploy a WPF application that contains the DashboardControl.

Data Connection Security

Handle the DashboardControl.ConfigureDataConnection event to specify connection parameters at runtime.

Data Source Security

Entity Framework Data Source - Restrict Access to Unauthorized Assemblies

You cannot load custom assemblies that can be referenced by Entity Framework data sources (DashboardEFDataSource) (the default setting).

To permit a user to load a specific assembly, handle the DashboardControl.CustomAssemblyLoading event. An unauthorized attempt to load a custom assembly results in a CustomAssemblyLoadingProhibitedException.

Object Data Source - Validate Data

If an user opens the dashboard that contains the DashboardObjectDataSource, the following message displays before data loading:

This dialog allows users to select whether to trust the object data sources available in the application. You can use the DashboardControl.ObjectDataSourceLoadingBehavior property to change this default logic. For instance, you can allow the application to load any object data sources, or you can load object data sources in safe mode when their data member and data source settings are cleared.

You can also handle the ObjectDataSource.BeforeFill event to execute custom validation for the specified data source. The corresponding static ObjectDataSource.BeforeFillGlobal event allows you to validate all object data sources in your application.

Excel, Extract, and JSON Data Sources - Restrict Access to External Data Resources

The Dashboard Viewer gets data from resources stored on the disk or on the Internet. We recommend that you specify access settings for data resources (Excel, Extract, and JSON data sources).

Use the AccessSettings class to explicitly allow the path to the data file. To accomplish this, configure rules in the DataResources property to restrict file system access to the specified folders. You can call the SetRules(IAccessRule[]) method when the application starts to specify rules before a dashboard control sets its rules. The SetRules(IAccessRule[]) method can be called only once at the application startup. Otherwise, the method will raise an exception. Alternatively, you can use the TrySetRules(IAccessRule[]) method, which does not raise an exception.

See Also