Skip to main content
BuyLog In
.NET Reporting Tools
Search in…
Docs > Reporting for Desktop > Reporting for WPF > Application Security > Ensure Safe Loading of Reports
All docs
V24.2
Reporting
Product Information
What's New
.NET Support
Get Started with DevExpress Reporting
Create Different Report Types (Walkthroughs)
Detailed Guide to DevExpress Reporting
Memory Usage in Reporting - Best Practices
Localize Reporting Applications
Security Considerations
AI-powered Extensions
Visual Studio Report Designer
VS Code Report Designer
Reporting for Desktop
Accessibility
Reporting for WinForms
Reporting for WPF
Print
Document Preview
End-User Report Designer
Application Security
Ensure Safe Loading of Reports
Data Access Security
Custom SQL Query in the Report Designer
Custom SQL Query Validation
Application Appearance
Application Deployment
WPF UI Development Bundles that Include Reports
Localization
Reporting for WinUI
Reporting for .NET MAUI
Reporting for Web
Cloud Integration
.NET Aspire Integration
Cross-Platform .NET App UI
Backend Web API Service / REST API for Reporting
WCF Report Service
End-User Documentation
Redistribution and Deployment
API Reference
ASP.NET Core API Reference
Blazor API Reference
Client API Reference
Client API Reference (Web Forms & MVC)
Download CHM

Ensure Safe Loading of Reports (WPF)

  • 2 minutes to read

This topic describes how to allow users to load only secure reports in WPF reporting applications.

When a user attempts to load a potentially unsafe report, End-User Report Designer for WPF displays the following warning:

report-designer-wpf-load-report-warning

A report is considered unsafe if it (or in any of its subreports) contains any of the following:

Important

If you have not yet done so, be sure to review the following help topic: DevExpress Reporting - Security Considerations.

The following code prevents users from being able to load unsafe reports:

public partial class MainWindow : System.Windows.Window {
    public MainWindow() {
        InitializeComponent();
        DevExpress.XtraReports.Configuration.Settings.Default.UserDesignerOptions.ReportLoadingRestrictionLevel =
DevExpress.XtraReports.UI.RestrictionLevel.Disable;
    }
}

The code above displays the error message when the user attempts to load a potentially unsafe report.

report-designer-wpf-load-report-disabled-warning

In a restricted environment, when all reports are guaranteed to be safe, you can disable this warning and allow end-users to load any report by setting the UserDesignerOptions.ReportLoadingRestrictionLevel property to RestrictionLevel.Enable.

The following code lets you determine whether a report is considered unsafe, and displays detected security warnings in the Output window:

var traceSource = DevExpress.XtraPrinting.Tracer.GetSource("DXperience.Reporting", 
    System.Diagnostics.SourceLevels.Error | System.Diagnostics.SourceLevels.Warning);
var listener = new System.Diagnostics.DefaultTraceListener();
traceSource.Listeners.Add(listener);
try {
    new XtraReport1().ShowRibbonDesignerDialog();
} finally {
    traceSource.Listeners.Remove(listener);
}