ISecureDataConverter Interface

If implemented, enables the Web Report Designer to use a custom algorithm for storing data source connection strings on the client.

Namespace: DevExpress.XtraReports.Web.ClientControls

Assembly: DevExpress.XtraReports.v21.1.Web.dll


public interface ISecureDataConverter


When the SQL Data Source wizard obtains connection strings from the Web.config file, the serialized report contains only the connection name (and not the connection string itself).

You can register a custom connection string provider and store all the connection parameters or only the connection name with the serilaized data source. When the report serialized with connection parameters is passed to the client, these parameters are encrypted by applying the MachineKey algorithm. To provide a custom encryption mechanism, use the ISecureDataConverter interface.

Refer to the following topics for more information on data connection registration:

The following code illustrates an ISecureDataConverter implementation that stores connections in an XML file.

using DevExpress.XtraReports.Web.ClientControls;
using System;
using System.Linq;
using System.Xml.Linq;
// ...

public class CustomSecureDataConverter : ISecureDataConverter {
    const string URI = @"E:\Temp\Connections.xml";
    const string XML_CONNECTION = "Connection";
    const string XML_ID = "Id";
    static XDocument document;
    static object lockObj = new object();

    static CustomSecureDataConverter() {
        document = XDocument.Load(URI);

    public string Protect(string entity) {
        var id = Guid.NewGuid().ToString();
        lock (lockObj)
            document.Root.Add(new XElement(XML_CONNECTION, new XAttribute(XML_ID, id), entity));
        return id;

    public string Unprotect(string protectedEntity) {
        return document.Root.Elements(XML_CONNECTION)
            .First(x => x.Attribute(XML_ID).Value == protectedEntity)

    public static void Flush() {

A custom Data Converter implementation should be registered at the application startup (by calling the DefaultReportDesignerContainer.RegisterSecureDataConverter<T> method) and released in the Application_End event (by calling the Flush method).

using DevExpress.XtraReports.Web.ReportDesigner;
// ...

protected void Application_Start(object sender, System.EventArgs e) {

protected void Application_End(object sender, System.EventArgs e) {
See Also