A newer version of this page is available. Switch to the current version.

ISecureDataConverter Interface

If implemented, enables the Web Report Designer to use a custom algorithm for storing data source connection strings on the client.

Namespace: DevExpress.XtraReports.Web.ClientControls

Assembly: DevExpress.XtraReports.v18.2.Web.dll


public interface ISecureDataConverter
Public Interface ISecureDataConverter


When the SQL Data Source wizard obtains connection strings from the Web.config file, only the connection name is serialized with the report definition.

You can register a custom connection string provider. Based on the registration mode you choose, all the connection parameters or the connection name only are serialized along with a report data source. When the report serialized with connection parameters is passed to the client, these parameters are encrypted by applying the MachineKey algorithm. To provide a custom encryption mechanism, use the ISecureDataConverter interface.

The following code illustrates an ISecureDataConverter implementation that stores connections in an XML file.

using DevExpress.XtraReports.Web.ClientControls;
using System;
using System.Linq;
using System.Xml.Linq;
// ...

public class CustomSecureDataConverter : ISecureDataConverter {
    const string URI = @"E:\Temp\Connections.xml";
    const string XML_CONNECTION = "Connection";
    const string XML_ID = "Id";
    static XDocument document;
    static object lockObj = new object();

    static CustomSecureDataConverter() {
        document = XDocument.Load(URI);

    public string Protect(string entity) {
        var id = Guid.NewGuid().ToString();
        lock (lockObj)
            document.Root.Add(new XElement(XML_CONNECTION, new XAttribute(XML_ID, id), entity));
        return id;

    public string Unprotect(string protectedEntity) {
        return document.Root.Elements(XML_CONNECTION)
            .First(x => x.Attribute(XML_ID).Value == protectedEntity)

    public static void Flush() {

A custom Data Converter implementation should be registered at the application startup (by calling the DefaultReportDesignerContainer.RegisterSecureDataConverter<T> method) and released in the Application_End event (by calling the Flush method).

using DevExpress.XtraReports.Web.ReportDesigner;
// ...

protected void Application_Start(object sender, System.EventArgs e) {

protected void Application_End(object sender, System.EventArgs e) {
See Also