IExportingAuthorizationService Interface
Implements custom authorization to restrict access to exported documents in a web reporting application.
Namespace: DevExpress.XtraReports.Web.WebDocumentViewer
Assembly: DevExpress.XtraReports.v23.1.Web.dll
NuGet Package: DevExpress.Web.Reporting.Common
Declaration
Remarks
General Information
The Document Viewer queries the IExportingAuthorizationService service when the control performs the asynchronous print or export operations.
For access control purposes, all operations can be classified by the object that the document viewer processes in a particular operation. The objects are:
- Reports
- Documents
- Document export results.
The IWebDocumentViewerAuthorizationService service allows you to control access to the report, generated documents and to the results of synchronous export. The IExportingAuthorizationService allows you to restrict access to the document resulted from asynchronous export.
Tip
Review the following topic for more information on the Document Viewer operations: Document Viewer Lifecycle
Implementation
When export is performed synchronously, the resulting document is generated in the same request, and you can use the IWebDocumentViewerAuthorizationService.CanReadDocument method for access check.
When export is performed asynchronously (the AsyncExportApproach is true), the exported document is stored on the server, and the Document Viewer requests the document by an URL. In this situation you can register the IExportingAuthorizationService service and use the CanReadExportedDocument method to perform access check.
When you implement these methods, you need information about the current user and id assigned to the document generated in an asynchronous export operation. Implement the WebDocumentViewerOperationLogger interface to gather all the required information.
Examples
ASP.NET MVC Example
The following code is a custom interface implementation that allows authorized users to view the report in the Document Viewer. A custom WebDocumentViewerOperationLogger service populates dictionaries with the user id, report id, document id and asynchronous operation id. The IWebDocumentViewerAuthorizationService controls access to reports and documents, the IExportingAuthorizationService controls access to the asynchronously exported document.
using DevExpress.XtraReports.UI;
using DevExpress.XtraReports.Web.WebDocumentViewer;
using System.Collections.Concurrent;
using System.Web;
using System;
using DevExpress.XtraPrinting;
using DevExpress.XtraReports.Web.ClientControls;
namespace AuthorizationService.Services {
public class OperationLogger: WebDocumentViewerOperationLogger,
IWebDocumentViewerAuthorizationService,
IExportingAuthorizationService
{
#region WebDocumentViewerOperationLogger
public override void ReportOpening(string reportId, string documentId, XtraReport report)
{
if (HttpContext.Current.Session == null) {
return;
}
SaveUsedEntityId(Constants.ReportDictionaryName, reportId);
SaveUsedEntityId(Constants.DocumentDictionaryName, documentId);
}
public override void BuildStarted(string reportId, string documentId,
ReportBuildProperties buildProperties)
{
SaveUsedEntityId(Constants.ReportDictionaryName, reportId);
SaveUsedEntityId(Constants.DocumentDictionaryName, documentId);
}
public override ExportedDocument ExportDocumentStarting(string documentId,
string asyncExportOperationId, string format, ExportOptions options,
PrintingSystemBase printingSystem, Func<ExportedDocument> doExportSynchronously)
{
SaveUsedEntityId(Constants.ExportedDocumentDictionaryName, asyncExportOperationId);
return base.ExportDocumentStarting(documentId, asyncExportOperationId, format, options,
printingSystem, doExportSynchronously);
}
public override void ReleaseDocument(string documentId) {
}
#endregion WebDocumentViewerOperationLogger
#region IWebDocumentViewerAuthorizationService
bool IWebDocumentViewerAuthorizationService.CanCreateDocument() {
return CheckUserAuthorized();
}
bool IWebDocumentViewerAuthorizationService.CanCreateReport() {
return CheckUserAuthorized();
}
bool IWebDocumentViewerAuthorizationService.CanReadDocument(string documentId) {
return CheckEntityAvailability(Constants.DocumentDictionaryName, documentId);
}
bool IWebDocumentViewerAuthorizationService.CanReadReport(string reportId) {
return CheckEntityAvailability(Constants.ReportDictionaryName, reportId);
}
bool IWebDocumentViewerAuthorizationService.CanReleaseDocument(string documentId) {
return CheckEntityAvailability(Constants.DocumentDictionaryName, documentId);
}
bool IWebDocumentViewerAuthorizationService.CanReleaseReport(string reportId) {
return CheckEntityAvailability(Constants.ReportDictionaryName, reportId);
}
public bool CanReadExportedDocument(string exportDocumentId) {
return CheckEntityAvailability(Constants.ExportedDocumentDictionaryName, exportDocumentId);
}
#endregion IWebDocumentViewerAuthorizationService, IExportingAuthorizationService
bool CheckUserAuthorized() {
var user = HttpContext.Current.User;
if (user == null || user.Identity == null || !user.Identity.IsAuthenticated)
{
return false;
}
return true;
}
void SaveUsedEntityId(string dictionaryName, string id) {
if (string.IsNullOrEmpty(id))
return;
ConcurrentDictionary<string, bool> dictionary = null;
lock (HttpContext.Current.Session.SyncRoot) {
if (HttpContext.Current.Session[dictionaryName] == null)
HttpContext.Current.Session[dictionaryName] = dictionary
= new ConcurrentDictionary<string, bool>();
}
if (dictionary == null)
dictionary = ((ConcurrentDictionary<string, bool>)HttpContext.Current.
Session[dictionaryName]);
dictionary.AddOrUpdate(id, false, (_1, _2) => false);
}
bool CheckEntityAvailability(string dictionaryName, string id) {
if (string.IsNullOrEmpty(id) || !CheckUserAuthorized())
return false;
lock (HttpContext.Current.Session.SyncRoot) {
if (HttpContext.Current.Session[dictionaryName] == null)
return false;
}
return
((ConcurrentDictionary<string, bool>)HttpContext.Current.
Session[dictionaryName]).ContainsKey(id);
}
void DisposeEntityRequested(string dictionaryName, string id) {
if (string.IsNullOrEmpty(id))
return;
lock (HttpContext.Current.Session.SyncRoot) {
if (HttpContext.Current.Session[dictionaryName] == null)
return;
}
((ConcurrentDictionary<string, bool>)HttpContext.Current.
Session[dictionaryName]).AddOrUpdate(id, true, (_1, _2) => true);
}
}
}
Register the service on application startup:
protected void Application_Start() {
...
DefaultWebDocumentViewerContainer.Register<IExportingAuthorizationService, Services.OperationLogger>();
DefaultWebDocumentViewerContainer.Register<WebDocumentViewerOperationLogger, Services.OperationLogger>();
DefaultWebDocumentViewerContainer.Register<IWebDocumentViewerAuthorizationService, Services.OperationLogger>();
...
}
ASP.NET Core Example
The following code is a custom interface implementation that allows authorized users to view the report in the Document Viewer. A custom WebDocumentViewerOperationLogger service populates dictionaries with the user id, report id, document id and asynchronous operation id. The IWebDocumentViewerAuthorizationService controls access to reports and documents, the IExportingAuthorizationService controls access to the asynchronously exported document.
using System;
using System.Collections.Concurrent;
using DevExpress.XtraPrinting;
using DevExpress.XtraReports.UI;
using DevExpress.XtraReports.Web.ClientControls;
using DevExpress.XtraReports.Web.WebDocumentViewer;
namespace AspNetCore.Reporting.Common.Services.Reporting {
class DocumentViewerAuthorizationService :
WebDocumentViewerOperationLogger,
IWebDocumentViewerAuthorizationService,
IExportingAuthorizationService
{
static ConcurrentDictionary<string, string> DocumentIdOwnerMap { get; } =
new ConcurrentDictionary<string, string>();
static ConcurrentDictionary<string, string> ExportedDocumentIdOwnerMap { get; } =
new ConcurrentDictionary<string, string>();
static ConcurrentDictionary<string, string> ReportIdOwnerMap { get; } =
new ConcurrentDictionary<string, string>();
IAuthenticatiedUserService UserService { get; }
public DocumentViewerAuthorizationService(IAuthenticatiedUserService userService)
{
UserService = userService ?? throw new ArgumentNullException(nameof(userService));
}
public override void ReportOpening(string reportId, string documentId, XtraReport report)
{
MapIdentifiersToUser(UserService.GetCurrentUserId(), documentId, reportId, null);
base.ReportOpening(reportId, documentId, report);
}
public override void BuildStarted(string reportId, string documentId,
ReportBuildProperties buildProperties)
{
MapIdentifiersToUser(UserService.GetCurrentUserId(), documentId, reportId, null);
base.BuildStarted(reportId, documentId, buildProperties);
}
public override ExportedDocument ExportDocumentStarting(string documentId,
string asyncExportOperationId, string format, ExportOptions options,
PrintingSystemBase printingSystem, Func<ExportedDocument> doExportSynchronously)
{
MapIdentifiersToUser(UserService.GetCurrentUserId(), null, null, asyncExportOperationId);
return base.ExportDocumentStarting(documentId,
asyncExportOperationId, format, options, printingSystem, doExportSynchronously);
}
void MapIdentifiersToUser(string userId, string documentId,
string reportId, string exportedDocumentId)
{
if(!string.IsNullOrEmpty(exportedDocumentId))
ExportedDocumentIdOwnerMap.TryAdd(exportedDocumentId, userId);
if(!string.IsNullOrEmpty(documentId))
DocumentIdOwnerMap.TryAdd(documentId, userId);
if(!string.IsNullOrEmpty(reportId))
ReportIdOwnerMap.TryAdd(reportId, userId);
}
#region IWebDocumentViewerAuthorizationService
public bool CanCreateDocument()
{
return true;
}
public bool CanCreateReport()
{
return true;
}
public bool CanReadDocument(string documentId)
{
return DocumentIdOwnerMap.TryGetValue(documentId, out var ownerId)
&& ownerId == UserService.GetCurrentUserId();
}
public bool CanReadReport(string reportId)
{
return ReportIdOwnerMap.TryGetValue(reportId, out var ownerId)
&& ownerId == UserService.GetCurrentUserId();
}
public bool CanReleaseDocument(string documentId)
{
return true;
}
public bool CanReleaseReport(string reportId)
{
return true;
}
public bool CanReadExportedDocument(string exportedDocumentId)
{
return ExportedDocumentIdOwnerMap.TryGetValue(exportedDocumentId, out var ownerId)
&& ownerId == UserService.GetCurrentUserId();
}
#endregion
}
}
Register the service on application start. The following code registers three services which implement access check in our example:
public class Startup {
// ...
public void ConfigureServices(IServiceCollection services) {
// ...
services.AddScoped<IWebDocumentViewerAuthorizationService, DocumentViewerAuthorizationService>();
services.AddScoped<WebDocumentViewerOperationLogger, DocumentViewerAuthorizationService>();
services.AddScoped<IExportingAuthorizationService, DocumentViewerAuthorizationService>();
// ...
}
// ...
}