locked
Clients getting reports meant for another client, seems to be some caching in play RRS feed

  • Question

  • User831968389 posted

    Hi,

    I've integrated the 2016 reportviewer into an mvc app, i did that initially with ReportViewerForMvc tweaked manually to use the 2016 version, i've now gone away from using that framework after discovering that when some users where pulling reports they could sometimes get another users report, but i still want to be sure that no one else has had this issue.

    The way it works is when the user loads the page a clientuid gets passed down into the reportcontrol as a parameter, which is then used in all database requests in the reports, that shouldn't really cause any issue,

    but what happens sometimes(and only sometimes, there was up to 30 requests from different clients every minute until the viewer was disabled) is that when another user within 1-2 minute accesses the same report they get the other users report.

    Does anyone know a way of securing it so there wont be a chance of getting reports from another session?

    Tuesday, December 5, 2017 8:33 AM

All replies

  • User347430248 posted

    Hi oliverholret...,

    can you post the code.

    it will give us the exact idea about what you are doing in your code.

    with only description of the issue, it is hard to find the cause.

    if you post the code then we can try to check the code and try to find the solution for the issue.

    Thanks for your understanding.

    Regards

    Deepak

    Wednesday, December 6, 2017 2:57 AM
  • User831968389 posted

    Hi Deepak, 

    Here's the code:

    ReportViewerWebForm.aspx.cs:

    [SessionStateActionFilter] 
    // Checks if the user is logged in, redirects it to login if not.
    public partial class ReportViewerWebForm : System.Web.UI.Page
    {
        protected void Page_Load(object sender, EventArgs e)
        {
            if (!IsPostBack)
            {
                var reportViewer = ReportViewer1;
                reportViewer.ProcessingMode = ProcessingMode.Remote;
                reportViewer.ZoomMode = ZoomMode.FullPage;
                reportViewer.Width = Unit.Percentage(100);
                reportViewer.Height = Unit.Percentage(100);
                reportViewer.ServerReport.ReportServerCredentials = new ReportServerCredentials("{{USERNAME}}", "{{PASSWORD}}", "");
                reportViewer.ServerReport.ReportServerUrl = new Uri("http://{{IPAddress}}:80/ReportServer");
                reportViewer.ServerReport.ReportPath = "/Reports/" + Request.QueryString["url"].ToString();
                reportViewer.ServerReport.SetParameters(new ReportParameter("ClientUID", UserSession.ClientUid.ToString())); // UserSession is a static class with a bunch of methods calling some Session objects which are populated on login.
                
            }
        }
        private class ReportServerCredentials : IReportServerCredentials
        {
            private string _userName;
            private string _password;
            private string _domain;
            public ReportServerCredentials(string userName, string password, string domain)
            {
                _userName = userName;
                _password = password;
                _domain = domain;
            }
            public WindowsIdentity ImpersonationUser
            {
                get
                {
                    // Use default identity.
                    return null;
                }
            }
            public ICredentials NetworkCredentials
            {
                get
                {
                    // Use default identity.
                    return new NetworkCredential(_userName, _password, _domain);
                }
            }
            public bool GetFormsCredentials(out Cookie authCookie, out string user, out string password, out string authority)
            {
                // Do not use forms credentials to authenticate.
                authCookie = null;
                user = password = authority = null;
                return false;
            }
        }
    }

    ReportViewerWebForm.aspx:

    <%@ Page Language="C#" AutoEventWireup="true" CodeBehind="ReportViewerWebForm.aspx.cs" Inherits="BaseSystem.ReportViewerWebForm" %>
    <%@ Register Assembly="Microsoft.ReportViewer.WebForms, Version=11.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" Namespace="Microsoft.Reporting.WebForms" TagPrefix="rsweb" %>
    
    <!DOCTYPE html>
    
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head runat="server">
        <title></title>
        <link href="/Content/Application/Dashboard/Reports/ReportsV2.css" rel="stylesheet" />
    </head>
    <body style="margin: 0px; padding: 0px;">
        <form id="form1" runat="server">
            <rsweb:ReportViewer ID="ReportViewer1" runat="server"></rsweb:ReportViewer>
        </form>
    </body>
    </html>
    Wednesday, December 6, 2017 11:43 AM
  • User475983607 posted

    i've now gone away from using that framework after discovering that when some users where pulling reports they could sometimes get another users report, but i still want to be sure that no one else has had this issue.

    The most common reason for this issue is storing data in static variables.  Static variables are single memory locations shared by every user on the site.  The last user to update a static variable wins and all other users see the same value.

    Wednesday, December 6, 2017 12:40 PM
  • User831968389 posted

    Static variables are single memory locations shared by every user on the site. 

    Here's how the UserSession.ClientUid works, i don't see how that would create an issue, it's retrieving from the current session every time it gets.

    public static Guid ClientUid
    {
        get
        {
            try
            {
                return Guid.Parse(HttpContext.Current.Session[Constants.CLIENT_UID].ToString());
            }
            catch
            {
                return Guid.Empty;
            }
        }
        set { HttpContext.Current.Session[Constants.CLIENT_UID] = value; }
    }
    

    This way has been working for 2+ years, it's only the reporting that's been implemented where it fails

    Wednesday, December 6, 2017 2:03 PM
  • User-1078523477 posted

    I am getting the same issue, any help is appreciated

    Friday, January 17, 2020 5:52 PM
  • User475983607 posted

    I am getting the same issue, any help is appreciated

    This is a coding bug.  Commonly due to using a static variable.  You'll need to review your code.  The community can only view code that you share.

    Friday, January 17, 2020 6:10 PM
  • User-1078523477 posted

    Hi,

    Thank you for the reply.

    I am getting the last generated report with /ReportViewerWebForm.aspx from any client. How can I solve this issue.

    Saturday, January 18, 2020 3:45 PM
  • User475983607 posted

    I am getting the last generated report with /ReportViewerWebForm.aspx from any client. How can I solve this issue.

    As stated several times, the usual culprits are static variables or caching.  Share your code or enough code to reproduce this issue.  The community will review your code and provide feedback. 

    Saturday, January 18, 2020 4:05 PM
  • User1124755398 posted
    Hi oliverholretz,

    You mentioned that you went away from using the ReportViewerForMVC framework. What did you end up doing? I'm getting the same issue when the user opens two different reports in different browser tabs.
    Tuesday, April 28, 2020 3:38 PM