I’m currently creating a proof-of-concept for a new WiseJ application for a customer.
The application uses much reports created by the DevExpress reporing suite.
Once a report should be displayed it’s intended to display them in a DevExpress ReportViewer in a new browser tab.
Because I understood it’s not possible to share any data between sessions/browser tabs I tried to create a sub application for viewing the reports and call the sub application using some URL arguments.
But the downside is that this URL would be enable others to also view these reports. Because visibility of reports should be restricted by e.g. role memberships I don’t know how to “tell” the new session for the report viewer which roles the currently logged-in user has and if he/she is currently authenticated …
Is there a good way to handle such scenarios ? I already thought about storing some information in the local storage but I think this is not the best place for storing sensitive information…
Another PC or another browser on the same PC will have a different client id. Using the new Application.Clients you can also see all the clients using the app and for each client you can see how many sessions and the list of browsers used by that client (could be useful for a monitoring app).
thanks for your feedback. I thought about using cookies or localstorage but as far as I know this would require additional security efforts since I currently only save the user-id in the Application Session for subsequent database access after successful authentication.
Maybe I can use a global static key-value-store on the server/database with Application.ClientId and e.g. the roles of the logged on user ? Do you think this is a reliable way to use ? Using this approch a second WiseJ application in a new tab should have the same ClientId and could read the value from the server, right ? Using the URL on other PCs would not be able to view the report because the ClientId is not set and the check for it would fail…
Wisej sessions cannot be shared among browser tabs. It’s a single page application and different tabs using the same session would make a mess. We have a sharing system for the infinite session feature but in that case the tabs are kept in sync by Wisej. In any case you cannot show form1 on tab1 and form2 on tab2 using the same session.
You can share information between tabs using 1) cookies or 2) browser’s local storage, or 3) a custom session repository using the new Application.ClientId.
About point 3, it just occurred to me that since we have this new client id identifying the client (browser) instead of the session (see also Application.Clients) we could actually add a Application.ClientStorage object similar to the Application.Session but isolated by client and not by session. Could be a good enhancement.
To use Application.Browser.LocalStorage see https://docs.wisej.com/docs/controls/general/application#browser-storage. You can access cookies, local and session storage without a page reload. This would allow you to start a “reporting” session “linked” to the user session. You can also use sub-applications to have a different entry point.
Could transfering a session token be used to access the Session variables of the call WiseJ application:
Application.Session[“myID”] = “4711”;
void IWisejHandler.ProcessRequest(HttpContext context)
// do something with Application.Session[“myID”]
I tried this but ProcessRequest seems not to get called ?
The included sample was targeted for opening an aspx page in a new tab.
If you are opening a Wisej tab, it’s entirely up to you to integrate the authentication method you want. You can for example authenticate the user from that new page, or pass a session token that can be used to validate the authenticity of the user.
Also, the DevExpress ReportViewer should be able to be integrated in the standard AspNetPanel control.
You can authenticate within the Wisej application by implementing IWisejHandler on a Page.
It allows the user to register a postback url and process / serve documents within it using the ProcessRequest handler, you can find more about it here: IWisejHandler – Wisej API
I have attached a small sample that demonstrates how you can implement it.
Let me know if you need anything.
Please login first to submit.