asked on September 24, 2020
Hi,
I'm using Flexmonster Accelerator (DLL) as a separate controller in my backend, frontend is Angular app.
As for Analysis Service, there is one instance with multiple databases/catalogs (multiple tenants). Each catalog has a cube named 'Document'.
As you can see, I need to fetch data from different catalogs, based on some value in JWT token that is sent from frontend in 'dataSource - customData' property.
public report: Flexmonster.Report = {
dataSource: {
dataSourceType: 'microsoft analysis services',
proxyUrl: 'https://localhost:44393/api/accelerator/',
cube: 'Document',
// catalog: 'Catalog_Name', // <-- This is set in API controller
customData: this.getJwtToken(),
binary: true,
},
};
I'm not setting 'catalog' property in frontend, since this should be set manually in API controller, based on some values in JWT token. If I set catalog name on frontend, it works.
Using this approach, I'm getting 'Request signature is not trusted or invalid' error, since request signature has changed.
Basically I want a logic in controller to looks like this:
public override void OnRequest(BaseArgs args)
{
Flexmonster.Accelerator.Controllers.FlexmonsterProxyController.ConnectionString = "Provider=MSOLAP.8;Integrated Security=SSPI;Persist Security Info=True;Data Source=<mySaInstance>;MDX Compatibility=1;Safety Options=0;MDX Missing Member Mode=Error;Update Isolation Level=2";
if (this.ValidateToken(args.customData))
{
args.catalog = "NAME_OF_CATALOG_BASED_ON_VALUE_IN_JWT_TOKEN";
base.OnRequest(args);
}
else
{
// dont process the request
}
}
I know I could just put [Authorization] filter on whole Accelerator controller and let ASP.NET handle token verification, but I want to do that manually, since I have to decode token and extract catalog name from it.
Another question I have. How to cancel request based on same flag in JWT token? Even If I don't call 'base.OnRequest(args)', request is still executed?
⋅ September 25, 2020
Hello,
Thank you for reaching out to us.
We want to explain that Flexmonster Accelerator validates every request based on the client's particular signature. The signature itself is generated based on the request body. Suppose the request body (in your case, the catalog property) is modified before accessing Flexmonster Accelerator. In that case, the validation will fail, and the following error will occur: Request signature is not trusted or invalid.
We recommend using the following workaround to overcome this limitation.
Before trying to connect to the Accelerator, retrieve the catalog name using an additional GET request. This request should send the same JWT token and obtain the corresponding catalog name. Next, complement the dataSource object with an appropriate catalog property and establish a connection to the Accelerator. In this case, the request body does not need to be changed after it is sent.
If the described approach does not fit your case for some reason, we could add the feature that would allow disabling the built-in validation to our backlog. In this case, the validation process should be implemented manually (for example, using the mentioned JWT tokens).
Please note that it may take some time to introduce the feature.
Please let us know which option is better for you.
Our team is looking forward to hearing your response.
Concerning the possibility of canceling the request.
To cancel the request, override one or more functions responsible for generating responses. For example, it is possible to override the DiscoverDimensions method provided by the Accelerator.
The structure of the overwritten method should be similar to the following:
If the JWT token meets expectations, call the initial method from the superclass, and generate the corresponding response. Otherwise, decline the request within the overwritten method.
We sure hope it works for you.
Do not hesitate to contact us if further questions on this matter arise.
Kind regards,
Illia
⋅ October 5, 2020
Hello,
Our team is wondering whether our recent suggestions were helpful for your case.
We would also like to ask if the proposed workaround to manage the catalog name works for you.
We are looking forward to hearing from you.
Regards,
Illia
⋅ October 19, 2020
Hello,
We want to take an interest in whether our suggestions were helpful for your case.
Our team is looking forward to your feedback.
Best regards,
Illia