How to set authorization in the request of webApi

Answered

Hello! In our application we use webApi, where in all requests we need to pass a token in the Authorization attribute of the request. I wonder if there is a way to pass this tribute
 
Exemple of request with authorization header 

 $.ajax(
{
type: "GET",
url: "localhost:8001/Controller/Method",
headers: {
'Authorization': 'limited ' + limitedGuid,
'Accept-Language': 'pt-BR;q=0.6,pt;q=0.4'
},
dataType: "json"
})
.success(function(data) { })

But in FlexMonster I can only pass the url
 

cubeOptions.dataSource = {
dataSourceType: "ocsv",
/* URL to the Data Compressor .NET */
filename: "localhost:8001/Cube/GetCube?cubeId=1"
}

 

5 answers

Public
Tanya Gryshko Flexmonster November 1, 2017

Hello, Cleyton,
Thank you for writing on our support forum.
It is not possible to pass an authorization header in Flexmonster. We recommend specifying all the necessary parameters via filename property. For example, you have already specified cubeId=1 in your URL. Authorization and Accept-Language may be passed here as well. Then you can parse these parameters on the server side and use them. The security of using this approach is the same as for authorization headers.
Please let me know if the above approach is helpful.
Regards,
Tanya

Public
arming tan 3 days ago

hi Tanya,
  this demo Custom request headers for XMLA  show how to set custom request header with iccube datasource.
  but can not work with remote json or csv URL. 
  is it a  technical problem or business problem?
  specify authorization token as URL parameter is not security, because it can be easily interrupted even with https protocol, this is why we put the jwt token in HTTP headers.
 

Public
Iryna Kulchytska Flexmonster 3 days ago

Hi Arming Tan,
 
Thank you for your question.
 
Right now there is no option to add custom request header in the component for JSON or CSV data requests. We are considering adding this option in future.
 
Meanwhile, I would like to suggest you the approach when you load JSON to the web page separately and then pass loaded JSON data to the Flexmonster component as inline JSON. Here is an example of how to build a pivot table based on inline JSON data: http://jsfiddle.net/flexmonster/pz431qp5/
 
Please let me know if this approach can work for you.
 
Kind regards,
Iryna

Public
arming tan 2 days ago

Hi Iryna ,
    thanks to response the question.
    so, I should use Flexmonster Data Compressor to load SQL data,  then put it to Flexmonster component as inline JSON data.
   https://www.flexmonster.com/blog/increase-the-level-of-your-data-security-with-flexmonster-pivot-table/  describe how using the username and password to protect, but the precondition has to use https. it limits scenario when having no https, or I have to give up Flexmonster Data Compressor.   this gives me a dilemma.
  BTW, the demo Custom request headers for XMLA  actually not work, it uses jquery ajaxSend to interrupt ajax send call, but never be trig, then custom request header x-my-custom-header not be added.
 
 

Public
Dmytro Zvazhii Flexmonster 2 days ago

Hello Arming Tan,
Thank you for your feedback.
There was a little misunderstanding. If you are using Flexmonster Data Compressor to load SQL data there is no need to convert it to inline JSON. You can stream the compressed data directly to the Pivot component.

The article about data security with flexmonster is not relevant to your case. This article describes the security approach used when working with the Flexmonster Accelerator Tool. The accelerator tool is a special server-side proxy between OLAP cube and Flexmonster Pivot component. It has to be run as a separate instance near the cube server. Your case is different. Flexmonster Data Compressor is a server-side library which can be used in your ASP.NET project. In such case, you can manage the access to your controllers on your own.

Currently, custom request header is not supported in our component. Therefore we recommend using alternative approaches. As a workaround, you can implement the controller which streams the compressed data. The client can access such controller only if the session is still valid and not closed. 

Please let us know if you have any other question.
Regards,
Dmytro

Please login or Register to Submit Answer