How to set authorization in the request of webApi

Answered

Hello! In our application we use webApi, where in all requests we need to pass a token in the Authorization attribute of the request. I wonder if there is a way to pass this tribute
 
Exemple of request with authorization header 

 $.ajax(
{
type: "GET",
url: "localhost:8001/Controller/Method",
headers: {
'Authorization': 'limited ' + limitedGuid,
'Accept-Language': 'pt-BR;q=0.6,pt;q=0.4'
},
dataType: "json"
})
.success(function(data) { })

But in FlexMonster I can only pass the url
 

cubeOptions.dataSource = {
dataSourceType: "ocsv",
/* URL to the Data Compressor .NET */
filename: "localhost:8001/Cube/GetCube?cubeId=1"
}

 

9 answers

Public
Tanya Gryshko Flexmonster November 1, 2017

Hello, Cleyton,
Thank you for writing on our support forum.
It is not possible to pass an authorization header in Flexmonster. We recommend specifying all the necessary parameters via filename property. For example, you have already specified cubeId=1 in your URL. Authorization and Accept-Language may be passed here as well. Then you can parse these parameters on the server side and use them. The security of using this approach is the same as for authorization headers.
Please let me know if the above approach is helpful.
Regards,
Tanya

Public
arming tan June 21, 2018

hi Tanya,
  this demo Custom request headers for XMLA  show how to set custom request header with iccube datasource.
  but can not work with remote json or csv URL. 
  is it a  technical problem or business problem?
  specify authorization token as URL parameter is not security, because it can be easily interrupted even with https protocol, this is why we put the jwt token in HTTP headers.
 

Public
Iryna Kulchytska Flexmonster June 21, 2018

Hi Arming Tan,
 
Thank you for your question.
 
Right now there is no option to add custom request header in the component for JSON or CSV data requests. We are considering adding this option in future.
 
Meanwhile, I would like to suggest you the approach when you load JSON to the web page separately and then pass loaded JSON data to the Flexmonster component as inline JSON. Here is an example of how to build a pivot table based on inline JSON data: http://jsfiddle.net/flexmonster/pz431qp5/
 
Please let me know if this approach can work for you.
 
Kind regards,
Iryna

Public
arming tan June 22, 2018

Hi Iryna ,
    thanks to response the question.
    so, I should use Flexmonster Data Compressor to load SQL data,  then put it to Flexmonster component as inline JSON data.
   https://www.flexmonster.com/blog/increase-the-level-of-your-data-security-with-flexmonster-pivot-table/  describe how using the username and password to protect, but the precondition has to use https. it limits scenario when having no https, or I have to give up Flexmonster Data Compressor.   this gives me a dilemma.
  BTW, the demo Custom request headers for XMLA  actually not work, it uses jquery ajaxSend to interrupt ajax send call, but never be trig, then custom request header x-my-custom-header not be added.
 
 

Public
Dmytro Zvazhii Flexmonster June 22, 2018

Hello Arming Tan,
Thank you for your feedback.
There was a little misunderstanding. If you are using Flexmonster Data Compressor to load SQL data there is no need to convert it to inline JSON. You can stream the compressed data directly to the Pivot component.
The article about data security with Flexmonster describes the recommendations about data security.  Flexmonster Data Compressor is a server-side library which can be used in your ASP.NET project. In such case, you can manage the access to your controllers on your own. It is not mandatory to use Flexmonster Data Compressor only with HTTPS. You can use Flexmonster Data Compressor without configuring HTTPS.
Currently, custom request header is not supported in our component. Therefore we recommend using alternative approaches. As a workaround, you can implement the controller which streams the compressed data. The client can access such controller only if the session is still valid and not closed. 
Please let us know if you have any other question.
Regards,
Dmytro

Public
Dmytro Zvazhii Flexmonster June 25, 2018

Hello Arming Tan,
Thank you for reporting the problem with jsfiddle. We have double checked it again and found the reason. That jsffidle was made for the Flexmonster version 2.3 which uses jQuery. From the version 2.4 the component does not require jQuery, therefore the example is not relevant and such approach is not supported. 
Regards,
Dmytro

Public
arming tan June 26, 2018

Hi Dmytro,
   1. yes, use server session is an option when I load JSON/CSV data or SQL data. but personally, I’d prefer to user pure javascript client no session with CORS and OAuth token, In this scenario,  include Flexmonster Data Compressor as lib in my server code to implement server-side support,  but flexmonster client not supports custom header yet that means the client is the only bottleneck of multi options, right?
    2. I’m in the process of design and technology selection for my application.  I’m also trying the flexmonster Mondrian version.  can `flexmonster-proxy-mondrian.jar ` be a library in my server-side project?  
   3. https://github.com/wendux/Ajax-hook this GitHub repo can Hook Javascript global XMLHttpRequest object。And change the default Ajax request and response.  maybe it is a low-cost solution?

Public
Dmytro Zvazhii Flexmonster June 26, 2018

Hello Arming Tan,
Thank you for writing. Please find our answers below:

1,3. For now, the component does not support custom headers. We have already added this task to our backlog but the estimated time for it is not settled. In such case, we recommend trying the approach you described in paragraph 3 – https://github.com/wendux/Ajax-hook .

2. Speaking about ‘flexmonster-proxy-mondrian.jar’ , this library is a Java archive file. If you want to use it as a library in your project you need to switch from the ASP.NET to the Java technologies stack. The alternative approach is to start Flexmonster proxy for Mondrian as a separate server-side instance near the Mondrian instance. In such case, the proxy will handle the requests from the Flexmonster Pivot.

Please let us know if the information above was helpful for you.
Regards,
Dmytro

Public
Dmytro Zvazhii Flexmonster August 20, 2018

Hello,
We are glad to inform you that the custom headers are now available in Flexmonster for CSV and JSON data sources. Please note that you should update the component. More information about setting custom headers you can find in our docs: https://www.flexmonster.com/api/report-object/#request-header.
Regards,
Dmytro

Please login or Register to Submit Answer