Unable to view Stimulsoft reports #4045

panic created 6 years ago

Hello, I have installed stimulsoft trial for Asp.net Core, and I cannot view a simple report in my web application (.Net Core Core MPA, JQuery). When the page starts loading, the report viewer throws "bad request 400" when it comes to call action GetReport of the controller. see images below. The same report shows ok in a new asp .net core web application. Any ideas? I suspect it may have to do with the json naming or something. Many thanks.

15 Answer(s)

0

ismcagdas created 6 years ago
Support Team

Hi @Panic,

It might be related to anti forgery token. You can check exact error message on Logs.txt file under your web project.

panic created 6 years ago

Hello ismcagdas, Thank you for your prompt reply. I think you are right. Please have a look below from the logs.txt: There is a [AntiforgeryValidationException: The required antiforgery header value "X-XSRF-TOKEN" is not present]. Can you advice how to overcome this? The stimulsoft report viewer takes the controller and the action as arguments to make the call... Thank you.

<div class="row">
            @Html.Stimulsoft().StiNetCoreViewer("NetCoreViewer1", new StiNetCoreViewerOptions() {
                Server =
                    {
                        Controller = "Reports"                        
                    },
                Actions =
                    {
                        GetReport = "GetReport",
                        ViewerEvent = "ViewerEvent"
                    }
       })
        </div>

INFO  2017-10-15 22:30:44,046 [4    ] soft.AspNetCore.Hosting.Internal.WebHost - Request starting HTTP/1.1 POST http://localhost:62114/App/Reports/GetReport text/plain;charset=UTF-8 82
INFO  2017-10-15 22:30:44,050 [4    ] tion.Cookies.CookieAuthenticationHandler - AuthenticationScheme: Identity.Application was successfully authenticated.
INFO  2017-10-15 22:30:44,061 [3    ] uthorization.DefaultAuthorizationService - Authorization was successful for user: admin.
INFO  2017-10-15 22:30:44,062 [3    ] idateAntiforgeryTokenAuthorizationFilter - Antiforgery token validation failed. The required antiforgery header value "X-XSRF-TOKEN" is not present.
Microsoft.AspNetCore.Antiforgery.AntiforgeryValidationException: The required antiforgery header value "X-XSRF-TOKEN" is not present.
   at Microsoft.AspNetCore.Antiforgery.Internal.DefaultAntiforgery.<ValidateRequestAsync>d__9.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.AspNetCore.Mvc.ViewFeatures.Internal.ValidateAntiforgeryTokenAuthorizationFilter.<OnAuthorizationAsync>d__3.MoveNext()
INFO  2017-10-15 22:30:44,062 [3    ] ore.Mvc.Internal.ControllerActionInvoker - Authorization failed for the request at filter 'Abp.AspNetCore.Mvc.Antiforgery.AbpAutoValidateAntiforgeryTokenAuthorizationFilter'.
INFO  2017-10-15 22:30:44,062 [3    ] icrosoft.AspNetCore.Mvc.StatusCodeResult - Executing HttpStatusCodeResult, setting HTTP status code 400
INFO  2017-10-15 22:30:44,062 [3    ] ore.Mvc.Internal.ControllerActionInvoker - Executed action MyAssetMan.Web.Areas.App.Controllers.ReportsController.GetReport (MyAssetMan.Web.Mvc) in 1.4038ms
INFO  2017-10-15 22:30:44,062 [3    ] soft.AspNetCore.Hosting.Internal.WebHost - Request finished in 15.7943ms 400

panic created 6 years ago

Hello ismcagdas, I have managed to overcome this error by decorating the controller action with [IgnoreAntiforgeryToken]. Can you confirm that this is the best approach or else do you recommend something else? Thank you.

[IgnoreAntiforgeryToken] – Disables the Antiforgery validation in a specific action or controller. For example, you might add the Antiforgery validation globally or to an entire controller class, but you might still want to ignore the validation in specific actions.

aaron created 6 years ago

Support Team

Preferably, add this in your _Layout.cshtml or view:

@{
    SetAntiForgeryCookie();
}

Alternatively, intercept XMLHttpRequest - ajax only:

(function (send) {
    XMLHttpRequest.prototype.send = function (data) {
        this.setRequestHeader(abp.security.antiForgery.tokenHeaderName, abp.security.antiForgery.getToken());
        return send.call(this, data);
    };
})(XMLHttpRequest.prototype.send);

0

ismcagdas created 6 years ago
Support Team

Hi @Panic,

As @aaron suggested, disabling it is not a good way. If STIMULSOFT REPORTS supports custom headers, you can add anti forgery token to your requests.

panic created 6 years ago

Hello Aaron, Thank you for your suggestion. However, please note that the command to set cookie [ AbpAntiForgeryManager.SetCookie(Context); ] is already included in my _layout file, as you see in the code below. Are there any other options to set using the AbpAntiForgeryManager to confront this problem? Regards.

@using System.Globalization
@using System.Threading.Tasks
@using Abp.MultiTenancy
@using MyAssetMan.Features
@using MyAssetMan.Timing
@using MyAssetMan.Web.Areas.App.Views.Shared.Components.AppFooter
@using MyAssetMan.Web.Areas.App.Views.Shared.Components.AppHeader
@using MyAssetMan.Web.Areas.App.Views.Shared.Components.AppSideBar
@using MyAssetMan.Web.Resources
@using Abp.Web.Security.AntiForgery
@using MyAssetMan.Chat.SignalR
@using MyAssetMan.Url
@using MyAssetMan.Web.Session
@using CultureHelper = MyAssetMan.Localization.CultureHelper
@inject ScriptPaths ScriptPaths
@inject AppTimes AppTimes
@inject IAbpAntiForgeryManager AbpAntiForgeryManager
@inject IWebUrlService WebUrlService
@inject IPerRequestSessionCache SessionCache
@{
    AbpAntiForgeryManager.SetCookie(Context);

    var isChatEnabled = SignalRFeature.IsAvailable && (AbpSession.MultiTenancySide == MultiTenancySides.Host || IsFeatureEnabled(AppFeatures.ChatFeature));
}

<!DOCTYPE html>
<html lang="en" @(CultureHelper.IsRtl ? "dir=\"rtl\"" : "")>
<head>
    <title>MyAssetMan</title>
    <meta charset="utf-8" />

    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta content="width=device-width, initial-scale=1" name="viewport" />
    <meta content="" name="description" />
    <meta content="" name="author" />

0

ismcagdas created 6 years ago
Support Team

Hi @Panic,

You need to intercept the request of your reporting tool to add anti forgery token. You should ask Stimulsoft how to do it. You can probably find how to intercept Stimulsoft reports's request on their documentation page.
0

panic created 6 years ago

Hello ismcagdas, Certaintly I will submit a support ticket to Stimulsoft to see from their side what they suggest. Thank you very much for your help. Good day.
0

Mitch created 6 years ago

Hi

Did you get an answer to this problem from Stimulsoft?

I'm about to start using Stimulsoft reports with ASP Net Zero and I'm probably going to hit the same issue.

Many thanks
0

Mitch created 6 years ago

Just to confirm, I'm getting the same problem. Here's my logs.

INFO 2018-04-19 23:14:46,717 [13 ] idateAntiforgeryTokenAuthorizationFilter - Antiforgery token validation failed. The required antiforgery request token was not provided in either form field "__RequestVerificationToken" or header value "X-XSRF-TOKEN". Microsoft.AspNetCore.Antiforgery.AntiforgeryValidationException: The required antiforgery request token was not provided in either form field "__RequestVerificationToken" or header value "X-XSRF-TOKEN". at Microsoft.AspNetCore.Antiforgery.Internal.DefaultAntiforgery.<ValidateRequestAsync>d__9.MoveNext() --- End of stack trace from previous location where exception was thrown ---
0

ismcagdas created 6 years ago
Support Team

Hi @Mitch,

You can alwasy disable anti forgery token validation but it must be the last choice. Could you share your code Stimulsoft reports ? We don't have any knowledge about Stimulsoft reports but we can take a look.

panic created 5 years ago

Hello, After contacting StimulSoft, I provided a sample project, and they found a solution for this problem. In the Report Viewer cshtml file, please add the below code to intercept and manually add antiforgery token:

<script>

    jsstiMvcViewer.openConnection = function (http, url, responseType) {
    
    http.open("POST", url);
    http.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
    http.responseType = responseType ? responseType : "text";
    http.setRequestHeader(abp.security.antiForgery.tokenHeaderName, abp.security.antiForgery.getToken());
}

</script>

0

ismcagdas created 5 years ago
Support Team

Thanks a lot @Panic :)
0

Mitch created 5 years ago

Hi @Panic

I'm finally getting around to using the Stimulsoft Reports with ANZ.

I've installed the Nuget for Stimulsoft Reports and created a Test cshtml Page and associated Controller, but everytime I run it I get Uncaught ReferenceError: StiJsViewer is not defined.

I'm already setting the entire ReportsController with [IgnoreAntiforgeryToken] just to be sure that isn't an issue.

I've asked Stimulsoft if they could help but they've asked me to send the project for them to look at. I'm a bit reluctant to send them an entire ANZ project as it seems overkill just for this small issue.

Have you ever had "Uncaught ReferenceError: StiJsViewer is not defined" when using with ANZ. If not, are there any setup gotchas that I might be missing when trying to get Stimulsoft and ANZ to play nicely.

Many thanks

Mitch
0

Mitch created 5 years ago

@Panic

Not to worry, I've resolved the issue. You just need to ensure the Controller for the reports isn't created in the Areas/App/Controllers folder but the /Controllers folder instead.

The required js files do not seem to be available from Areas/App/Controllers. I'm not sure why and I haven't got time to investigate, but at least it now works.

Have an answer to this question? Log in and write your answer.