ContextQMD
Back to Devexpress

Ensure Safe Loading of Reports (WinForms)

xtrareports-119159-desktop-reporting-common-features-security-winforms-reporting-application-security-ensure-safe-loading-of-reports.md

latest3.7 KB
Original Source

Ensure Safe Loading of Reports (WinForms)

  • Aug 18, 2023
  • 2 minutes to read

This topic describes how to allow users to load only secure reports in WinForms reporting applications.

End-User Report Designer (WinForms and WPF) displays the following warning when a user attempts to load a potentially unsafe report:

A report is considered unsafe if it or any of its subreports contain any of the following:

Important

If you have not yet done so, be sure to review the following help topic: DevExpress Reporting - Security Considerations.

The following code prevents users from loading unsafe reports:

csharp
static class Program {
    static void Main() {
        DevExpress.XtraReports.Configuration.Settings.Default.UserDesignerOptions.ReportLoadingRestrictionLevel =
    DevExpress.XtraReports.UI.RestrictionLevel.Disable;
    }
}
vb
Partial Friend Class MyApplication
    Public Sub New()
        MyBase.New(Global.Microsoft.VisualBasic.ApplicationServices.AuthenticationMode.Windows)
        DevExpress.XtraReports.Configuration.Settings.Default.UserDesignerOptions.ReportLoadingRestrictionLevel = _
            DevExpress.XtraReports.UI.RestrictionLevel.Disable
    End Sub
End Class

The code above displays the error message when the user attempts to load a potentially unsafe report.

In a restricted environment where all reports are guaranteed to be safe, you can disable this warning and allow users to load any report by setting the UserDesignerOptions.ReportLoadingRestrictionLevel property to RestrictionLevel.Enable.

The following code lets you determine whether a report is considered unsafe, and displays detected security warnings in the Output window:

csharp
var traceSource = DevExpress.XtraPrinting.Tracer.GetSource("DXperience.Reporting", 
    System.Diagnostics.SourceLevels.Error | System.Diagnostics.SourceLevels.Warning);
var listener = new System.Diagnostics.DefaultTraceListener();
traceSource.Listeners.Add(listener);
try {
    new XtraReport1().ShowRibbonDesignerDialog();
} finally {
    traceSource.Listeners.Remove(listener);
}
vb
Dim traceSource = DevExpress.XtraPrinting.Tracer.GetSource("DXperience.Reporting", _ 
    System.Diagnostics.SourceLevels.[Error] Or System.Diagnostics.SourceLevels.Warning)
Dim listener = New System.Diagnostics.DefaultTraceListener()
traceSource.Listeners.Add(listener)
Try
    New XtraReport1().ShowRibbonDesignerDialog()
Finally
    traceSource.Listeners.Remove(listener)
End Try