ContextQMD
Back to Devexpress

Ensure Safe Loading of Reports (WPF)

xtrareports-119160-desktop-reporting-common-features-security-wpf-reporting-application-security-ensure-safe-loading-of-reports.md

latest3.6 KB
Original Source

Ensure Safe Loading of Reports (WPF)

  • Aug 18, 2023
  • 2 minutes to read

This topic describes how to allow users to load only secure reports in WPF reporting applications.

When a user attempts to load a potentially unsafe report, End-User Report Designer for WPF displays the following warning:

A report is considered unsafe if it (or in any of its subreports) contains any of the following:

Important

If you have not yet done so, be sure to review the following help topic: DevExpress Reporting - Security Considerations.

The following code prevents users from being able to load unsafe reports:

csharp
public partial class MainWindow : System.Windows.Window {
    public MainWindow() {
        InitializeComponent();
        DevExpress.XtraReports.Configuration.Settings.Default.UserDesignerOptions.ReportLoadingRestrictionLevel =
DevExpress.XtraReports.UI.RestrictionLevel.Disable;
    }
}
vb
Partial Public Class Application
    Inherits System.Windows.Application
    ' ...
    Public Sub InitializeComponent()
        DevExpress.XtraReports.Configuration.Settings.Default.UserDesignerOptions.ReportLoadingRestrictionLevel = _
           DevExpress.XtraReports.UI.RestrictionLevel.Disable
           ' ...
    End Sub
' ...
End Class

The code above displays the error message when the user attempts to load a potentially unsafe report.

In a restricted environment, when all reports are guaranteed to be safe, you can disable this warning and allow end-users to load any report by setting the UserDesignerOptions.ReportLoadingRestrictionLevel property to RestrictionLevel.Enable.

The following code lets you determine whether a report is considered unsafe, and displays detected security warnings in the Output window:

csharp
var traceSource = DevExpress.XtraPrinting.Tracer.GetSource("DXperience.Reporting", 
    System.Diagnostics.SourceLevels.Error | System.Diagnostics.SourceLevels.Warning);
var listener = new System.Diagnostics.DefaultTraceListener();
traceSource.Listeners.Add(listener);
try {
    new XtraReport1().ShowRibbonDesignerDialog();
} finally {
    traceSource.Listeners.Remove(listener);
}
vb
Dim traceSource = DevExpress.XtraPrinting.Tracer.GetSource("DXperience.Reporting", _ 
    System.Diagnostics.SourceLevels.[Error] Or System.Diagnostics.SourceLevels.Warning)
Dim listener = New System.Diagnostics.DefaultTraceListener()
traceSource.Listeners.Add(listener)
Try
    New XtraReport1().ShowRibbonDesignerDialog()
Finally
    traceSource.Listeners.Remove(listener)
End Try