i have tried rotativa , pdfgenerator, seems emulate browser, or that.
the issue view can saw authenticated users.
how can prevent not authenticated users accessing pdf?
an example of code using is:
[allowoperationsonly] public actionresult pdfreport(datetime date) { return new rotativa.actionaspdf("report", date); } [httpget] [allowoperationsonly] public actionresult report(datetime date) { // code... return view(); } the resulting pdf page users redirected when not authenticated.
decorate actions want allow authenticated users access [authorize] attribute:
[allowoperationsonly] [authorize] public actionresult pdfreport(datetime date) { return new rotativa.actionaspdf("report", date); } [httpget] [allowoperationsonly] [authorize] public actionresult report(datetime date) { // code... return view(); } the [authorize] attribute supports sorts of additional overloads allow define specifics such roles or users want allow access decorated action / controller if needed.
regarding rotativa
based on this seemingly related github issue, looks may have explicitly pass through authentication tokens or cookie information rotativa in order work expected:
return new rotativa.actionaspdf("report") { formsauthenticationcookiename = system.web.security.formsauthentication.formscookiename, cookies = cookies }; several other resolutions recommend trying viewaspdf() method instead, may avoid authentication issue (assuming use [authorize] attribute handle within application , serve pdf:
[allowoperationsonly] public actionresult pdfreport(datetime date) { return new rotativa.viewaspdf("report", date); } 
Comments
Post a Comment