public static ReportWithRlsEmbeddingData GetReportWithRlsEmbeddingData()
{
var userName = "******";
PowerBIClient pbiClient = TokenManager.GetPowerBiAppOnlyClient();
var report = pbiClient.Reports.GetReportInGroup(workspaceId, reportWithRlsId);
var datasetId = report.DatasetId;
var embedUrl = "https://app.powerbi.com/reportEmbed";
var reportName = report.Name;
GenerateTokenRequest tokenRequestAllData =
new GenerateTokenRequest(accessLevel: "view",
identities: new List <EffectiveIdentity> {
new EffectiveIdentity(username: userName,
datasets: new List <string> {
datasetWithRlsId.ToString()
},
roles: new List <string> {
"All Data"
})
});
string embedTokenAllData = pbiClient.Reports.GenerateTokenInGroup(workspaceId, reportWithRlsId, tokenRequestAllData).Token;
EffectiveIdentity identityWesternSales = new EffectiveIdentity(username: userName, roles: new List <string> {
"Western Region"
}, datasets: new List <string> {
datasetWithRlsId.ToString()
});
GenerateTokenRequest tokenRequestWesternSales = new GenerateTokenRequest("view", null, identities: new List <EffectiveIdentity> {
identityWesternSales
});
string embedTokenWesternSales = pbiClient.Reports.GenerateTokenInGroup(workspaceId, report.Id, tokenRequestWesternSales).Token;
EffectiveIdentity identityCentralSales = new EffectiveIdentity(username: userName, roles: new List <string> {
"Central Region"
}, datasets: new List <string> {
datasetWithRlsId.ToString()
});
GenerateTokenRequest tokenRequestCentralSales = new GenerateTokenRequest(accessLevel: "view", datasetId: datasetId, identities: new List <EffectiveIdentity> {
identityCentralSales
});
string embedTokenCentralSales = pbiClient.Reports.GenerateTokenInGroup(workspaceId, report.Id, tokenRequestCentralSales).Token;
EffectiveIdentity identityEasternSales = new EffectiveIdentity(userName, roles: new List <string> {
"Eastern Region"
}, datasets: new List <string> {
datasetWithRlsId.ToString()
});
GenerateTokenRequest tokenRequestEasternSales = new GenerateTokenRequest(accessLevel: "view", datasetId: datasetId, identities: new List <EffectiveIdentity> {
identityEasternSales
});
string embedTokenEasternSales = pbiClient.Reports.GenerateTokenInGroup(workspaceId, report.Id, tokenRequestEasternSales).Token;
EffectiveIdentity identityCombo = new EffectiveIdentity(userName, roles: new List <string> {
"Central Region", "Eastern Region"
}, datasets: new List <string> {
datasetWithRlsId.ToString()
});
GenerateTokenRequest tokenRequestCombo = new GenerateTokenRequest(accessLevel: "view", datasetId: datasetId, identities: new List <EffectiveIdentity> {
identityCombo
});
string embedTokenCombo = pbiClient.Reports.GenerateTokenInGroup(workspaceId, report.Id, tokenRequestCombo).Token;
return(new ReportWithRlsEmbeddingData {
reportId = report.Id.ToString(),
reportName = reportName,
embedUrl = embedUrl,
embedTokenAllData = embedTokenAllData,
embedTokenWesternSales = embedTokenWesternSales,
embedTokenCentralSales = embedTokenCentralSales,
embedTokenEasternSales = embedTokenEasternSales,
embedTokenCombo = embedTokenCombo
});
}
public async Task <EmbedConfig> GetReportEmbedConfigAsync(int userId, string username, string roles, string reportId)
{
var model = (EmbedConfig)CachingProvider.Instance().GetItem($"PBI_{Settings.PortalId}_{Settings.SettingsId}_{userId}_{Thread.CurrentThread.CurrentUICulture.Name}_Report_{reportId}");
if (model != null)
{
return(model);
}
model = new EmbedConfig();
// Get token credentials for user
var getCredentialsResult = await GetTokenCredentials();
if (!getCredentialsResult)
{
// The error message set in GetTokenCredentials
model.ErrorMessage = "Authentication failed.";
return(model);
}
// Create a Power BI Client object. It will be used to call Power BI APIs.
using (var client = new PowerBIClient(new Uri(Settings.ApiUrl), tokenCredentials))
{
// Get a list of reports.
var reports = await client.Reports.GetReportsInGroupAsync(Guid.Parse(Settings.WorkspaceId)).ConfigureAwait(false);
// No reports retrieved for the given workspace.
if (reports.Value.Count() == 0)
{
model.ErrorMessage = "No reports were found in the workspace";
}
var report = reports.Value.FirstOrDefault(r => r.Id.ToString().Equals(reportId, StringComparison.InvariantCultureIgnoreCase));
if (report == null)
{
model.ErrorMessage = "No report with the given ID was found in the workspace. Make sure ReportId is valid.";
}
//Delete bookmarks is report is modified
CheckBookmarks(report, Settings.PortalId);
// Generate Embed Token for reports without effective identities.
GenerateTokenRequest generateTokenRequestParameters;
// This is how you create embed token with effective identities
if (!string.IsNullOrWhiteSpace(username))
{
// Check if the dataset has effective identity required
// var dataset = await client.Datasets.GetDatasetAsync(report.DatasetId).ConfigureAwait(false);
// The line above returns an unauthorization exception when using "Service Principal" credentials. Seems a bug in the PowerBI API.
var dataset = client.Datasets.GetDatasets(Guid.Parse(Settings.WorkspaceId)).Value.FirstOrDefault(x => x.Id == report.DatasetId);
if (dataset != null &&
(dataset.IsEffectiveIdentityRequired.GetValueOrDefault(false) || dataset.IsEffectiveIdentityRolesRequired.GetValueOrDefault(false)) &&
!dataset.IsOnPremGatewayRequired.GetValueOrDefault(false))
{
var rls = new EffectiveIdentity(username, new List <string> {
report.DatasetId
});
if (!string.IsNullOrWhiteSpace(roles) && dataset.IsEffectiveIdentityRolesRequired.GetValueOrDefault(false))
{
var rolesList = new List <string>();
rolesList.AddRange(roles.Split(','));
rls.Roles = rolesList;
}
// Generate Embed Token with effective identities.
generateTokenRequestParameters = new GenerateTokenRequest(accessLevel: "view", identities: new List <EffectiveIdentity> {
rls
});
}
else
{
generateTokenRequestParameters = new GenerateTokenRequest(accessLevel: "view");
}
}
else
{
// Generate Embed Token for reports without effective identities.
generateTokenRequestParameters = new GenerateTokenRequest(accessLevel: "view");
}
var tokenResponse = await client.Reports.GenerateTokenInGroupAsync(Guid.Parse(Settings.WorkspaceId), report.Id, generateTokenRequestParameters).ConfigureAwait(false);
if (tokenResponse == null)
{
model.ErrorMessage = "Failed to generate embed token.";
}
// Generate Embed Configuration.
model.EmbedToken = tokenResponse;
model.EmbedUrl = report.EmbedUrl;
model.Id = report.Id.ToString();
model.ContentType = "report";
CachingProvider.Instance().Insert($"PBI_{Settings.PortalId}_{Settings.SettingsId}_{userId}_{Thread.CurrentThread.CurrentUICulture.Name}_Report_{reportId}", model, null, DateTime.Now.AddSeconds(60), TimeSpan.Zero);
}
return(model);
}
// register application as native.
public async Task <ActionResult> TestReport(string username, string roles)
{
string GroupId = "me";
string ReportId = "0400c967-973f-43ad-9959-1868e548e0ac";
var result = new EmbededConfig();
try
{
result = new EmbededConfig {
Username = username, Roles = roles
};
var error = GetWebConfigErrors();
if (error != null)
{
result.ErrorMessage = error;
return(View(result));
}
var credential = new UserPasswordCredential(Username, Password);
var authenticationContext = new AuthenticationContext(AuthorityUrl);
var authenticationResult = await authenticationContext.AcquireTokenAsync(ResourceUrl, ClientId, credential);
if (authenticationResult == null)
{
result.ErrorMessage = "Authentication Failed.";
return(View(result));
}
var tokenCredentials = new TokenCredentials(authenticationResult.AccessToken, "Bearer");
using (var client = new PowerBIClient(new Uri(ApiUrl), tokenCredentials))
{
var reports = await client.Reports.GetReportsInGroupAsync(GroupId);
Report report;
if (string.IsNullOrEmpty(ReportId))
{
report = reports.Value.FirstOrDefault();
}
else
{
report = reports.Value.FirstOrDefault(r => r.Id == ReportId);
}
if (report == null)
{
result.ErrorMessage = "Group has no reports.";
return(View(result));
}
var datasets = await client.Datasets.GetDatasetByIdInGroupAsync(GroupId, report.DatasetId);
result.IsEffectiveIdentityRequired = datasets.IsEffectiveIdentityRequired;
result.IsEffectiveIdentityRolesRequired = datasets.IsEffectiveIdentityRolesRequired;
GenerateTokenRequest generateTokenRequestParameters;
if (!string.IsNullOrEmpty(username))
{
var rls = new EffectiveIdentity(username, new List <string> {
report.DatasetId
});
if (!string.IsNullOrWhiteSpace(roles))
{
var rolesList = new List <string>();
rolesList.AddRange(roles.Split(','));
rls.Roles = rolesList;
}
generateTokenRequestParameters = new GenerateTokenRequest(accessLevel: "view", identities: new List <EffectiveIdentity> {
rls
});
}
else
{
generateTokenRequestParameters = new GenerateTokenRequest(accessLevel: "view");
}
var tokenResponse = await client.Reports.GenerateTokenInGroupAsync(GroupId, report.Id, generateTokenRequestParameters);
if (tokenResponse == null)
{
result.ErrorMessage = "Failed to generate embed token.";
return(View(result));
}
result.EmbedToken = tokenResponse;
result.EmbedUrl = report.EmbedUrl;
result.Id = report.Id;
return(View(result));
}
}
catch (HttpOperationException exc)
{
result.ErrorMessage = string.Format("Status: {0} ({1})\r\nResponse: {2}\r\nRequestId: {3}", exc.Response.StatusCode,
(int)exc.Response.StatusCode, exc.Response.Content, exc.Response.Headers["RequestId"].FirstOrDefault());
}
catch (Exception exc)
{
result.ErrorMessage = exc.ToString();
}
return(View(result));
}
public static async Task <EmbedConfig> GetEmbedReportConfigData(string clientId, string groupId, string username, string password, string authorityUrl, string resourceUrl, string apiUrl, string reportUniqueId, string reportName, ServiceContext serviceContext, IServiceEventSource serviceEventSource)
{
ServiceEventSourceHelper serviceEventSourceHelper = new ServiceEventSourceHelper(serviceEventSource);
var result = new EmbedConfig();
var roles = "";
try
{
var error = GetWebConfigErrors(clientId, groupId, username, password);
if (error != null)
{
result.ErrorMessage = error;
return(result);
}
// Create a user password cradentials.
var credential = new UserPasswordCredential(username, password);
// Authenticate using created credentials
var authenticationContext = new AuthenticationContext(authorityUrl);
var authenticationResult = await authenticationContext.AcquireTokenAsync(resourceUrl, clientId, credential);
if (authenticationResult == null)
{
result.ErrorMessage = "Authentication Failed.";
return(result);
}
var tokenCredentials = new TokenCredentials(authenticationResult.AccessToken, "Bearer");
// Create a Power BI Client object. It will be used to call Power BI APIs.
using (var client = new PowerBIClient(new Uri(apiUrl), tokenCredentials))
{
// Get a list of reports.
var reports = await client.Reports.GetReportsInGroupAsync(groupId);
Report report;
if (string.IsNullOrEmpty(reportName))
{
// Get the first report in the group.
report = reports.Value.FirstOrDefault();
}
else
{
report = reports.Value.FirstOrDefault(r => r.Name.Equals(reportName));
}
if (report == null)
{
result.ErrorMessage = $"PowerBI Group has no report registered for Name[{reportName}].";
return(result);
}
var datasets = await client.Datasets.GetDatasetByIdInGroupAsync(groupId, report.DatasetId);
result.IsEffectiveIdentityRequired = datasets.IsEffectiveIdentityRequired;
result.IsEffectiveIdentityRolesRequired = datasets.IsEffectiveIdentityRolesRequired;
GenerateTokenRequest generateTokenRequestParameters;
// This is how you create embed token with effective identities
if ((result.IsEffectiveIdentityRequired != null && result.IsEffectiveIdentityRequired == true) &&
(result.IsEffectiveIdentityRolesRequired != null && result.IsEffectiveIdentityRolesRequired == true) &&
!string.IsNullOrEmpty(username))
{
var rls = new EffectiveIdentity(username, new List <string> {
report.DatasetId
});
if (!string.IsNullOrWhiteSpace(roles))
{
var rolesList = new List <string>();
rolesList.AddRange(roles.Split(','));
rls.Roles = rolesList;
}
// Generate Embed Token with effective identities.
generateTokenRequestParameters = new GenerateTokenRequest(accessLevel: "view", identities: new List <EffectiveIdentity> {
rls
});
}
else
{
// Generate Embed Token for reports without effective identities.
generateTokenRequestParameters = new GenerateTokenRequest(accessLevel: "view");
}
var tokenResponse = await client.Reports.GenerateTokenInGroupAsync(groupId, report.Id, generateTokenRequestParameters);
if (tokenResponse == null)
{
serviceEventSourceHelper.ServiceMessage(serviceContext, $"Embed Report - Error during user authentication for report - Result=[{tokenResponse.ToString()}]");
result.ErrorMessage = "Failed to authenticate user for report request";
return(result);
}
// Generate Embed Configuration.
result.EmbedToken = tokenResponse;
result.EmbedUrl = report.EmbedUrl;
result.Id = report.Id;
return(result);
}
}
catch (HttpOperationException exc)
{
result.ErrorMessage = string.Format($"Status: {exc.Response.StatusCode} Response Content: [{exc.Response.Content}] RequestId: {exc.Response.Headers["RequestId"].FirstOrDefault()}");
}
catch (Exception exc)
{
result.ErrorMessage = exc.ToString();
}
return(result);
}
/// <summary>
/// Initializes a new instance of the GenerateTokenRequest class.
/// </summary>
/// <param name="accessLevel">The dataset mode or type. Possible values
/// include: 'View', 'Edit', 'Create'</param>
/// <param name="datasetId">The dataset Id</param>
/// <param name="allowSaveAs">Allow SaveAs the report with generated
/// token.</param>
/// <param name="identity">The effective identity to use for RLS
/// rules</param>
public GenerateTokenRequest(string accessLevel, string datasetId, bool?allowSaveAs, EffectiveIdentity identity)
{
AccessLevel = accessLevel;
DatasetId = datasetId;
AllowSaveAs = allowSaveAs;
Identities = new[] { identity };
CustomInit();
}
public async Task <bool> EmbedTile()
{
// Get token credentials for user
var getCredentialsResult = await GetTokenCredentials();
if (!getCredentialsResult)
{
// The error message set in GetTokenCredentials
m_tileEmbedConfig.ErrorMessage = m_embedConfig.ErrorMessage;
return(false);
}
try
{
// Create a Power BI Client object. It will be used to call Power BI APIs.
using (var client = new PowerBIClient(new Uri(ApiUrl), m_tokenCredentials))
{
// Get a list of dashboards.
var dashboards = await client.Dashboards.GetDashboardsInGroupAsync(WorkspaceId);
// Get the first report in the workspace.
var dashboard = dashboards.Value.Where(it => it.Id == DashboardId).FirstOrDefault();
if (dashboard == null)
{
m_tileEmbedConfig.ErrorMessage = "Workspace has no dashboards.";
return(false);
}
var tiles = await client.Dashboards.GetTilesInGroupAsync(WorkspaceId, dashboard.Id);
// Get the first tile in the workspace.
var tile = tiles.Value.FirstOrDefault();
ClaimsPrincipal user = HttpContext.Current.User as ClaimsPrincipal;
List <Claim> claims = user.Claims.ToList();
var ident = user.Identities.ToList();
//string name = claims.FirstOrDefault(c => c.Type == "name")?.Value;
string name = "e6092d2d-07be-49f2-91b7-cdf3491fe744";//obj id 1329be85-964f-450d-a4be-a4ad585a3cf8 "*****@*****.**";12c70cdd-7645-445f-b79d-30cdda50388d //"3e5c9d8b-9be4-485f-aaec-997fe09d8208
//var generateTokenRequestParameters = new GenerateTokenRequest("View", null,
// identities: new List<EffectiveIdentity> {
// new EffectiveIdentity(username: name,
// roles: new List<string>
// {
// "InternetSalesUS"
////"InternetSalesAU"
// //"InternetSalesManager"
// },
// datasets: new List<string> { tile.DatasetId }) });
var rls = new EffectiveIdentity(username: name, datasets: new List <string> {
tile.DatasetId
});
// if (!string.IsNullOrWhiteSpace(roles))
// {
var rolesList = new List <string>();
//rolesList.AddRange(roles.Split(','));
if (ident[0].Name == "*****@*****.**")
{
rolesList.Add("InternetSalesUS");
}
else
{
rolesList.Add("InternetSalesAU");
}
rls.Roles = rolesList;
var generateTokenRequestParameters = new GenerateTokenRequest(accessLevel: "view", identities: new List <EffectiveIdentity> {
rls
});
// Generate Embed Token for a tile.
//var generateTokenRequestParameters = new GenerateTokenRequest(accessLevel: "view");
var tokenResponse = await client.Tiles.GenerateTokenInGroupAsync(WorkspaceId, dashboard.Id, tile.Id, generateTokenRequestParameters);
if (tokenResponse == null)
{
m_tileEmbedConfig.ErrorMessage = "Failed to generate embed token.";
return(false);
}
// Generate Embed Configuration.
m_tileEmbedConfig = new TileEmbedConfig()
{
EmbedToken = tokenResponse,
EmbedUrl = tile.EmbedUrl,
Id = tile.Id,
dashboardId = dashboard.Id
};
return(true);
}
}
catch (HttpOperationException exc)
{
m_embedConfig.ErrorMessage = string.Format("Status: {0} ({1})\r\nResponse: {2}\r\nRequestId: {3}", exc.Response.StatusCode, (int)exc.Response.StatusCode, exc.Response.Content, exc.Response.Headers["RequestId"].FirstOrDefault());
return(false);
}
}
public async Task <ActionResult> EmbedReport()
{
string tenantID = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid").Value;
string reportId = Request.Form["SelectedReport"].ToString();
using (var client = await CreatePowerBIClientForISV())
{
var report = client.Reports.GetReportInGroup(GroupId, reportId);
GenerateTokenRequest generateTokenRequestParameters = new GenerateTokenRequest(
accessLevel: "edit", allowSaveAs: true); //no role specified means you can access everything!
// Generate Embed Token.
if (!tenantID.StartsWith("1")) // the owner tenant of this app starts with 1, which can access everything
{
switch (report.Name.ToLower())
{
case "adventureworks":
// for non Analysis Service, map user to Username()
var salesUser = new EffectiveIdentity(
username: "******",
roles: new List <string> {
"Sales"
},
datasets: new List <string> {
report.DatasetId
});
generateTokenRequestParameters = new GenerateTokenRequest(
accessLevel: "edit", allowSaveAs: true,
identities: new List <EffectiveIdentity> {
salesUser
});
break;
case "testaasrls":
// for Analysis Service, map user to CustomData()
var embedUser = new EffectiveIdentity(
username: MvcApplication.pbiUserName,
customData: "embed",
roles: new List <string> {
"Sales Embedded"
},
datasets: new List <string> {
report.DatasetId
});
generateTokenRequestParameters = new GenerateTokenRequest(
accessLevel: "edit", allowSaveAs: true,
identities: new List <EffectiveIdentity> {
embedUser
});
break;
}
}
else
{
switch (report.Name.ToLower())
{
case "testaasrls":
// for Analysis Service, map user to CustomData()
var embedUser = new EffectiveIdentity(
username: MvcApplication.pbiUserName,
customData: "*****@*****.**",
roles: new List <string> {
"Sales BiDi"
},
datasets: new List <string> {
report.DatasetId
});
generateTokenRequestParameters = new GenerateTokenRequest(
accessLevel: "edit", allowSaveAs: true,
identities: new List <EffectiveIdentity> {
embedUser
});
break;
}
}
var tokenResponse = await client.Reports.GenerateTokenInGroupAsync(GroupId, reportId, generateTokenRequestParameters);
// Refresh the dataset
// await client.Datasets.RefreshDatasetInGroupAsync(GroupId, report.DatasetId);
// Generate Embed Configuration.
var embedConfig = new EmbedConfig()
{
EmbedToken = tokenResponse,
EmbedUrl = report.EmbedUrl,
Id = reportId,
Name = report.Name
};
return(View(embedConfig));
}
}
public async Task <ActionResult> EmbedReport(string username, string roles)
{
var result = new EmbedConfig();
try
{
result = new EmbedConfig {
Username = username, Roles = roles
};
var error = GetWebConfigErrors();
if (error != null)
{
result.ErrorMessage = error;
return(View(result));
}
// Create a user password cradentials.
var credential = new UserPasswordCredential(Username, Password);
// Authenticate using created credentials
var authenticationContext = new AuthenticationContext(AuthorityUrl);
var authenticationResult = await authenticationContext.AcquireTokenAsync(ResourceUrl, ApplicationId, credential);
if (authenticationResult == null)
{
result.ErrorMessage = "Authentication Failed.";
return(View(result));
}
var tokenCredentials = new TokenCredentials(authenticationResult.AccessToken, "Bearer");
// Create a Power BI Client object. It will be used to call Power BI APIs.
using (var client = new PowerBIClient(new Uri(ApiUrl), tokenCredentials))
{
// Get a list of reports.
var reports = await client.Reports.GetReportsInGroupAsync(WorkspaceId);
// No reports retrieved for the given workspace.
if (reports.Value.Count() == 0)
{
result.ErrorMessage = "No reports were found in the workspace";
return(View(result));
}
Report report;
if (string.IsNullOrWhiteSpace(ReportId))
{
// Get the first report in the workspace.
report = reports.Value.FirstOrDefault();
}
else
{
report = reports.Value.FirstOrDefault(r => r.Id == ReportId);
}
if (report == null)
{
result.ErrorMessage = "No report with the given ID was found in the workspace. Make sure ReportId is valid.";
return(View(result));
}
var datasets = await client.Datasets.GetDatasetByIdInGroupAsync(WorkspaceId, report.DatasetId);
result.IsEffectiveIdentityRequired = datasets.IsEffectiveIdentityRequired;
result.IsEffectiveIdentityRolesRequired = datasets.IsEffectiveIdentityRolesRequired;
GenerateTokenRequest generateTokenRequestParameters;
// This is how you create embed token with effective identities
if (!string.IsNullOrWhiteSpace(username))
{
var rls = new EffectiveIdentity(username, new List <string> {
report.DatasetId
});
if (!string.IsNullOrWhiteSpace(roles))
{
var rolesList = new List <string>();
rolesList.AddRange(roles.Split(','));
rls.Roles = rolesList;
}
// Generate Embed Token with effective identities.
generateTokenRequestParameters = new GenerateTokenRequest(accessLevel: "view", identities: new List <EffectiveIdentity> {
rls
});
}
else
{
// Generate Embed Token for reports without effective identities.
generateTokenRequestParameters = new GenerateTokenRequest(accessLevel: "view");
}
var tokenResponse = await client.Reports.GenerateTokenInGroupAsync(WorkspaceId, report.Id, generateTokenRequestParameters);
if (tokenResponse == null)
{
result.ErrorMessage = "Failed to generate embed token.";
return(View(result));
}
// Generate Embed Configuration.
result.EmbedToken = tokenResponse;
result.EmbedUrl = report.EmbedUrl;
result.Id = report.Id;
return(View(result));
}
}
catch (HttpOperationException exc)
{
result.ErrorMessage = string.Format("Status: {0} ({1})\r\nResponse: {2}\r\nRequestId: {3}", exc.Response.StatusCode, (int)exc.Response.StatusCode, exc.Response.Content, exc.Response.Headers["RequestId"].FirstOrDefault());
}
catch (Exception exc)
{
result.ErrorMessage = exc.ToString();
}
return(View(result));
}
public async Task <ActionResult> EmbedDashboardRls(string userName)
{
var roles = "Client User";
var result = new EmbedConfig();
result.Username = userName;
result.Roles = roles;
if (userName == "Northridge")
{
result.Username = userName;
userName = "******";
}
else
{
result.Username = "******";
userName = "******";
}
var error = GetWebConfigErrors();
if (error != null)
{
return(View(new EmbedConfig()
{
ErrorMessage = error
}));
}
try
{
// Create a user password cradentials.
var credential = new UserPasswordCredential(Username, Password);
// Authenticate using created credentials
var authenticationContext = new AuthenticationContext(AuthorityUrl);
var authenticationResult = await authenticationContext.AcquireTokenAsync(ResourceUrl, ClientId, credential);
if (authenticationResult == null)
{
return(View(new EmbedConfig()
{
ErrorMessage = "Authentication Failed."
}));
}
var tokenCredentials = new TokenCredentials(authenticationResult.AccessToken, "Bearer");
// Create a Power BI Client object. It will be used to call Power BI APIs.
using (var client = new PowerBIClient(new Uri(ApiUrl), tokenCredentials))
{
// Get a list of dashboards.
var dashboards = await client.Dashboards.GetDashboardsInGroupAsync(GroupId);
// Get the first report in the group.
var dashboard = dashboards.Value.FirstOrDefault();
if (dashboard == null)
{
return(View(new EmbedConfig()
{
ErrorMessage = "Group has no dashboards."
}));
}
// Generate Embed Token.
var dataSetIds = await GetDashboardDatasetIdsAsync(client, dashboard.Id, GroupId);
var rls = new EffectiveIdentity(userName, dataSetIds);
if (!string.IsNullOrWhiteSpace(roles))
{
var rolesList = new List <string>();
rolesList.AddRange(roles.Split(','));
rls.Roles = rolesList;
}
// Generate Embed Token with effective identities.
var generateTokenRequestParameters = new GenerateTokenRequest(accessLevel: "view", identities: new List <EffectiveIdentity> {
rls
});
var tokenResponse = await client.Dashboards.GenerateTokenInGroupAsync(GroupId, dashboard.Id, generateTokenRequestParameters);
if (tokenResponse == null)
{
result.ErrorMessage = "Failed to generate embed token.";
return(View(result));
}
// Generate Embed Configuration.
result.EmbedToken = tokenResponse;
result.EmbedUrl = dashboard.EmbedUrl;
result.Id = dashboard.Id;
if (tokenResponse == null)
{
return(View(new EmbedConfig()
{
ErrorMessage = "Failed to generate embed token."
}));
}
return(View(result));
}
}
catch (HttpOperationException exc)
{
result.ErrorMessage = string.Format("Status: {0} ({1})\r\nResponse: {2}\r\nRequestId: {3}", exc.Response.StatusCode, (int)exc.Response.StatusCode, exc.Response.Content, exc.Response.Headers["RequestId"].FirstOrDefault());
throw exc;
}
catch (Exception exc)
{
result.ErrorMessage = exc.ToString();
throw exc;
}
}
public static ReportWithRlsEmbeddingData GetReportWithRlsEmbeddingData()
{
PowerBIClient pbiClient = GetPowerBiClient();
var report = pbiClient.Reports.GetReportInGroup(workspaceId, reportWithRlsId);
var datasetId = report.DatasetId;
var embedUrl = report.EmbedUrl;
var reportName = report.Name;
Console.WriteLine("Getting RLS-enabled embed tokens");
GenerateTokenRequest tokenRequestAllData =
new GenerateTokenRequest(accessLevel: "view",
identities: new List <EffectiveIdentity> {
new EffectiveIdentity(username: "******",
datasets: new List <string> {
datasetWithRlsId
},
roles: new List <string> {
"AllData"
})
});
string embedTokenAllData = pbiClient.Reports.GenerateTokenInGroup(workspaceId, reportWithRlsId, tokenRequestAllData).Token;
Console.WriteLine("Got 1");
EffectiveIdentity identityWesternSales = new EffectiveIdentity(username: "******", roles: new List <string> {
"WesternSales"
}, datasets: new List <string> {
datasetWithRlsId
});
GenerateTokenRequest tokenRequestWesternSales = new GenerateTokenRequest("view", null, identities: new List <EffectiveIdentity> {
identityWesternSales
});
string embedTokenWesternSales = pbiClient.Reports.GenerateTokenInGroup(workspaceId, report.Id, tokenRequestWesternSales).Token;
Console.WriteLine("Got 2");
EffectiveIdentity identityCentralSales = new EffectiveIdentity(username: "******", roles: new List <string> {
"CentralSales"
}, datasets: new List <string> {
datasetWithRlsId
});
GenerateTokenRequest tokenRequestCentralSales = new GenerateTokenRequest(accessLevel: "view", datasetId: datasetId, identities: new List <EffectiveIdentity> {
identityCentralSales
});
string embedTokenCentralSales = pbiClient.Reports.GenerateTokenInGroup(workspaceId, report.Id, tokenRequestCentralSales).Token;
Console.WriteLine("Got 3");
EffectiveIdentity identityEasternSales = new EffectiveIdentity("Bob", roles: new List <string> {
"EasternSales"
}, datasets: new List <string> {
datasetWithRlsId
});
GenerateTokenRequest tokenRequestEasternSales = new GenerateTokenRequest(accessLevel: "view", datasetId: datasetId, identities: new List <EffectiveIdentity> {
identityEasternSales
});
string embedTokenEasternSales = pbiClient.Reports.GenerateTokenInGroup(workspaceId, report.Id, tokenRequestEasternSales).Token;
Console.WriteLine("Got 4");
return(new ReportWithRlsEmbeddingData {
reportId = report.Id,
reportName = reportName,
embedUrl = embedUrl,
embedTokenAllData = embedTokenAllData,
embedTokenWesternSales = embedTokenWesternSales,
embedTokenCentralSales = embedTokenCentralSales,
embedTokenEasternSales = embedTokenEasternSales
});
}
public async Task <ActionResult> EmbedReportAas(string username, string roles)
{
var result = new EmbedConfig();
try
{
result = new EmbedConfig {
Username = username, Roles = roles
};
var error = GetWebConfigErrors();
if (error != null)
{
result.ErrorMessage = error;
return(View(result));
}
// Create a user password cradentials.
var credential = new UserPasswordCredential(Username, Password);
// Authenticate using created credentials
var authenticationContext = new AuthenticationContext(AuthorityUrl);
var authenticationResult = await authenticationContext.AcquireTokenAsync(ResourceUrl, ClientId, credential);
if (authenticationResult == null)
{
result.ErrorMessage = "Authentication Failed.";
return(View(result));
}
var tokenCredentials = new TokenCredentials(authenticationResult.AccessToken, "Bearer");
// Create a Power BI Client object. It will be used to call Power BI APIs.
using (var client = new PowerBIClient(new Uri(ApiUrl), tokenCredentials))
{
// Get a list of reports.
var reports = await client.Reports.GetReportsInGroupAsync(GroupId);
Report report;
if (string.IsNullOrEmpty(ReportAasId))
{
// Get the first report in the group.
report = reports.Value.FirstOrDefault();
}
else
{
report = reports.Value.FirstOrDefault(r => r.Id == ReportAasId);
}
result.Reports = reports.Value.Select(r => new ReportModel
{
Id = r.Id,
Name = r.Name,
EmbedUrl = r.EmbedUrl
}).ToList();
if (report == null)
{
result.ErrorMessage = "Group has no reports.";
return(View(result));
}
var datasets = await client.Datasets.GetDatasetByIdInGroupAsync(GroupId, report.DatasetId);
result.IsEffectiveIdentityRequired = datasets.IsEffectiveIdentityRequired;
result.IsEffectiveIdentityRolesRequired = datasets.IsEffectiveIdentityRolesRequired;
GenerateTokenRequest generateTokenRequestParameters;
// This is how you create embed token with effective identities
if (!string.IsNullOrEmpty(username))
{
var rls = new EffectiveIdentity(
Username,
new List <string> {
report.DatasetId
},
null,
"PowerBi itself do not accept any arguments when we request token " +
"(apart from username and list of roles).In PowerBi desktop we can " +
"access username value and use it in filters, etc." +
"My idea was to use username as an argument and pass array of glids " +
"as a username.Then, on PowerBi desktop side we can use contains" +
" logic to filter data.However it turned out that username is limited" +
" to 256 characters.So we can pass up to 15 - 25 glids at most." +
"However we can workaround this limitation by adding some extra " +
"logic of parsing username.I guess that passing multiple glids" +
" to PowerBi will be done for some specific cases.Like comparison " +
"of all clients related to the same zor.In such case we could");
//if (!string.IsNullOrWhiteSpace(roles))
//{
// var rolesList = new List<string>();
// rolesList.AddRange(roles.Split(','));
// rls.Roles = rolesList;
//}
// Generate Embed Token with effective identities.
generateTokenRequestParameters = new GenerateTokenRequest(
accessLevel: "view",
identities: new List <EffectiveIdentity> {
rls
});
}
else
{
// Generate Embed Token for reports without effective identities.
generateTokenRequestParameters = new GenerateTokenRequest(accessLevel: "view");
}
var tokenResponse = await client.Reports.GenerateTokenInGroupAsync(GroupId, report.Id, generateTokenRequestParameters);
if (tokenResponse == null)
{
result.ErrorMessage = "Failed to generate embed token.";
return(View(result));
}
// Generate Embed Configuration.
result.EmbedToken = tokenResponse;
result.EmbedUrl = report.EmbedUrl;
result.Id = report.Id;
return(View(result));
}
}
catch (HttpOperationException exc)
{
result.ErrorMessage = string.Format("Status: {0} ({1})\r\nResponse: {2}\r\nRequestId: {3}", exc.Response.StatusCode, (int)exc.Response.StatusCode, exc.Response.Content, exc.Response.Headers["RequestId"].FirstOrDefault());
}
catch (Exception exc)
{
result.ErrorMessage = exc.ToString();
}
return(View(result));
}
public async Task <ActionResult> EmbedReportRls(string userName, string roles)
{
roles = "Client User";
var result = new EmbedConfig();
try
{
result.Username = userName;
result.Roles = roles;
if (userName == "Northridge")
{
result.Username = userName;
userName = "******";
}
else
{
result.Username = "******";
userName = "******";
}
var error = GetWebConfigErrors();
if (error != null)
{
result.ErrorMessage = error;
return(View(result));
}
// Create a user password cradentials.
var credential = new UserPasswordCredential(Username, Password);
// Authenticate using created credentials
var authenticationContext = new AuthenticationContext(AuthorityUrl);
var authenticationResult = await authenticationContext.AcquireTokenAsync(ResourceUrl, ClientId, credential);
if (authenticationResult == null)
{
result.ErrorMessage = "Authentication Failed.";
return(View(result));
}
var tokenCredentials = new TokenCredentials(authenticationResult.AccessToken, "Bearer");
// Create a Power BI Client object. It will be used to call Power BI APIs.
using (var client = new PowerBIClient(new Uri(ApiUrl), tokenCredentials))
{
// Get a list of reports.
var reports = await client.Reports.GetReportsInGroupAsync(GroupId);
Report report;
if (string.IsNullOrEmpty(ReportRlsId))
{
// Get the first report in the group.
report = reports.Value.FirstOrDefault();
}
else
{
report = reports.Value.FirstOrDefault(r => r.Id == ReportRlsId);
}
result.Reports = reports.Value.Select(r => new ReportModel
{
Id = r.Id,
Name = r.Name,
EmbedUrl = r.EmbedUrl
}).ToList();
if (report == null)
{
result.ErrorMessage = "Group has no reports.";
return(View(result));
}
var datasets = await client.Datasets.GetDatasetByIdInGroupAsync(GroupId, report.DatasetId);
result.IsEffectiveIdentityRequired = datasets.IsEffectiveIdentityRequired;
result.IsEffectiveIdentityRolesRequired = datasets.IsEffectiveIdentityRolesRequired;
GenerateTokenRequest generateTokenRequestParameters;
// This is how you create embed token with effective identities
//if (!string.IsNullOrEmpty(gl))
//{
var rls = new EffectiveIdentity(userName, new List <string> {
report.DatasetId
});
if (!string.IsNullOrWhiteSpace(roles))
{
var rolesList = new List <string>();
rolesList.AddRange(roles.Split(','));
rls.Roles = rolesList;
}
// Generate Embed Token with effective identities.
generateTokenRequestParameters = new GenerateTokenRequest(accessLevel: "view", identities: new List <EffectiveIdentity> {
rls
});
//}
//else
//{
// // Generate Embed Token for reports without effective identities.
// generateTokenRequestParameters = new GenerateTokenRequest(accessLevel: "view");
//}
var tokenResponse = await client.Reports.GenerateTokenInGroupAsync(GroupId, report.Id, generateTokenRequestParameters);
if (tokenResponse == null)
{
result.ErrorMessage = "Failed to generate embed token.";
return(View(result));
}
// Generate Embed Configuration.
result.EmbedToken = tokenResponse;
result.EmbedUrl = report.EmbedUrl;
result.Id = report.Id;
return(View(result));
}
}
catch (HttpOperationException exc)
{
result.ErrorMessage = string.Format("Status: {0} ({1})\r\nResponse: {2}\r\nRequestId: {3}", exc.Response.StatusCode, (int)exc.Response.StatusCode, exc.Response.Content, exc.Response.Headers["RequestId"].FirstOrDefault());
}
catch (Exception exc)
{
result.ErrorMessage = exc.ToString();
}
return(View(result));
}
public async Task <bool> EmbedReport(string username, string roles)
{
// Get token credentials for user
var getCredentialsResult = await GetTokenCredentials();
if (!getCredentialsResult)
{
// The error message set in GetTokenCredentials
return(false);
}
try
{
// Create a Power BI Client object. It will be used to call Power BI APIs.
using (var client = new PowerBIClient(new Uri(ApiUrl), m_tokenCredentials))
{
// Get a list of reports.
var reports = await client.Reports.GetReportsInGroupAsync(WorkspaceId);
// No reports retrieved for the given workspace.
if (reports.Value.Count() == 0)
{
m_embedConfig.ErrorMessage = "No reports were found in the workspace";
return(false);
}
Report report;
if (string.IsNullOrWhiteSpace(ReportId))
{
// Get the first report in the workspace.
report = reports.Value.FirstOrDefault();
}
else
{
report = reports.Value.FirstOrDefault(r => r.Id.Equals(ReportId, StringComparison.InvariantCultureIgnoreCase));
}
if (report == null)
{
m_embedConfig.ErrorMessage = "No report with the given ID was found in the workspace. Make sure ReportId is valid.";
return(false);
}
var datasets = await client.Datasets.GetDatasetByIdInGroupAsync(WorkspaceId, report.DatasetId);
m_embedConfig.IsEffectiveIdentityRequired = datasets.IsEffectiveIdentityRequired;
m_embedConfig.IsEffectiveIdentityRolesRequired = datasets.IsEffectiveIdentityRolesRequired;
GenerateTokenRequest generateTokenRequestParameters;
// This is how you create embed token with effective identities
ClaimsPrincipal user = HttpContext.Current.User as ClaimsPrincipal;
List <Claim> claims = user.Claims.ToList();
var ident = user.Identities.ToList();
//string name = claims.FirstOrDefault(c => c.Type == "name")?.Value;
string usernameObj = "e6092d2d-07be-49f2-91b7-cdf3491fe744";//obj id 1329be85-964f-450d-a4be-a4ad585a3cf8 "*****@*****.**";12c70cdd-7645-445f-b79d-30cdda50388d //"3e5c9d8b-9be4-485f-aaec-997fe09d8208
//var customData = null;
if (!string.IsNullOrWhiteSpace(usernameObj))
{
var rls = new EffectiveIdentity(usernameObj, new List <string> {
report.DatasetId
});
// if (!string.IsNullOrWhiteSpace(roles))
// {
var rolesList = new List <string>();
//rolesList.AddRange(roles.Split(','));
if (ident[0].Name == "*****@*****.**")
{
rolesList.Add("InternetSalesUS");
}
else
{
rolesList.Add("InternetSalesAU");
}
rls.Roles = rolesList;
// }
// Generate Embed Token with effective identities.
generateTokenRequestParameters = new GenerateTokenRequest(accessLevel: "view", identities: new List <EffectiveIdentity> {
rls
});
}
else
{
// Generate Embed Token for reports without effective identities.
generateTokenRequestParameters = new GenerateTokenRequest(accessLevel: "view");
}
var tokenResponse = await client.Reports.GenerateTokenInGroupAsync(WorkspaceId, report.Id, generateTokenRequestParameters);
if (tokenResponse == null)
{
m_embedConfig.ErrorMessage = "Failed to generate embed token.";
return(false);
}
// Generate Embed Configuration.
m_embedConfig.EmbedToken = tokenResponse;
m_embedConfig.EmbedUrl = report.EmbedUrl;
m_embedConfig.Id = report.Id;
}
}
catch (HttpOperationException exc)
{
m_embedConfig.ErrorMessage = string.Format("Status: {0} ({1})\r\nResponse: {2}\r\nRequestId: {3}", exc.Response.StatusCode, (int)exc.Response.StatusCode, exc.Response.Content, exc.Response.Headers["RequestId"].FirstOrDefault());
return(false);
}
return(true);
}
public async Task <EmbedConfig> GetDashboardEmbedConfigAsync(int userId, string username, string roles, string dashboardId)
{
var model = (EmbedConfig)CachingProvider.Instance().GetItem($"PBI_{Settings.PortalId}_{Settings.SettingsId}_{userId}_{Thread.CurrentThread.CurrentUICulture.Name}_Dashboard_{dashboardId}");
if (model != null)
{
return(model);
}
model = new EmbedConfig();
// Get token credentials for user
var getCredentialsResult = await GetTokenCredentials();
if (!getCredentialsResult)
{
// The error message set in GetTokenCredentials
model.ErrorMessage = "Authentication failed.";
return(model);
}
// Create a Power BI Client object. It will be used to call Power BI APIs.
using (var client = new PowerBIClient(new Uri(Settings.ApiUrl), tokenCredentials))
{
// Get a list of reports.
var dashboards = await client.Dashboards.GetDashboardsInGroupAsync(Guid.Parse(Settings.WorkspaceId)).ConfigureAwait(false);
// No dashboards retrieved for the given workspace.
if (dashboards.Value.Count() == 0)
{
model.ErrorMessage = "No dashboards were found in the workspace";
}
var dashboard = dashboards.Value.FirstOrDefault(r => r.Id.ToString().Equals(dashboardId, StringComparison.InvariantCultureIgnoreCase));
if (dashboard == null)
{
model.ErrorMessage = "No dashboard with the given ID was found in the workspace. Make sure ReportId is valid.";
}
// Generate Embed Token for reports without effective identities.
GenerateTokenRequest generateTokenRequestParameters;
// This is how you create embed token with effective identities
if (!string.IsNullOrWhiteSpace(username))
{
var rls = new EffectiveIdentity(username, new List <string> {
dashboardId
});
if (!string.IsNullOrWhiteSpace(roles))
{
var rolesList = new List <string>();
rolesList.AddRange(roles.Split(','));
rls.Roles = rolesList;
}
// Generate Embed Token with effective identities.
generateTokenRequestParameters = new GenerateTokenRequest(accessLevel: "view", identities: new List <EffectiveIdentity> {
rls
});
}
else
{
// Generate Embed Token for reports without effective identities.
generateTokenRequestParameters = new GenerateTokenRequest(accessLevel: "view");
}
EmbedToken tokenResponse;
try
{
tokenResponse = await client.Dashboards.GenerateTokenInGroupAsync(Guid.Parse(Settings.WorkspaceId), dashboard.Id, generateTokenRequestParameters).ConfigureAwait(false);
}
catch (HttpOperationException ex)
{
if (ex.Response.Content.Contains("shouldn't have effective identity"))
{
// HACK: Creating embed token for accessing dataset shouldn't have effective identity"
// See https://community.powerbi.com/t5/Developer/quot-shouldn-t-have-effective-identity-quot-error-when-passing/m-p/437177
generateTokenRequestParameters = new GenerateTokenRequest(accessLevel: "view");
tokenResponse = await client.Dashboards.GenerateTokenInGroupAsync(Guid.Parse(Settings.WorkspaceId), dashboard.Id, generateTokenRequestParameters).ConfigureAwait(false);
}
else
{
throw;
}
}
if (tokenResponse == null)
{
model.ErrorMessage = "Failed to generate embed token.";
}
// Generate Embed Configuration.
model.EmbedToken = tokenResponse;
model.EmbedUrl = dashboard.EmbedUrl;
model.Id = dashboard.Id.ToString();
model.ContentType = "dashboard";
CachingProvider.Instance().Insert($"PBI_{Settings.PortalId}_{Settings.SettingsId}_{userId}_{Thread.CurrentThread.CurrentUICulture.Name}_Dashboard_{dashboardId}", model, null, DateTime.Now.AddSeconds(60), TimeSpan.Zero);
}
return(model);
}
public async Task <IHttpActionResult> Get(string username, string roles)
{
var result = new EmbedConfig();
try
{
result = new EmbedConfig {
Username = username, Roles = roles
};
var error = GetWebConfigErrors();
if (error != null)
{
result.ErrorMessage = error;
return(Ok(AirFusion.WindEdition.API.ResponseResult <EmbedConfig> .GetResult(result)));
}
var credential = new UserPasswordCredential(Username, Password);
// Authenticate using created credentials
var authenticationContext = new AuthenticationContext(AuthorityUrl);
var authenticationResult = await authenticationContext.AcquireTokenAsync(ResourceUrl, ApplicationId, credential);
if (authenticationResult == null)
{
result.ErrorMessage = "Authentication Failed.";
return(Ok(AirFusion.WindEdition.API.ResponseResult <EmbedConfig> .GetResult(result)));
}
var tokenCredentials = new TokenCredentials(authenticationResult.AccessToken, "Bearer");
using (var client = new PowerBIClient(new Uri(ApiUrl), tokenCredentials))
{
// Get a list of reports.
var reports = await client.Reports.GetReportsInGroupAsync(WorkspaceId);
// No reports retrieved for the given workspace.
if (reports.Value.Count() == 0)
{
result.ErrorMessage = "No reports were found in the workspace";
return(Ok(AirFusion.WindEdition.API.ResponseResult <EmbedConfig> .GetResult(result)));
}
Report report;
if (string.IsNullOrWhiteSpace(ReportId))
{
// Get the first report in the workspace.
report = reports.Value.FirstOrDefault();
}
else
{
report = reports.Value.FirstOrDefault(r => r.Id == ReportId);
}
if (report == null)
{
result.ErrorMessage = "No report with the given ID was found in the workspace. Make sure ReportId is valid.";
return(Ok(AirFusion.WindEdition.API.ResponseResult <EmbedConfig> .GetResult(result)));
}
var datasets = await client.Datasets.GetDatasetByIdInGroupAsync(WorkspaceId, report.DatasetId);
result.IsEffectiveIdentityRequired = datasets.IsEffectiveIdentityRequired;
result.IsEffectiveIdentityRolesRequired = datasets.IsEffectiveIdentityRolesRequired;
GenerateTokenRequest generateTokenRequestParameters;
// This is how you create embed token with effective identities
if (!string.IsNullOrWhiteSpace(username))
{
var rls = new EffectiveIdentity(username, new List <string> {
report.DatasetId
});
if (!string.IsNullOrWhiteSpace(roles))
{
var rolesList = new List <string>();
rolesList.AddRange(roles.Split(','));
rls.Roles = rolesList;
}
// Generate Embed Token with effective identities.
generateTokenRequestParameters = new GenerateTokenRequest(accessLevel: "view", identities: new List <EffectiveIdentity> {
rls
});
}
else
{
// Generate Embed Token for reports without effective identities.
generateTokenRequestParameters = new GenerateTokenRequest(accessLevel: "view");
}
var tokenResponse = await client.Reports.GenerateTokenInGroupAsync(WorkspaceId, report.Id, generateTokenRequestParameters);
if (tokenResponse == null)
{
result.ErrorMessage = "Failed to generate embed token.";
return(Ok(AirFusion.WindEdition.API.ResponseResult <EmbedConfig> .GetResult(result)));
}
// Generate Embed Configuration.
result.EmbedToken = tokenResponse;
result.EmbedUrl = report.EmbedUrl;
result.Id = report.Id;
var json = new JavaScriptSerializer().Serialize(result);
return(Ok(AirFusion.WindEdition.API.ResponseResult <EmbedConfig> .GetResult(result)));
}
}
catch (Exception ex)
{
result.ErrorMessage = "Error Occured";
}
return(Ok(AirFusion.WindEdition.API.ResponseResult <EmbedConfig> .GetResult(result)));
}
private async Task <EmbedConfig> EmbedReport(EmbedReportRequest embedReportRequest)
{
var config = new EmbedConfig();
UserCredential = embedReportRequest.Credential;
try
{
var data = await AuthenticateAsync();
using (var pClient = new PowerBIClient(new Uri(POWER_BI_API_URL), PTokenCredentials))
{
var groups = await pClient.Groups.GetGroupsWithHttpMessagesAsync();
var group = groups.Body.Value.FirstOrDefault(s => s.Id == embedReportRequest.WorkSpaceId);
if (group == null)
{
throw new ValidationException(PowerResource.ValidationErrorParentGroupNotFoundError);
}
var reports = await pClient.Reports.GetReportsInGroupAsync(group.Id);
if (!reports.Value.Any())
{
config.ErrorMessage = PowerResource.EmbedReportNotFoundError;
return(config);
}
var embeddingReport = reports.Value.FirstOrDefault(s => s.Id == embedReportRequest.ReportId);
if (embeddingReport == null)
{
config.ErrorMessage = PowerResource.EmbedReportNotFoundError;
}
var dataSet = await pClient.Datasets.GetDatasetByIdInGroupAsync(group.Id, embeddingReport.DatasetId);
config.IsEffectiveIdentityRequired = dataSet.IsEffectiveIdentityRequired;
config.IsEffectiveIdentityRolesRequired = dataSet.IsEffectiveIdentityRolesRequired;
var upDateResponse = await UpdateAndRefreshDataSet(pClient, embedReportRequest, group.Id, embeddingReport.Id, dataSet.Id);
if (upDateResponse)
{
GenerateTokenRequest generateTokenRequestParameters;
if (!string.IsNullOrWhiteSpace(embedReportRequest.EmbedUserName))
{
var rls = new EffectiveIdentity(embedReportRequest.EmbedUserName, new List <string> {
embeddingReport.DatasetId
});
if (!string.IsNullOrWhiteSpace(embedReportRequest.EmbedRoles))
{
var rolesList = new List <string>();
rolesList.AddRange(embedReportRequest.EmbedRoles.Split(','));
rls.Roles = rolesList;
}
generateTokenRequestParameters = new GenerateTokenRequest(accessLevel: "view", identities: new List <EffectiveIdentity> {
rls
});
}
else
{
generateTokenRequestParameters = new GenerateTokenRequest(accessLevel: "view");
}
var tokenResponse = await pClient.Reports.GenerateTokenInGroupAsync(group.Id, embeddingReport.Id, generateTokenRequestParameters);
if (tokenResponse == null)
{
config.ErrorMessage = "Failed to generate embed token.";
return(config);
}
config.EmbedToken = tokenResponse;
config.EmbedUrl = embeddingReport.EmbedUrl;
config.Id = embeddingReport.Id;
return(config);
}
}
}
catch (Exception e)
{
Console.WriteLine(e);
throw;
}
return(null);
}
public async Task <ActionResult> OnGetAsync()
{
var result = await authorizationService.AuthorizeAsync(HttpContext.User, RoleName.SysAdmin);
var usr = await userManager.FindByNameAsync(HttpContext.User.Identity.Name);
bool ok = await userManager.IsInRoleAsync(usr, RoleName.SysAdmin);
string username = null;
string roles = null;
Input = new EmbedConfig();
try
{
Input = new EmbedConfig {
Username = username, Roles = roles
};
var error = GetWebConfigErrors();
if (error != null)
{
Input.ErrorMessage = error;
return(Page());
}
// Create a user password cradentials.
//var credential = new UserPasswordCredential(pbiSettings.Username, pbiSettings.Password);
//// Authenticate using created credentials
//var authenticationContext = new AuthenticationContext(pbiSettings.AuthorityUrl);
//var authenticationResult = await authenticationContext.AcquireTokenAsync(pbiSettings.ResourceUrl, pbiSettings.ApplicationId, credential);
//https://community.powerbi.com/t5/Developer/Embed-Power-BI-dashboard-in-ASP-Net-core/m-p/284314#M8436
var authenticationResult = await AuthenticateAsync();
if (authenticationResult == null)
{
Input.ErrorMessage = "Authentication Failed.";
return(Page());
}
var tokenCredentials = new TokenCredentials(authenticationResult.AccessToken, "Bearer");
// Create a Power BI Client object. It will be used to call Power BI APIs.
using (var client = new PowerBIClient(new Uri(pbiSettings.ApiUrl), tokenCredentials, new DelegatingHandler[0]))
{
// Get a list of reports.
var reports = await client.Reports.GetReportsInGroupAsync(pbiSettings.WorkspaceId);
// No reports retrieved for the given workspace.
if (reports.Value.Count() == 0)
{
Input.ErrorMessage = "No reports were found in the workspace";
return(Page());
}
Report report;
if (string.IsNullOrWhiteSpace(pbiSettings.ReportId))
{
// Get the first report in the workspace.
report = reports.Value.FirstOrDefault();
}
else
{
report = reports.Value.FirstOrDefault(r => r.Id == pbiSettings.ReportId);
}
if (report == null)
{
Input.ErrorMessage = "No report with the given ID was found in the workspace. Make sure ReportId is valid.";
return(Page());
}
var datasets = await client.Datasets.GetDatasetByIdInGroupAsync(pbiSettings.WorkspaceId, report.DatasetId);
Input.IsEffectiveIdentityRequired = datasets.IsEffectiveIdentityRequired;
Input.IsEffectiveIdentityRolesRequired = datasets.IsEffectiveIdentityRolesRequired;
GenerateTokenRequest generateTokenRequestParameters;
// This is how you create embed token with effective identities
if (!string.IsNullOrWhiteSpace(username))
{
var rls = new EffectiveIdentity(username, new List <string> {
report.DatasetId
});
if (!string.IsNullOrWhiteSpace(roles))
{
var rolesList = new List <string>();
rolesList.AddRange(roles.Split(','));
rls.Roles = rolesList;
}
// Generate Embed Token with effective identities.
generateTokenRequestParameters = new GenerateTokenRequest(accessLevel: "view", identities: new List <EffectiveIdentity> {
rls
});
}
else
{
// Generate Embed Token for reports without effective identities.
generateTokenRequestParameters = new GenerateTokenRequest(accessLevel: "view");
}
var tokenResponse = await client.Reports.GenerateTokenInGroupAsync(pbiSettings.WorkspaceId, report.Id, generateTokenRequestParameters);
if (tokenResponse == null)
{
Input.ErrorMessage = "Failed to generate embed token.";
return(Page());
}
// Generate Embed Configuration.
Input.EmbedToken = tokenResponse;
Input.EmbedUrl = report.EmbedUrl;
Input.Id = report.Id;
return(Page());
}
}
catch (HttpOperationException exc)
{
Input.ErrorMessage = string.Format("Status: {0} ({1})\r\nResponse: {2}\r\nRequestId: {3}", exc.Response.StatusCode, (int)exc.Response.StatusCode, exc.Response.Content, exc.Response.Headers["RequestId"].FirstOrDefault());
}
catch (Exception exc)
{
Input.ErrorMessage = exc.ToString();
}
return(Page());
}
public static ReportWithRlsEmbeddingData GetReportWithRlsEmbeddingData()
{
var userName = "******";
PowerBIClient pbiClient = TokenManager.GetPowerBiClient();
var report = pbiClient.Reports.GetReportInGroup(workspaceId, reportWithRlsId);
var datasetId = report.DatasetId;
var embedUrl = report.EmbedUrl;
var reportName = report.Name;
Console.WriteLine("Getting RLS-enabled embed tokens");
GenerateTokenRequest tokenRequestAllData =
new GenerateTokenRequest(accessLevel: "view",
identities: new List <EffectiveIdentity> {
new EffectiveIdentity(username: userName,
datasets: new List <string> {
datasetWithRlsId.ToString()
},
roles: new List <string> {
"Admin"
})
});
string embedTokenAllData = pbiClient.Reports.GenerateTokenInGroup(workspaceId, reportWithRlsId, tokenRequestAllData).Token;
EffectiveIdentity identityWesternSales = new EffectiveIdentity(username: userName, roles: new List <string> {
"Western Region"
}, datasets: new List <string> {
datasetWithRlsId.ToString()
});
GenerateTokenRequest tokenRequestWesternSales = new GenerateTokenRequest("view", null, identities: new List <EffectiveIdentity> {
identityWesternSales
});
string embedTokenWesternSales = pbiClient.Reports.GenerateTokenInGroup(workspaceId, report.Id, tokenRequestWesternSales).Token;
EffectiveIdentity identityCentralSales = new EffectiveIdentity(username: userName, roles: new List <string> {
"Central Region"
}, datasets: new List <string> {
datasetWithRlsId.ToString()
});
GenerateTokenRequest tokenRequestCentralSales = new GenerateTokenRequest(accessLevel: "view", datasetId: datasetId, identities: new List <EffectiveIdentity> {
identityCentralSales
});
string embedTokenCentralSales = pbiClient.Reports.GenerateTokenInGroup(workspaceId, report.Id, tokenRequestCentralSales).Token;
EffectiveIdentity identityEasternSales = new EffectiveIdentity(userName, roles: new List <string> {
"Eastern Region"
}, datasets: new List <string> {
datasetWithRlsId.ToString()
});
GenerateTokenRequest tokenRequestEasternSales = new GenerateTokenRequest(accessLevel: "view", datasetId: datasetId, identities: new List <EffectiveIdentity> {
identityEasternSales
});
string embedTokenEasternSales = pbiClient.Reports.GenerateTokenInGroup(workspaceId, report.Id, tokenRequestEasternSales).Token;
EffectiveIdentity identityCombo = new EffectiveIdentity(userName, roles: new List <string> {
"Central Region", "Eastern Region"
}, datasets: new List <string> {
datasetWithRlsId.ToString()
});
GenerateTokenRequest tokenRequestCombo = new GenerateTokenRequest(accessLevel: "view", datasetId: datasetId, identities: new List <EffectiveIdentity> {
identityCombo
});
string embedTokenCombo = pbiClient.Reports.GenerateTokenInGroup(workspaceId, report.Id, tokenRequestCombo).Token;
return(new ReportWithRlsEmbeddingData {
reportId = report.Id.ToString(),
reportName = reportName,
embedUrl = embedUrl,
embedTokenAllData = embedTokenAllData,
embedTokenWesternSales = embedTokenWesternSales,
embedTokenCentralSales = embedTokenCentralSales,
embedTokenEasternSales = embedTokenEasternSales,
embedTokenCombo = embedTokenCombo
});
}
public async Task <ActionResult> EmbedReport(string username, string roles, string token)
{
var result = new EmbedConfig();
try
{
if (String.IsNullOrEmpty(token))
{
result.ErrorMessage = "you are not authorized no token was found";
return(View("Error", result));
}
System.IdentityModel.Tokens.Jwt.JwtSecurityToken jwtToken;
if (CustomValidation.ValidateToken(token, out jwtToken))
{
var claims = jwtToken.Claims.Cast <System.Security.Claims.Claim>().ToList();
var campaignId = claims.FirstOrDefault(x => x.Type == "CampaignId");
var languageId = claims.FirstOrDefault(x => x.Type == "LanguageId");
// if the data is not inside the token
if (campaignId == null || languageId == null)
{
Environment.Exit(0);
}
Console.WriteLine($"CampaignId: {campaignId.Value}");
Console.WriteLine($"LanguageId: {languageId.Value}");
var ReportInfo = dbConnector.GetReportInfo(int.Parse(campaignId.Value), languageId.Value);
if (ReportInfo == null)
{
result.ErrorMessage = "No Report was created for this campaign";
return(View("Error", result));
}
result = new EmbedConfig {
Username = username, Roles = roles
};
var error = GetWebConfigErrors();
if (error != null)
{
result.ErrorMessage = error;
return(View(result));
}
// Create a user password cradentials.
var credential = new UserPasswordCredential(Username, Password);
// Authenticate using created credentials
var authenticationContext = new AuthenticationContext(AuthorityUrl);
var authenticationResult = await authenticationContext.AcquireTokenAsync(ResourceUrl, ApplicationId, credential);
if (authenticationResult == null)
{
result.ErrorMessage = "Authentication Failed.";
return(View(result));
}
var tokenCredentials = new TokenCredentials(authenticationResult.AccessToken, "Bearer");
// Create a Power BI Client object. It will be used to call Power BI APIs.
using (var client = new PowerBIClient(new Uri(ApiUrl), tokenCredentials))
{
//Refresh Dataset befaure calling reports (limitation 8 refersh for Pro account)
// object result_ds = client.Datasets.RefreshDataset(WorkspaceId, DatasetKey);
// Get a list of reports.
var reports = await client.Reports.GetReportsInGroupAsync(WorkspaceId);
// No reports retrieved for the given workspace.
if (reports.Value.Count() == 0)
{
result.ErrorMessage = "No reports were found in the workspace";
return(View(result));
}
Report report;
if (string.IsNullOrWhiteSpace(ReportInfo.ReportId))
{
// Get the first report in the workspace.
report = reports.Value.FirstOrDefault();
}
else
{
report = reports.Value.FirstOrDefault(r => r.Id == ReportInfo.ReportId);
}
if (report == null)
{
result.ErrorMessage = "No report with the given ID was found in the workspace. Make sure ReportId is valid.";
return(View(result));
}
var datasets = await client.Datasets.GetDatasetByIdInGroupAsync(WorkspaceId, report.DatasetId);
result.IsEffectiveIdentityRequired = datasets.IsEffectiveIdentityRequired;
result.IsEffectiveIdentityRolesRequired = datasets.IsEffectiveIdentityRolesRequired;
GenerateTokenRequest generateTokenRequestParameters;
// This is how you create embed token with effective identities
if (!string.IsNullOrWhiteSpace(username))
{
var rls = new EffectiveIdentity(username, new List <string> {
report.DatasetId
});
if (!string.IsNullOrWhiteSpace(roles))
{
var rolesList = new List <string>();
rolesList.AddRange(roles.Split(','));
rls.Roles = rolesList;
}
// Generate Embed Token with effective identities.
generateTokenRequestParameters = new GenerateTokenRequest(accessLevel: "view", identities: new List <EffectiveIdentity> {
rls
});
}
else
{
// Generate Embed Token for reports without effective identities.
generateTokenRequestParameters = new GenerateTokenRequest(accessLevel: "view");
}
var tokenResponse = await client.Reports.GenerateTokenInGroupAsync(WorkspaceId, report.Id, generateTokenRequestParameters);
if (tokenResponse == null)
{
result.ErrorMessage = "Failed to generate embed token.";
return(View(result));
}
// Generate Embed Configuration.
result.EmbedToken = tokenResponse;
result.EmbedUrl = report.EmbedUrl;
result.Id = report.Id;
result.CampaignId = int.Parse(campaignId.Value);
return(View(result));
}
}
}
catch (HttpOperationException exc)
{
result.ErrorMessage = string.Format("Status: {0} ({1})\r\nResponse: {2}\r\nRequestId: {3}", exc.Response.StatusCode, (int)exc.Response.StatusCode, exc.Response.Content, exc.Response.Headers["RequestId"].FirstOrDefault());
}
catch (Exception exc)
{
result.ErrorMessage = exc.ToString();
}
return(View("Error"));
}
public async Task <bool> EmbedReport(string username, string roles)
{
// Get token credentials for user
var getCredentialsResult = await GetTokenCredentials();
if (!getCredentialsResult)
{
// The error message set in GetTokenCredentials
return(false);
}
try
{
// Create a Power BI Client object. It will be used to call Power BI APIs.
using (var client = new PowerBIClient(new Uri(ApiUrl), m_tokenCredentials))
{
// Get a list of reports.
var reports = await client.Reports.GetReportsInGroupAsync(WorkspaceId);
// No reports retrieved for the given workspace.
if (reports.Value.Count() == 0)
{
m_embedConfig.ErrorMessage = "No reports were found in the workspace";
return(false);
}
Report report;
if (string.IsNullOrWhiteSpace(ReportId))
{
// Get the first report in the workspace.
report = reports.Value.FirstOrDefault();
}
else
{
report = reports.Value.FirstOrDefault(r => r.Id.Equals(ReportId, StringComparison.InvariantCultureIgnoreCase));
}
if (report == null)
{
m_embedConfig.ErrorMessage = "No report with the given ID was found in the workspace. Make sure ReportId is valid.";
return(false);
}
var datasets = await client.Datasets.GetDatasetByIdInGroupAsync(WorkspaceId, report.DatasetId);
m_embedConfig.IsEffectiveIdentityRequired = datasets.IsEffectiveIdentityRequired;
m_embedConfig.IsEffectiveIdentityRolesRequired = datasets.IsEffectiveIdentityRolesRequired;
GenerateTokenRequest generateTokenRequestParameters;
// This is how you create embed token with effective identities
if (!string.IsNullOrWhiteSpace(username))
{
var rls = new EffectiveIdentity(username, new List <string> {
report.DatasetId
});
if (!string.IsNullOrWhiteSpace(roles))
{
var rolesList = new List <string>();
rolesList.AddRange(roles.Split(','));
rls.Roles = rolesList;
}
// Generate Embed Token with effective identities.
generateTokenRequestParameters = new GenerateTokenRequest(accessLevel: "view", identities: new List <EffectiveIdentity> {
rls
});
}
else
{
// Generate Embed Token for reports without effective identities.
generateTokenRequestParameters = new GenerateTokenRequest(accessLevel: "view");
}
var tokenResponse = await client.Reports.GenerateTokenInGroupAsync(WorkspaceId, report.Id, generateTokenRequestParameters);
if (tokenResponse == null)
{
m_embedConfig.ErrorMessage = "Failed to generate embed token.";
return(false);
}
// Generate Embed Configuration.
m_embedConfig.EmbedToken = tokenResponse;
m_embedConfig.EmbedUrl = report.EmbedUrl;
m_embedConfig.Id = report.Id;
}
}
catch (HttpOperationException exc)
{
m_embedConfig.ErrorMessage = string.Format("Status: {0} ({1})\r\nResponse: {2}\r\nRequestId: {3}", exc.Response.StatusCode, (int)exc.Response.StatusCode, exc.Response.Content, exc.Response.Headers["RequestId"].FirstOrDefault());
return(false);
}
return(true);
}
public async Task <bool> EmbedReport(string username, string roles)
{
m_embedConfig.Trace(this, "EmbedReport called. Getting token credentials from SharePoint", 2);
// Get token credentials for user
var getCredentialsResult = await GetTokenCredentials();
if (!getCredentialsResult)
{
m_embedConfig.Trace(this, "Failure to get token credentials.", 4);
// The error message set in GetTokenCredentials
return(false);
}
else
{
m_embedConfig.Trace(this, $"Credentials received successfully. Username: {m_embedConfig.Username ?? "UNDEFINED"}, Token Id: {m_embedConfig.EmbedToken?.TokenId ?? "UNDEFINED"}", 4);
}
try
{
m_embedConfig.Trace(this, $"Creating a PowerBi Client for '{ApiUrl ?? "UNDEFINED"}' with token for Caller: {m_tokenCredentials.CallerId ?? "UNDEFINED"} / Tenant: {m_tokenCredentials.TenantId ?? "UNDEFINED"}", 2);
// Create a Power BI Client object. It will be used to call Power BI APIs.
using (var client = new PowerBIClient(new Uri(ApiUrl), m_tokenCredentials))
{
m_embedConfig.Trace(this, $"Created a PowerBi Client for '{ApiUrl ?? "UNDEFINED"}' with token for Caller: {m_tokenCredentials.CallerId ?? "UNDEFINED"} / Tenant: {m_tokenCredentials.TenantId ?? "UNDEFINED"}", 4);
m_embedConfig.Trace(this, $"Query the PowerBi environment for all reports for workspace {WorkspaceId ?? "UNDEFINED"}", 4);
// Get a list of reports.
var reports = await client.Reports.GetReportsInGroupAsync(WorkspaceId);
// No reports retrieved for the given workspace.
if (reports.Value.Count() == 0)
{
m_embedConfig.Trace(this, $"UNEXPECTED - No reports were found (or accessible) in {WorkspaceId ?? "UNDEFINED"}. Abort processing", 6);
m_embedConfig.ErrorMessage = "No reports were found in the workspace";
return(false);
}
Report report;
if (string.IsNullOrWhiteSpace(ReportId))
{
m_embedConfig.Trace(this, $"No report id was configured. Attempt to select the first available report in {WorkspaceId}", 6);
// Get the first report in the workspace.
report = reports.Value.FirstOrDefault();
m_embedConfig.Trace(this, $"First report found: { (report != null ? report.Name : "UNDEFINED") }", 6);
}
else
{
m_embedConfig.Trace(this, $"Report Id configured: {ReportId ?? "UNDEFINED"}. Attempt to find this in {WorkspaceId ?? "UNDEFINED"}", 6);
report = reports.Value.FirstOrDefault(r => r.Id.Equals(ReportId, StringComparison.InvariantCultureIgnoreCase));
m_embedConfig.Trace(this, $"First report found: { (report != null ? report.Name : "UNDEFINED")}", 6);
}
if (report == null)
{
m_embedConfig.Trace(this, $"No report was found. Abort further processing.", 6);
m_embedConfig.ErrorMessage = "No report with the given ID was found in the workspace. Make sure ReportId is valid.";
return(false);
}
m_embedConfig.Trace(this, $"Report found. Attempt to get dataset specifics for this report's dataset {report.DatasetId ?? "UNDEFINED"}", 4);
var datasets = await client.Datasets.GetDatasetByIdInGroupAsync(WorkspaceId, report.DatasetId);
m_embedConfig.Trace(this, $"Dataset group found, name: {(datasets != null ? datasets.Name : "UNDEFINED")}", 4);
m_embedConfig.Trace(this, $"Dataset group properties: IsEffectiveEntityRequired = {datasets.IsEffectiveIdentityRequired}, IsEffectiveIdentityRolesRequired = {datasets.IsEffectiveIdentityRolesRequired}", 4);
m_embedConfig.IsEffectiveIdentityRequired = datasets.IsEffectiveIdentityRequired;
m_embedConfig.IsEffectiveIdentityRolesRequired = datasets.IsEffectiveIdentityRolesRequired;
GenerateTokenRequest generateTokenRequestParameters;
// This is how you create embed token with effective identities
//Changed username to the service principal to allow the access to AAS based on the service principal, I used the client_id here of the powerbidemo sp:
username = "******";
m_embedConfig.Trace(this, $"Generating token request parameters for dataset = {report.DatasetId ?? "UNDEFINED"}, for User = {username ?? "UNDEFINED"}, with Roles = {roles ?? "UNDEFINED"}", 4);
if (!string.IsNullOrWhiteSpace(username))
{
//TODO we have to fill the custom properties field with the username (e-mail or client_id) to use RLS
//
var rls = new EffectiveIdentity(username, new List <string> {
report.DatasetId
});
if (!string.IsNullOrWhiteSpace(roles))
{
var rolesList = new List <string>();
rolesList.AddRange(roles.Split(','));
rls.Roles = rolesList;
}
rls.CustomData = "*****@*****.**";
// Generate Embed Token with effective identities.
m_embedConfig.Trace(this, $"Generating token request after username is set, dataset = {report.DatasetId ?? "UNDEFINED"}, for User = {username ?? "UNDEFINED"}, with Roles = {roles ?? "UNDEFINED"}", 4);
generateTokenRequestParameters = new GenerateTokenRequest(accessLevel: "view", identities: new List <EffectiveIdentity> {
rls
});
//The report without RLS defined should use the the identity withour the Effective identity.
//generateTokenRequestParameters = new GenerateTokenRequest(accessLevel: "view");
}
else
{
// Generate Embed Token for reports without effective identities.
generateTokenRequestParameters = new GenerateTokenRequest(accessLevel: "view");
}
m_embedConfig.Trace(this, $"Generating token response for report", 2);
var tokenResponse = await client.Reports.GenerateTokenInGroupAsync(WorkspaceId, report.Id, generateTokenRequestParameters);
if (tokenResponse == null)
{
m_embedConfig.Trace(this, $"UNEXPECTED - Generating token respose for report did not yield results", 4);
m_embedConfig.ErrorMessage = "Failed to generate embed token.";
return(false);
}
// Generate Embed Configuration.
m_embedConfig.EmbedToken = tokenResponse;
m_embedConfig.EmbedUrl = report.EmbedUrl;
m_embedConfig.Id = report.Id;
}
}
catch (HttpOperationException exc)
{
m_embedConfig.Trace(this, $"HttpOperationException received. Message: {exc.Message}, StackTrace: {exc.StackTrace}", 2);
m_embedConfig.ErrorMessage = string.Format("Status: {0} ({1})\r\nResponse: {2}\r\nRequestId: {3}", exc.Response.StatusCode, (int)exc.Response.StatusCode, exc.Response.Content, exc.Response.Headers["RequestId"].FirstOrDefault());
return(false);
}
return(true);
}
