Access odata within same domain using cookie authentication policy in .net core 3.1 project

[sumo]

Hi there,

When using the Stimulsoft Web Designer I cannot see the data from my Odata api (accessed within same domain) unless I remove [Authorize] from my Controller titled 'SitesController'.
I have a .net core 3.1 web application using 'Individual User Account' Authentication, which was selected using the visual studio 2019 wizard on project creation.
I've also implemented Microsoft.AspNetCore.OData.

With [Authorize] implemented on the SitesController, I've launched the site and correctly logged in and I can also see my odata response correctly coming back.
browser request
http://localhost:61096/odata/
response
{"@odata.context":"http://localhost:61096/odata/$metadata","value":[{"name":"Sites","kind":"EntitySet","url":"Sites"}]}

browser request
http://localhost:61096/odata/sites
response
{"@odata.context":"http://localhost:61096/odata/$metadata#Sites","value":[{"SiteId":6,"SiteName":"SiteOne","CompanyId":1,"SiteUUId":"6","LogoSmall":null,"LogoMedium":null,"LogoLarge":null,"IsDeleted":null,"Created":null,"CreatedBy":null,"Modified":null,"ModifiedBy":null}]}

I have copied your DesignerController and View.Designer from one of your example .net core applications and have only added [Authorise] to the Controller so that the designer receives the required authentication cookies.
[Authorize]
public class DesignerController : Controller

If I access http://localhost:61096/designer/ the stimulsoft web report designer displays correctly and I can see it is using the same authentication cookies as http://localhost:61096.
I start a new report > create a new data source > odata > use http://localhost:61096/odata/ as the connection string > then click OK
I then select Tables which auto selects its child Sites, plus all of the available fields under Sites this bit seems to work okay.
If I right mouse click Sites (under Dictionary) and click view data, a new browser window pops open but it is blank.
If I drag Sites from the datasouce onto the report, select a couple of fields which have data and preview, no data is shown in the preview.

I can confirm that the same Authentication cookies used for http://localhost:61096/ are also used in http://localhost:61096/designer and http://localhost:61096/odata/sites

If I comment out [Authorize] on my SitesController, I can then see data show up as required, although this is not ideal as I need Authentication.
Have I done something incorrectly or have I missed something?

Also, after creating and testing data sources, how do I clear the Recent connections in the 'Select Type of Connection' screen? This list keeps growing and is confusing after a while?

[Lech Kulikowski]

Hello,

We need some additional time to investigate the issue, we will let you know about the result.

Thank you.
#2782

[sumo]

I can confirm with Telerik fiddler that http request from the Stimulsoft Web Designer does not include the Authorization cookies, which are required by the Controller with the [Authorize] attribute.
Is there any way I can add "withCredentials = true;'" to the stimulsoft ajax request for my odata api?

Cheers.

[Lech Kulikowski]

Hello,

"This list keeps growing and is confusing after a while?"

You can remove from coockies:
""StimulsoftMobileDesignerRecentConnections""

Thank you.

[sumo]

Any news on this?
I'm happy to pursue another type of authorization like a token based api etc if that is supported. I cannot find any information about on this in your online documentation.
Here the odata doco I found on your site.
https://www.stimulsoft.com/en/documenta ... bjects.htm

Basically I need to access a restful api that is secured on the same domain with the stimulsoft designer and viewer.

[Lech Kulikowski]

Hello,

We are working on the problem. We will let you know when the solution is available.

Thank you.

[Lech Kulikowski]

Hello,

The issue is fixed. The fix will be available in the next release build.

Thank you.