March 31 - April 2, 2025, in Las Vegas, Nevada. Use code MSCUST for a $150 discount! Early bird discount ends December 31.
Register NowBe one of the first to start using Fabric Databases. View on-demand sessions with database experts and the Microsoft product team to learn just how easy it is to get started. Watch now
Hi
I wonder if it is recommended to use iframe when embedding reports from Power BI Report Server to our Blazor WASM application? I have always heard that you should avoid using iframes, but from what i understand, iframes are the only alternative? What are the guidelines? Is it possible to refer to some Microsoft documentation that says it is secure?
Thanks
iframes will not give your users a seamless authentication experience and will not allow your hosting application to transfer context over (you can mitigate that somewhat with report URL filters.
The standard way would be to use full Power BI embedded (in your case "user owns data") but I don't how how that applies to PBIRS.
Power BI embedded analytics overview - Power BI | Microsoft Learn
Thanks for answer!
Both PBIRS and the web application we implelemnt the iframe from are internal systems, and will not communicate outside the organisation. It seems like the authentication works fine with iframe and PBIRS..
Using iframes are the only option with PBIRS, it does not support the same embedding options as the cloud service. I think that one of the big concerns with iframes are XSS attacks, but since PBIRS does not store and render unvalidated user data I *think* the attack vectors are limited there. For example I am not aware of any way that a user could enter javascript into a report parameter and have that execute so that it could do malicious things on the host site.
March 31 - April 2, 2025, in Las Vegas, Nevada. Use code MSCUST for a $150 discount!
User | Count |
---|---|
3 | |
2 | |
2 | |
1 | |
1 |
User | Count |
---|---|
4 | |
4 | |
4 | |
4 | |
3 |