Skip to main content
cancel
Showing results for 
Search instead for 
Did you mean: 

Earn a 50% discount on the DP-600 certification exam by completing the Fabric 30 Days to Learn It challenge.

Reply
jakob82
Frequent Visitor

Embedding Power BI Report Server reports with iframe - is it safe?

Hi

 

I wonder if it is recommended to use iframe when embedding reports from Power BI Report Server to our Blazor WASM application? I have always heard that you should avoid using iframes, but from what i understand, iframes are the only alternative? What are the guidelines? Is it possible to refer to some Microsoft documentation that says it is secure?

 

Thanks 

3 REPLIES 3
lbendlin
Super User
Super User

iframes will not give your users a seamless authentication experience and will not allow your hosting application to transfer context over (you can mitigate that somewhat with report URL filters.

 

The standard way would be to use full Power BI embedded (in your  case "user owns data") but I don't how how that applies to PBIRS.

 

Power BI embedded analytics overview - Power BI | Microsoft Learn

Thanks for answer!

 

Both PBIRS and the web application we implelemnt the iframe from are internal systems, and will not communicate outside the organisation. It seems like the authentication works fine with iframe and PBIRS.. 

Using iframes are the only option with PBIRS, it does not support the same embedding options as the cloud service. I think that one of the big concerns with iframes are XSS attacks, but since PBIRS does not store and render unvalidated user data I *think* the attack vectors are limited there. For example I am not aware of any way that a user could enter javascript into a report parameter and have that execute so that it could do malicious things on the host site.

Helpful resources

Announcements
LearnSurvey

Fabric certifications survey

Certification feedback opportunity for the community.

Top Solution Authors
Top Kudoed Authors