Check your eligibility for this 50% exam voucher offer and join us for free live learning sessions to get prepared for Exam DP-700.
Get StartedDon't miss out! 2025 Microsoft Fabric Community Conference, March 31 - April 2, Las Vegas, Nevada. Use code MSCUST for a $150 discount. Prices go up February 11th. Register now.
Hi
I wonder if it is recommended to use iframe when embedding reports from Power BI Report Server to our Blazor WASM application? I have always heard that you should avoid using iframes, but from what i understand, iframes are the only alternative? What are the guidelines? Is it possible to refer to some Microsoft documentation that says it is secure?
Thanks
iframes will not give your users a seamless authentication experience and will not allow your hosting application to transfer context over (you can mitigate that somewhat with report URL filters.
The standard way would be to use full Power BI embedded (in your case "user owns data") but I don't how how that applies to PBIRS.
Power BI embedded analytics overview - Power BI | Microsoft Learn
Thanks for answer!
Both PBIRS and the web application we implelemnt the iframe from are internal systems, and will not communicate outside the organisation. It seems like the authentication works fine with iframe and PBIRS..
Using iframes are the only option with PBIRS, it does not support the same embedding options as the cloud service. I think that one of the big concerns with iframes are XSS attacks, but since PBIRS does not store and render unvalidated user data I *think* the attack vectors are limited there. For example I am not aware of any way that a user could enter javascript into a report parameter and have that execute so that it could do malicious things on the host site.
March 31 - April 2, 2025, in Las Vegas, Nevada. Use code MSCUST for a $150 discount!
Check out the January 2025 Power BI update to learn about new features in Reporting, Modeling, and Data Connectivity.
User | Count |
---|---|
2 | |
1 | |
1 | |
1 | |
1 |