Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Get Fabric certified for FREE! Don't miss your chance! Learn more

Reply
jakob82
Frequent Visitor

Embedding Power BI Report Server reports with iframe - is it safe?

‎02-24-2023 12:11 PM

Hi

 

I wonder if it is recommended to use iframe when embedding reports from Power BI Report Server to our Blazor WASM application? I have always heard that you should avoid using iframes, but from what i understand, iframes are the only alternative? What are the guidelines? Is it possible to refer to some Microsoft documentation that says it is secure?

 

Thanks 

Labels:
Message 1 of 4
1,962 Views
0
3 REPLIES 3
lbendlin
Super User
Super User

‎02-26-2023 05:47 AM

iframes will not give your users a seamless authentication experience and will not allow your hosting application to transfer context over (you can mitigate that somewhat with report URL filters.

 

The standard way would be to use full Power BI embedded (in your  case "user owns data") but I don't how how that applies to PBIRS.

 

Power BI embedded analytics overview - Power BI | Microsoft Learn

Message 2 of 4
1,867 Views
0
jakob82
Frequent Visitor
In response to lbendlin

‎02-27-2023 12:49 AM

Thanks for answer!

 

Both PBIRS and the web application we implelemnt the iframe from are internal systems, and will not communicate outside the organisation. It seems like the authentication works fine with iframe and PBIRS.. 

Message 3 of 4
1,839 Views
0
d_gosbell
Super User
Super User
In response to jakob82

‎02-28-2023 03:43 PM

Using iframes are the only option with PBIRS, it does not support the same embedding options as the cloud service. I think that one of the big concerns with iframes are XSS attacks, but since PBIRS does not store and render unvalidated user data I *think* the attack vectors are limited there. For example I am not aware of any way that a user could enter javascript into a report parameter and have that execute so that it could do malicious things on the host site.

Message 4 of 4
1,794 Views

Helpful resources

Announcements
Sticker Challenge 2026 Carousel

Join our Community Sticker Challenge 2026

If you love stickers, then you will definitely want to check out our Community Sticker Challenge!

January Power BI Update Carousel

Power BI Monthly Update - January 2026

Check out the January 2026 Power BI update to learn about new features.

FabCon Atlanta 2026 carousel

FabCon Atlanta 2026

Join us at FabCon Atlanta, March 16-20, for the ultimate Fabric, Power BI, AI and SQL community-led event. Save $200 with code FABCOMM.

View All