身份验证拒绝显示内部iframe与MVC应用
我创建了一个MVC应用程序,在主页中,我有一个Power BI仪表板报告,因此我在Index操作中配置了Power BI和Azure AD配置,一旦调用了Index操作,它将验证身份验证和重定向到重定向操作方法。在该方法中,已验证身份验证并调用Power BI操作方法并显示报告。
该报告在页面中工作正常,但在将其设置为Iframe时,它无效并显示以下错误。
首页索引操作:
public ActionResult Index()
{
var @params = new NameValueCollection
{
//Azure AD will return an authorization code.
//See the Redirect class to see how "code" is used to AcquireTokenByAuthorizationCode
{"response_type", "code"},
//Client ID is used by the application to identify themselves to the users that they are requesting permissions from.
//You get the client id when you register your Azure app.
{"resource", "https://analysis.windows.net/powerbi/api"},
{"redirect_uri", "xxxx/home/Redirect."}
};
//Create sign-in query string
var queryString = HttpUtility.ParseQueryString(string.Empty);
queryString.Add(@params);
string authorityUri = "https://login.windows.net/common/oauth2/authorize/";
var authUri = String.Format("{0}?{1}", authorityUri, queryString);
ViewBag.authUri = authUri;
return View();
}
重定向操作方法:
public async Task<ActionResult> Redirect()
{
string code = Request.Params["code"];
if (code != null)
{
AuthenticationContext AC = new AuthenticationContext("https://login.windows.net/common/oauth2/authorize", TC);
ClientCredential cc = new ClientCredential("xxxxx", "xxxxxxx");
AuthenticationResult AR = await AC.AcquireTokenByAuthorizationCodeAsync(code, new Uri("http://localhost:43333/home/redirect"), cc);
//Set Session "authResult" index string to the AuthenticationResult
Session["authResult"] = AR;
} else {
//Remove Session "authResult"
Session["authResult"] = null;
}
return RedirectToAction("POWERBI", "Home");
}
Power BI行动:
public async Task<ActionResult> POWERBI()
{
AuthenticationResult authResult;
authResult = (AuthenticationResult)Session["authResult"];
var token = authResult.AccessToken;
ViewBag.Token = token;
var tokenCredentials = new TokenCredentials(token, "Bearer");
// Create a Power BI Client object. It will be used to call Power BI APIs.
using (var client = new PowerBIClient(new Uri(ApiUrl), tokenCredentials))
{
// Get a list of dashboards.
var dashboards = await client.Dashboards.GetDashboardsInGroupAsync(GroupId);
// Get the first report in the group.
var dashboard = dashboards.Value.FirstOrDefault();
//var dashboard = dashboards.Value.Where(w => w.Id == "DashboardId");
if (dashboard == null)
{
return View(new EmbedConfig()
{
ErrorMessage = ""
});
}
// Generate Embed Token.
var generateTokenRequestParameters = new GenerateTokenRequest(accessLevel: "view");
var tokenResponse = await client.Dashboards.GenerateTokenInGroupAsync(GroupId, dashboard.Id, generateTokenRequestParameters);
if (tokenResponse == null)
{
return View(new EmbedConfig()
{
ErrorMessage = "."
});
}
// Generate Embed Configuration.
var embedConfig = new EmbedConfig()
{
EmbedToken = tokenResponse,
EmbedUrl = dashboard.EmbedUrl,
Id = dashboard.Id
};
return View(embedConfig);
}
}
在iframe中的主页视图中:
<iframe src="@Url.Action("Index", "Home")" class="col-lg-12 col-md-12 col-sm-12" height="450"> </iframe>
注意: - 没有Iframe,功能正常。 - 在iframe中显示报告时出现问题。
错误:
拒绝在iframe中显示网址,因为它将X-frame-options设置为拒绝
1 个答案:
答案 0 :(得分:1)
错误消息表示您尝试引入网站的<iframe src>不允许将其托管在iframe中。它正在发送响应头:
X-Frame-Options: DENY
浏览器阻止了框架。主机页面正在执行此操作以阻止cross-frame scripting attacks。
相关问题
最新问题
- 我写了这段代码,但我无法理解我的错误
- 我无法从一个代码实例的列表中删除 None 值,但我可以在另一个实例中。为什么它适用于一个细分市场而不适用于另一个细分市场?
- 是否有可能使 loadstring 不可能等于打印?卢阿
- java中的random.expovariate()
- Appscript 通过会议在 Google 日历中发送电子邮件和创建活动
- 为什么我的 Onclick 箭头功能在 React 中不起作用?
- 在此代码中是否有使用“this”的替代方法?
- 在 SQL Server 和 PostgreSQL 上查询,我如何从第一个表获得第二个表的可视化
- 每千个数字得到
- 更新了城市边界 KML 文件的来源?