RE: Basic Authentication - Provide sign-in information

@bjrmatos We are using vue-resource in the background, though below is the function I use in the store for authentication.

async fetchCookie ({ commit }) {
    commit('startLoading', {})

    try {
      const formData = new FormData()
      formData.append('username', 'report')
      formData.append('password', 'report')

      const res = await VueInstance.$jsReport.cookie(formData)

      window.open(res.url.slice(0, res.url.lastIndexOf('/')))

    } catch (err) {
      VueInstance.$handleHttpError(err, false)
    } finally {
      commit('stopLoading', {})
    }
  }

Following the used part of the vue-resource code:

Vue.prototype.$jsReport = Vue.resource(`${host}/jsreport`, options, {
  assets: {
    method: 'GET',
    url: `${host}/jsreport/odata/assets`
  },
  cookie: {
    method: 'POST',
    url: `${host}/jsreport/login?returnUrl=%2Fjsreport`
  },
  data: ...
})

Your example is working flawlessly if I just use it as-is in a new html file and go from there, though it is not really usable in exactly that way for us since we want to explicilty avoid to prompt the user for a username and password and are using vuetify, vue-resource and vuex in the project.

Good day,

I have now tried to emulate the http request and as far as I can tell it should meet the requirements.
The server responds with a set-cookie in the header and it gets set. Though when I than navigate to the jsReport studio site, it still requires me to enter user and pw.

General:
Request URL: http://localhost:5488/jsreport/login?returnUrl=%2Fjsreport%2F
Request Method: POST
Status Code: 302 Found
Remote Address: [::1]:5488
Referrer Policy: strict-origin-when-cross-origin

Response Headers:
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: *
Connection: keep-alive
Content-Length: 57
Content-Type: text/plain; charset=utf-8
Date: Thu, 30 Sep 2021 15:27:12 GMT
Keep-Alive: timeout=5
Location: /jsreport/?returnUrl=%2Fjsreport%2F
Set-Cookie: session=ZIeNVp5FFqhSw7w1bAz2MA.6PaXendFvu6P9LXlmGSJkKLEGVwOAl8oS8eti5Ub4gw.1633015632346.315360000000.isWZJvgAS3TA_-NQ5vf31oBVpg6WaZcMpY4rMeJ5rko; path=/; expires=Sun, 28 Sep 2031 15:27:13 GMT; httponly
Vary: Accept
X-Powered-By: Express

Request Headers:
Accept: application/json, text/plain, /
Accept-Encoding: gzip, deflate, br
Accept-Language: de-DE,de;q=0.9,en-US;q=0.8,en;q=0.7
Connection: keep-alive
Content-Length: 246
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryOGA7OFWVzhRKc5t4
Host: localhost:5488
Origin: http://localhost:8080
Referer: http://localhost:8080/
sec-ch-ua: "Google Chrome";v="93", " Not;A Brand";v="99", "Chromium";v="93"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36

Query String Parameters:
returnUrl: %2Fjsreport%2F

Form Data:
username: report
password: report

Am I maybe still missing something for it work?

Thank you

Hello,

thank you very much for the outlook on a possible solution for this.

The HTTP post as far as I can tell requires one to send form data with the login information (username =user&password=pw) and a cookie in the request header to the URL "http://yourAddress/jsreport/login?returnUrl=%2Fjsreport%2F".

Returning a Set-Cookie in the Response header that should then allow me by just sending one over to the jsReport Url to skip the login.

Is that it?

Is there no one who can give a definite answer here?

With the Basic Authentication activated we create a set of templates and other entites on jsReport Server start up, including an additional user, that is intended to be used by the client when accessing the report studio to create their own templates.

The intention was, since we already would know the credetials for the pre-created user, to eliminate the need for a sign on when we send them over to the reporting studio from our UI.

Is there a built in way to achieve this using the Basic Authentication?
Or is there absolutely no way to avoid the login prompt?

Thanks for your time to answer my rather needless question.
Indeed you are right, saving is prohibited.

Using the authentication extension allows one to specify users per entity, that have read and/or edit access to it.

My question now would be, do I have a way to deny adding a new entity to a folder to which the user only has read permission?
Because currently only having read permission to a folder does not prevent one to create a new entity inside of it.

Thank you for pointing me in the direction of this extension. It completely slipped my mind apparently.

Is it possible to have single entities protected from user interaction?
For example, have a set of tags which can not be deleted via the studio?

The question arrises from the need to have an indication for each template which group it belongs to, so we can display the correct templates in different list views in an UI.

EDIT: We are currently using JSReport 2.11.0