My main goal is to display a PowerBI report within an older website built with the .NET Framework 4.0. There are a few considerations:
The PowerBI report needs to be visible and interactive, but we need to hide the original link URL.
The PowerBI report was shared using the public URL method (so anyone with the link can access the project). It was created this way, rather than using the secure sharing method, as it requires a PowerBI account to view it. Therefore, we want to display the information but restrict full access to the report.
It currently works with the public URL, but it presents a serious security issue: the URL is exposed in the HTML src attribute.
The main issue is that the src URL displayed in the web development tools cannot be hidden or cleared, so the next step was to implement a proxy to hide the actual URL.
I created another project to properly test it and decided to create a proxy service that would redirect the original request to my target site to avoid displaying the actual PowerBI URL, which contains sensitive data.
<!DOCTYPE html>
<html lang="es">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Amazing Title</title>
<link rel="stylesheet" href="styles.css">
<script src="https://code.jquery.com/jquery-3.6.0.min.js"></script>
</head>
<body>
<header style="height: 3em;">
<h1>PowerBI Report</h1>
</header>
<div class="iframe-container" style="width: 100%; height: 52em;">
<iframe
id="inlineFrameExample"
title="Inline Frame Example"
width="100%"
height="100%"
src="">
</iframe>
</div>
<footer>
<p>© 2023 CLF.</p>
</footer>
<script src="script.js"></script>
</body>
</html>
$(document).ready(function () {
var url = 'https://localhost:7103/api/powerbi/report';
$('#inlineFrameExample').attr('src', url);
});
And this is my new Proxy Service:
[ApiController]
[Route("api/powerbi")]
public class ProxyController : ControllerBase
{
private readonly IHttpClientFactory _httpClientFactory;
public ProxyController(IHttpClientFactory httpClientFactory)
{
_httpClientFactory = httpClientFactory;
}
[HttpGet("report")]
public async Task<IActionResult> GetPowerBIReport()
{
var client = _httpClientFactory.CreateClient();
var powerBIUrl = "https://app.powerbi.com/view?r=TheUrlThatIWantToHide";
var response = await client.GetAsync(powerBIUrl);
if (!response.IsSuccessStatusCode)
{
return StatusCode((int)response.StatusCode, "Error");
}
var contentType = response.Content.Headers.ContentType?.ToString() ?? "text/html";
var content = await response.Content.ReadAsStreamAsync();
return File(content, contentType);
}
}
So now I’m facing the following issues:
#First: Millions of failed requests trying to search hash-manifest.js. At first, I thought this is happening because it’s trying to load resources from the website and can’t due to the proxy service implementation.
This makes a lot of sense, although I have my doubts about emulating that behavior, considering the security risk that doing so can present.
image-MultipleErrorLogs
#Second: When I visit the URL https://localhost:7103/api/powerbi/report (the URL of my service that should return the content of the actual PowerBI URL), it starts reloading infinitely, and the URL changes to https://localhost:7103/api/powerbi/report?disablecdnExpiration=1744249594, with the disablednExpiration number constantly changing.
I thought it was an anti-proxy or something similar, but I’m not sure. What I do see is that the service is making so many requests per second that it even crashes on some frames, and the PowerBI page says Too Many Requests.
image-DirectProxyServiceUrl
I’m trying to fix this, but I’m stuck.