Skip to main content

Authentication

The Reveal SDK allows you to provide various methods of authentication such as Username/Password and Bearer Token authentication credentials to your data sources by using an authentication provider and registering that provider with the Reveal SDK.

The authentication provider is used to check which data source is requesting authentication credentials, and then return the correct authentication credentials for that specific data source.

Step 1 - Create the authentication provider.

public class AuthenticationProvider: IRVAuthenticationProvider
{
    public Task<IRVDataSourceCredential> ResolveCredentialsAsync(IRVUserContext userContext, RVDashboardDataSource dataSource)
    {
        ...
    }
}

Step 2 - Register the authentication provider with the Reveal SDK.

builder.Services.AddControllers().AddReveal( builder =>
{
    builder.AddAuthenticationProvider<AuthenticationProvider>();
});

Username/Password Authentication

If your data source requires the use of a username and password, then you must return an instance of the RVUsernamePasswordDataSourceCredential class. The RVUsernamePasswordDataSourceCredential class provides constructor overloads to define the username, the password, and optionally the domain.

public class AuthenticationProvider: IRVAuthenticationProvider
{
    public Task<IRVDataSourceCredential> ResolveCredentialsAsync(IRVUserContext userContext, RVDashboardDataSource dataSource)
    {
        IRVDataSourceCredential userCredential = null;
        if (dataSource is RVPostgresDataSource)
        {
            userCredential = new RVUsernamePasswordDataSourceCredential("username", "password");
        }
        else if (dataSource is RVSqlServerDataSource)
        {
            userCredential = new RVUsernamePasswordDataSourceCredential("username", "password", "domain");
        }
        return Task.FromResult<IRVDataSourceCredential>(userCredential);
    }
}

If your data source is using an anonymous login, without authentication, you can use the RVUsernamePasswordDataSourceCredential with its empty constructor.

if (dataSource is RVSqlServerDataSource)
{
    userCredential = new RVUsernamePasswordDataSourceCredential();
}

The RVUsernamePasswordDataSourceCredential is supported for the following data sources:

  • Amazon Redshift
  • Microsoft Analysis Services Server
  • Microsoft Dynamics CRM (On-Premises and Online)
  • Microsoft SQL Server
  • MySQL
  • MariaDB
  • OData Services
  • Oracle
  • PostgreSQL
  • REST Services
  • Snowflake
  • Sybase
  • Web Resources

Bearer Token Authentication

If your data source requires the use of security tokens, then you must return an instance of the RVBearerTokenDataSourceCredential class. The RVBearerTokenDataSourceCredential class provides constructor overloads to define the token, and the user id.

public class AuthenticationProvider: IRVAuthenticationProvider
{
    public Task<IRVDataSourceCredential> ResolveCredentialsAsync(IRVUserContext userContext, RVDashboardDataSource dataSource)
    {
        IRVDataSourceCredential userCredential = null;
        if (dataSource is RVGoogleDriveDataSource)
        {
            userCredential = new RVBearerTokenDataSourceCredential("token", "userid");
        }
        return Task.FromResult<IRVDataSourceCredential>(userCredential);
    }
}

The RVBearerTokenDataSourceCredential is supported for the following data sources:

  • Box
  • Databricks
  • Dropbox
  • Google Analytics
  • Google Big Query
  • Google Drive
  • Microsoft SQL Server
  • OData Services
  • OneDrive
  • REST Services
  • SharePoint Online
  • Snowflake
  • Web Resources

Microsoft Entra ID Authentication

Microsoft Entra ID (formerly Azure Active Directory) can be used to obtain bearer tokens for data sources that support Entra ID authentication, such as Microsoft SQL Server. The acquired token is passed to the Reveal SDK using the RVBearerTokenDataSourceCredential.

info

This example uses the Microsoft Authentication Library (MSAL) for .NET. You must register an application in Microsoft Entra ID and grant it the appropriate database permissions before using this approach.

Step 1 - Install the Microsoft.Identity.Client NuGet package.

dotnet add package Microsoft.Identity.Client

Step 2 - Create the authentication provider that acquires a token from Entra ID and returns it as a RVBearerTokenDataSourceCredential.

public class AuthenticationProvider : IRVAuthenticationProvider
{
    public async Task<IRVDataSourceCredential> ResolveCredentialsAsync(IRVUserContext userContext,
        RVDashboardDataSource dataSource)
    {
        if (dataSource is RVSqlServerDataSource)
        {
            var token = await GetEntraTokenAsync("https://database.windows.net/.default");
            return new RVBearerTokenDataSourceCredential(token, "myaccount@mydomain.com");
        }

        return new RVUsernamePasswordDataSourceCredential();
    }

    private static readonly string ClientId = "your-client-id";
    private static readonly string ClientSecret = "your-client-secret";
    private static readonly string TenantId = "your-tenant-id";

    private static async Task<string> GetEntraTokenAsync(string scope)
    {
        var app = ConfidentialClientApplicationBuilder
            .Create(ClientId)
            .WithClientSecret(ClientSecret)
            .WithAuthority(AzureCloudInstance.AzurePublic, TenantId)
            .Build();

        var result = await app
            .AcquireTokenForClient(new[] { scope })
            .ExecuteAsync();

        return result.AccessToken;
    }
}
note

Replace your-client-id, your-client-secret, and your-tenant-id with the values from your Entra ID app registration. The scope value https://database.windows.net/.default is specific to Azure SQL Server. Other data sources may require a different scope.

Microsoft Entra ID authentication is supported for the following data sources:

  • Microsoft SQL Server

Key-Pair Authentication

If your data source requires key-pair authentication, then you must return an instance of the RVKeyPairDataSourceCredential class. The RVKeyPairDataSourceCredential class provides constructor overloads to define the user and the unencrypted RSA private key.

public class AuthenticationProvider: IRVAuthenticationProvider
{
    public Task<IRVDataSourceCredential> ResolveCredentialsAsync(IRVUserContext userContext, RVDashboardDataSource dataSource)
    {
        IRVDataSourceCredential userCredential = null;
        if (dataSource is RVSnowflakeDataSource)
        {
            userCredential = new RVKeyPairDataSourceCredential("user", "unencrypted rsa-key");
        }
        return Task.FromResult<IRVDataSourceCredential>(userCredential);
    }
}

The RVKeyPairDataSourceCredential is supported for the following data sources:

  • Snowflake

Amazon Web Services

If your data source uses Amazon Web Services (AWS), then you must return an instance of the RVAmazonWebServicesCredentials class. The RVAmazonWebServicesCredentials class provides constructor overloads to define the key, and the secret.

public class AuthenticationProvider: IRVAuthenticationProvider
{
    public Task<IRVDataSourceCredential> ResolveCredentialsAsync(IRVUserContext userContext, RVDashboardDataSource dataSource)
    {
        IRVDataSourceCredential userCredential = null;
        if (dataSource is RVS3DataSource)
        {
            userCredential = new RVAmazonWebServicesCredentials("key", "secret");
        }
        return Task.FromResult<IRVDataSourceCredential>(userCredential);
    }
}

The RVAmazonWebServicesCredentials is supported for the following data sources:

  • Amazon Athena
  • Amazon S3