Developer Guide

Authentication

ScreamCode.Reporting supports two authentication modes for the admin portal.

Option A — Built-in auth (recommended for quick setup)

Enable simple username/password authentication stored in appsettings.json.

"AdminAuth": {
  "Enabled": true,
  "Username": "admin",
  "Password": "your-secure-password",
  "SessionTimeoutMinutes": 60
}

The portal will redirect unauthenticated users to /reportadmin/login.

Store passwords securely. Use ASP.NET Core Secret Manager or environment variables in production.

dotnet user-secrets set "ScreamReporting:AdminAuth:Password" "your-secure-password"

Option B — External auth (use your existing auth system)

If your application already has authentication (ASP.NET Identity, JWT, Azure AD, etc.), protect the admin route directly.

app.MapFallbackToPage("/reportadmin/{**path}", "/_Host")
   .RequireAuthorization("AdminRole");

app.MapFallbackToPage("/reportadmin", "/_Host")
   .RequireAuthorization("AdminRole");

Then suppress the security warning:

"AdminAuth": {
  "Enabled": false,
  "ExternalAuthConfigured": true
}

Example with ASP.NET Identity policy

builder.Services.AddAuthorization(options =>
{
    options.AddPolicy("AdminRole", policy =>
        policy.RequireRole("Admin"));
});

Option C — No authentication (development only)

Leave Enabled: false and ExternalAuthConfigured: false. The portal will display a security warning.

Never run without authentication in production.

Next: Data Providers

← Configuration Data Providers →