Solved: Custom USERPRINCIPALNAME() when consumming API thr...

Lauger · ‎12-19-2022

Hi,

I have to embed some Power BI reports in several applications. I use an Azure Service Principal (client id, client secret) to generate an access token and call the Power BI API. All is working fine.

However, some reports implement custom rights management through RLS using the user's email (provided by USERPRINCIPALNAME() DAX function) and Datamart tables (wich do relations betweens the email and the data the user can access).

As I'm authenticating to the PowerBI API with an Azure app, the DAX function will not return the email of the user that browses the report.

To give more context:

- our applications are working on IIS server; all of them require Windows authentication; the user is authenticated in SSO mode when accessing the web app.

- I get the access token and the report's embed token in Javascript (front-end approach).

I would like to know what is the best solution to face this issue? How can I pass the service principal off as the real authenticated user?

Thanks a lot for your help.

Regards,

Lauger · ‎02-03-2023

It took me a long time before being able to figure out the best solution.

Using service principal was not the best approach in order to take the user's rights in account.

So I had to focus on the other way (more complicated for novice as I am) to embed reports, based on user's scope delegation located in the Azure application.

View solution in original post

Lauger · ‎02-03-2023

It took me a long time before being able to figure out the best solution.

Using service principal was not the best approach in order to take the user's rights in account.

So I had to focus on the other way (more complicated for novice as I am) to embed reports, based on user's scope delegation located in the Azure application.

Gengar · ‎12-21-2022

Hi @Lauger ,

This is how it is described in the official documentation.

https://learn.microsoft.com/en-us/dax/username-function-dax

I'm not particularly sure about how it works exactly.

I sincerely hope these can help you!

Gengar

Gengar · ‎12-20-2022

Hi @Lauger ,

Maybe you can use username() or userobject() instead of userprinciplename ()

Username() returns the domain name and username from the credentials given to the system at connection time.

Userobject() returns the current user's Object ID or SID.

refer to:

https://learn.microsoft.com/en-us/dax/information-functions-dax

Kind Regards

Gengar

Lauger · ‎12-20-2022

Hi @Gengar,

Thanks for your reply.

To make sure I understand well, USERNAME() DAX function will return the name of the authenticated user. However, as a generate an access token using Azure App client ID and secret, will it not simply return the username of the Azure app? The report's embed token is generated using the Access Token generated for the Azure app.

How can PowerBI retrieve the currently-authenticated user's information if I never send his own credentials anywhere? And what will return USERNAME() function if I embed a report into an application which uses Anonymous authentication mode?

Thanks a lot.

Regards,

Gengar · ‎12-21-2022

Hi @Lauger ,

I mean, normally you use username to return the domain name and username in the credentials, and you could probably use it or some other like: userobject , instead of userprinciplename, which returns the email.

Best Regards

Gengar

Lauger · ‎12-21-2022

Hi @Gengar,

Thanks for your reply.

I will check what does the DAX function USERNAME() as soon as possible (I'm waiting feedback from other teams of my company), thanks a lot.

If it works, I will mark your answer as the solution.

To well understand, how can Power BI retrieve the name of the user authenticated on the application? As I authenticate to API using a Bearer token authentication mode refering the Service Principal access token, I'm wondering how it's possible to retrieve the user's name?

Custom USERPRINCIPALNAME() when consumming API through Service Principal

Helpful resources

Power BI T-Shirt Design Challenge 2023

Power BI March 2023 Update

March 2023 Events