You will not be able to hide those elements because they muist be sent to the browser. The access token and embed url must be sent to the browser because of the core architecture of Power BI embedding which loads Power BI embedded resources using an iFrame.  This is something that cannot be done using server-side code. 

If you are using third-party embedding (app-owns-data), then you should not be sending Azure AD access tokens back to the browser. Instead, you generate embed tokens using the Power BI Service which are far ore constrained because any embed token only works with a single report or dashboard. Compare that to an Azure AD access token which gives a potential attacker a much broader set permissions across the Power BI environment.

Thanks for the suggestions. 

Just to make sure i define my requirement correct [ My requirement is app own data]

1) Used the sample MVC app provided by Microsoft . 

2) Customized to my requirement . Kept embed token generation logic and removed rest all

3) Use all the scripts provided inside sample application.

On execution of application i am getting report embed with view source is showing values of 

1) ReportID

2) AccessToken [ Actually it is embed token . In script the variable name is access token]

3) EmbedURL 

If  i get your suggestions correctly then 

1) These values are must for browser and they are part of PowerBI Embed architecture

2) The exposed values combination [ReprotID , AccessToken, EmbedURL] are for one specific report . So if i change the values of ReportID or EmbedURL then it  wont wok .

3) Is it possible to set the life time of embedURL to 'N' minutes ? So that user will be forced to use new token. 

Also you had suggested to generate generate embed tokens using the Power BI Service . I am not sure what you meant by this . In my application i am using PowerBI REST API. If i am missing any then can you help me with some pointer / link 

Thanks a lot once again.

Hi Ted

Thanks for the swift reply. 

THanks,

Suresh RM