Secure way to serve blobs to Perspective PDF viewer

I’m not sure if I’m missing something or if this is just not possible.

I have PDF blobs stored in a database and I use a doGet Python resourced in the WebDev module to serve them to a Perspective PDF Viewer component. This all works.

This is my dilemma. I want 2 things:

1. Let a user who is logged into a Perspective session see the PDF on a page.
2. Not expose the PDF to just anyone on the network that happens to obtain the correct url.

I could require authentication on the handler so that someone with the correct url cannot just type it into the browser and get the file but will be prompted to authenticate. However, this also prompts the (already logged in) user to authenticate in the Perspective Session as well... which is terrible for user experience.

As far as I can tell there is no way to pass the Perspective authentication through with the GET request. I can think of ways to hack together the use of some "middle man" service account perhaps if I were scripting this, but not really using a PDF viewer.

What is the best practice here?

Quite the oxymoron

Could you have a secret token that the authenticated perspective session would have access to and pass that with the URL?

Surely you can get rid of webdev and message the data across to the perspective session inside the ignition environment?

Could you expand on what you mean?

The documentation for the component specifies that it expects a url to a pdf hosted on a web server.

image1004×122 5.05 KB

I understand that I could get the bytes from the DB myself and let the user download them, but I'm not sure how to pass them to the PDF Component if it expects a url.

The linked solution still uses a web server, it just happens to be Phil Turmel's BlobServer module rather than the WebDev module. The documentation for his module implies that it respects NamedQuery security settings, I'll do some testing.