public static PowerBIToken CreateReportEmbedToken(string workspaceCollectionName, string workspaceId, string reportId, DateTime expiration, string username = null, IEnumerable<string> roles = null)
{
Guard.ValidateString(workspaceCollectionName, "workspaceCollectionName");
Guard.ValidateString(workspaceId, "workspaceId");
Guard.ValidateString(reportId, "reportId");
if (expiration < DateTime.UtcNow)
{
throw new ArgumentException("Expiration must be a date/time in the future", nameof(expiration));
}
if (roles != null && string.IsNullOrEmpty(username))
{
throw new ArgumentException("Cannot have an empty or null Username claim with the non-empty Roles claim");
}
var token = new PowerBIToken
{
Expiration = expiration
};
token.Claims.Add(new Claim(ClaimTypes.WorkspaceCollectionName, workspaceCollectionName));
token.Claims.Add(new Claim(ClaimTypes.WorkspaceId, workspaceId));
token.Claims.Add(new Claim(ClaimTypes.ReportId, reportId));
// RLS claims: requires username and roles are optional
if (!string.IsNullOrEmpty(username))
{
token.Claims.Add(new Claim(ClaimTypes.Username, username));
if (roles != null)
{
foreach (var role in roles)
{
token.Claims.Add(new Claim(ClaimTypes.Roles, role));
}
}
}
return token;
}