President Obama is coming under increasing pressure to get tough with China over cybersecurity and other issues ahead of President Xi Jinping’s state visit, even as the administration signals it prefers a carrot-and-stick approach.

The administration reportedly has been preparing sanctions against Chinese companies engaged in economic cyberespionage -- but plans to hold off on imposing them while President Xi visits Washington, in hopes of reaching a resolution. 

The New York Times also reported Sunday that the two countries are negotiating an unprecedented arms control agreement for cyberspace which could be rolled out during Xi’s visit. But the agreement may be generally worded and avoid addressing China’s alleged cyber-espionage and theft.

Gordon Chang, author of “The Coming Collapse of China,” told Fox News that the U.S. holds the leverage to make demands of China and questioned the approach being taken.

“We should be tougher with China in all phases of our relationship with Beijing, and the last thing we should be doing is legitimizing their rule with this state visit,” he said.

With the state visit expected to go forward, though, Chang suggested the Obama administration at least be mindful that the Chinese government wants to use images from the visit to impress the Chinese people back home. “There should be no state dinner, no 21-gun salute,” Chang said.

The most immediate question is when and whether the administration might proceed with sanctions.

On Capitol Hill, Rep. Joe Wilson, R-S.C., introduced a resolution on Friday – backed by Rep. Randy Forbes, R-Va. -- urging Obama to “apply punitive economic sanctions to Chinese businesses and state-owned enterprises as a result of documented Chinese cyberattacks against United States entities in order to punish and deter such actions and strengthen the United States cybersecurity.”

But the Washington Post reported that the administration agreed during a visit by Xi’s special envoy to hold off on economic sanctions. (The package under development reportedly would target Chinese companies accused of cybertheft against U.S. corporations.)

Speaking last week before the Business Roundtable, Obama signaled he is willing to impose those sanctions if necessary.

In some of his most direct comments to date on the matter, the president said cybersecurity would “probably be one of the biggest topics that I discuss with President Xi,” adding: “We are preparing a number of measures that will indicate to the Chinese that this is not just a matter of us being mildly upset, but is something that will put significant strains on the bilateral relationship if not resolved, and that we are prepared to some countervailing actions in order to get their attention.”

Obama, though, drew a distinction between China’s different types of cyber-activities. He said the U.S. understands “traditional intelligence-gathering functions that all states, including us, engage in,” but that is “fundamentally different from your government or its proxies engaging directly in industrial espionage and stealing trade secrets, stealing proprietary information from companies.”

That, Obama said, “we consider an act of aggression that has to stop.” 

He said his hope is that the dispute “gets resolved” short of any “countervailing actions.” 

The administration issued another warning Monday, with National Security Adviser Susan Rice saying in Washington that China's cyberespionage is putting "enormous strain" on relations between the two countries. 

The Obama administration still has not publicly blamed China for the massive hack of federal government personnel data. Even if the U.S. were to do so, the administration could try to argue that falls under the type of “traditional intelligence-gathering” Obama referenced last week.

Those breaches nevertheless could have serious implications. A private industry IT security firm told Fox News last week that personal data stolen over the span of several high-profile U.S. cyber breaches is being indexed by China's intelligence service into a massive Facebook-like network.

According to CrowdStrike founder Dmitri Alperovitch, Chinese hackers are using information gained from the breaches of the U.S. Office of Personnel Management, as well as intrusions into the Anthem and CareFirst BlueCross BlueShield health insurance networks, to build a profile of federal employees. This information could be used as leverage.