I am building an asp.net app that will use reporting services to show reports within the application. Users login to the application and when they need to see a report I use web services to render the report. The asp.net app and reporting services are on the same windows 2003 server (not using active directory).
Because reporting services uses Windows authentication and does not allow anonymous access, I have created a windows account (called "RSUser") that has access to my reports. When the user runs a report, I pass in the credentials for this windows account like this...
rs.Credentials = New System.Net.NetworkCredential("RSUser", "password", "domain")
This all works, and the report renders using the permissions from RSUser. The problem is that all the reports use treeviews for drill-down (and some use drill-through). When you expand a drill down you are prompted for a windows login. I think this is because this postback is now coming from the client PC, instead if from the asp.net app (i.e. on the server), and so reporting services needs to anthenticate this new user.
The only solution that I have found for this is developing a security extension for reporting services...
http://msdn.microsoft.com/library/?url=/library/en-us/dnsql2k/html/ufairs.asp?frame=true#ufairs_topic3
... but this seems like overkill and a very complicated process, and Microsoft says in the article that this is not fully tested and should not be used in a production environment (but that where I need it for).
Does anyone have a solution ?
Craig HBJust a thought: Have you tried to setup a individual Application pool that works with your RSUser Account?
"Craig HB" wrote:
> I am building an asp.net app that will use reporting services to show reports within the application. Users login to the application and when they need to see a report I use web services to render the report. The asp.net app and reporting services are on the same windows 2003 server (not using active directory).
> Because reporting services uses Windows authentication and does not allow anonymous access, I have created a windows account (called "RSUser") that has access to my reports. When the user runs a report, I pass in the credentials for this windows account like this...
> rs.Credentials = New System.Net.NetworkCredential("RSUser", "password", "domain")
> This all works, and the report renders using the permissions from RSUser. The problem is that all the reports use treeviews for drill-down (and some use drill-through). When you expand a drill down you are prompted for a windows login. I think this is because this postback is now coming from the client PC, instead if from the asp.net app (i.e. on the server), and so reporting services needs to anthenticate this new user.
> The only solution that I have found for this is developing a security extension for reporting services...
> http://msdn.microsoft.com/library/?url=/library/en-us/dnsql2k/html/ufairs.asp?frame=true#ufairs_topic3
> ... but this seems like overkill and a very complicated process, and Microsoft says in the article that this is not fully tested and should not be used in a production environment (but that where I need it for).
> Does anyone have a solution ?
> Craig HB|||Craig,
You are right. You get prompted because the drilldown and drillthough
interactive features require URL acccess and request goes out on the client
side of the application.
In a nutshell, if your reports have interactive features you need to go for
URL access. For Internet-oriented apps this means writing a custom security
extension. It is not that involved to write and I have deployed an
application that uses a custom security extension in a production
environment. There are some gotchas to avoid but in general my experience
writing custom security extensions have been positive and you will learn a
lot about how RS handles authentication and authorization.
--
Hope this helps.
---
Teo Lachev, MCSD, MCT
Author: "Microsoft Reporting Services in Action"
http://www.prologika.com
"Gash" <Gash@.discussions.microsoft.com> wrote in message
news:FFF038F5-4A21-4DFA-846C-6A3A84683D2D@.microsoft.com...
> Just a thought: Have you tried to setup a individual Application pool that
works with your RSUser Account?
> "Craig HB" wrote:
> > I am building an asp.net app that will use reporting services to show
reports within the application. Users login to the application and when they
need to see a report I use web services to render the report. The asp.net
app and reporting services are on the same windows 2003 server (not using
active directory).
> >
> > Because reporting services uses Windows authentication and does not
allow anonymous access, I have created a windows account (called "RSUser")
that has access to my reports. When the user runs a report, I pass in the
credentials for this windows account like this...
> >
> > rs.Credentials = New System.Net.NetworkCredential("RSUser", "password",
"domain")
> >
> > This all works, and the report renders using the permissions from
RSUser. The problem is that all the reports use treeviews for drill-down
(and some use drill-through). When you expand a drill down you are prompted
for a windows login. I think this is because this postback is now coming
from the client PC, instead if from the asp.net app (i.e. on the server),
and so reporting services needs to anthenticate this new user.
> >
> > The only solution that I have found for this is developing a security
extension for reporting services...
> >
> >
http://msdn.microsoft.com/library/?url=/library/en-us/dnsql2k/html/ufairs.asp?frame=true#ufairs_topic3
> >
> > ... but this seems like overkill and a very complicated process, and
Microsoft says in the article that this is not fully tested and should not
be used in a production environment (but that where I need it for).
> >
> > Does anyone have a solution ?
> >
> > Craig HB|||Start here
http://msdn.microsoft.com/library/?url=/library/en-us/dnsql2k/html/ufairs.asp?frame=true#ufairs_topic3
--
Hope this helps.
----
Teo Lachev, MCSD, MCT
Author: "Microsoft Reporting Services in Action"
Publisher website: http://www.manning.com/lachev
Buy it from Amazon.com: http://shrinkster.com/eq
Home page and blog: http://www.prologika.com/
----
"jbmeeh" <jbmeeh@.discussions.microsoft.com> wrote in message
news:3A2F7D63-C267-4CED-A5CC-4B42186B98B6@.microsoft.com...
> Is there any sample code for writing a custom security extension? I have
> already validated the user and I want to provide url access to the report
> server.
> "Teo" wrote:
> > Craig,
> >
> > You are right. You get prompted because the drilldown and drillthough
> > interactive features require URL acccess and request goes out on the
client
> > side of the application.
> >
> > In a nutshell, if your reports have interactive features you need to go
for
> > URL access. For Internet-oriented apps this means writing a custom
security
> > extension. It is not that involved to write and I have deployed an
> > application that uses a custom security extension in a production
> > environment. There are some gotchas to avoid but in general my
experience
> > writing custom security extensions have been positive and you will learn
a
> > lot about how RS handles authentication and authorization.
> >
> > --
> > Hope this helps.
> >
> > ---
> > Teo Lachev, MCSD, MCT
> > Author: "Microsoft Reporting Services in Action"
> > http://www.prologika.com
> >
> >
> > "Gash" <Gash@.discussions.microsoft.com> wrote in message
> > news:FFF038F5-4A21-4DFA-846C-6A3A84683D2D@.microsoft.com...
> > > Just a thought: Have you tried to setup a individual Application pool
that
> > works with your RSUser Account?
> > >
> > > "Craig HB" wrote:
> > >
> > > > I am building an asp.net app that will use reporting services to
show
> > reports within the application. Users login to the application and when
they
> > need to see a report I use web services to render the report. The
asp.net
> > app and reporting services are on the same windows 2003 server (not
using
> > active directory).
> > > >
> > > > Because reporting services uses Windows authentication and does not
> > allow anonymous access, I have created a windows account (called
"RSUser")
> > that has access to my reports. When the user runs a report, I pass in
the
> > credentials for this windows account like this...
> > > >
> > > > rs.Credentials = New System.Net.NetworkCredential("RSUser",
"password",
> > "domain")
> > > >
> > > > This all works, and the report renders using the permissions from
> > RSUser. The problem is that all the reports use treeviews for drill-down
> > (and some use drill-through). When you expand a drill down you are
prompted
> > for a windows login. I think this is because this postback is now coming
> > from the client PC, instead if from the asp.net app (i.e. on the
server),
> > and so reporting services needs to anthenticate this new user.
> > > >
> > > > The only solution that I have found for this is developing a
security
> > extension for reporting services...
> > > >
> > > >
> >
http://msdn.microsoft.com/library/?url=/library/en-us/dnsql2k/html/ufairs.asp?frame=true#ufairs_topic3
> > > >
> > > > ... but this seems like overkill and a very complicated process, and
> > Microsoft says in the article that this is not fully tested and should
not
> > be used in a production environment (but that where I need it for).
> > > >
> > > > Does anyone have a solution ?
> > > >
> > > > Craig HB
> >
> >
> >|||I have seen this article and it is good if I wanted to build a standalone
application to allow access to the report server. However, i have an existing
application with forms authentication in which I want to embed url access to
the report server. I was hoping that there would be code samples or an
article for this particular issue. I don't need to present another form to
the user to capture credentials. Can i use my existing forms authentication
ticket or do I need to create a new one. Do I call the LogonUser webservice
to create a cookie for a user that has been created on the report manager. It
seems like there are a lot of people trying to solve the same problem, but
not too many examples.
"Teo Lachev" wrote:
> Start here
> http://msdn.microsoft.com/library/?url=/library/en-us/dnsql2k/html/ufairs.asp?frame=true#ufairs_topic3
> --
> Hope this helps.
> ----
> Teo Lachev, MCSD, MCT
> Author: "Microsoft Reporting Services in Action"
> Publisher website: http://www.manning.com/lachev
> Buy it from Amazon.com: http://shrinkster.com/eq
> Home page and blog: http://www.prologika.com/
> ----
> "jbmeeh" <jbmeeh@.discussions.microsoft.com> wrote in message
> news:3A2F7D63-C267-4CED-A5CC-4B42186B98B6@.microsoft.com...
> > Is there any sample code for writing a custom security extension? I have
> > already validated the user and I want to provide url access to the report
> > server.
> >
> > "Teo" wrote:
> >
> > > Craig,
> > >
> > > You are right. You get prompted because the drilldown and drillthough
> > > interactive features require URL acccess and request goes out on the
> client
> > > side of the application.
> > >
> > > In a nutshell, if your reports have interactive features you need to go
> for
> > > URL access. For Internet-oriented apps this means writing a custom
> security
> > > extension. It is not that involved to write and I have deployed an
> > > application that uses a custom security extension in a production
> > > environment. There are some gotchas to avoid but in general my
> experience
> > > writing custom security extensions have been positive and you will learn
> a
> > > lot about how RS handles authentication and authorization.
> > >
> > > --
> > > Hope this helps.
> > >
> > > ---
> > > Teo Lachev, MCSD, MCT
> > > Author: "Microsoft Reporting Services in Action"
> > > http://www.prologika.com
> > >
> > >
> > > "Gash" <Gash@.discussions.microsoft.com> wrote in message
> > > news:FFF038F5-4A21-4DFA-846C-6A3A84683D2D@.microsoft.com...
> > > > Just a thought: Have you tried to setup a individual Application pool
> that
> > > works with your RSUser Account?
> > > >
> > > > "Craig HB" wrote:
> > > >
> > > > > I am building an asp.net app that will use reporting services to
> show
> > > reports within the application. Users login to the application and when
> they
> > > need to see a report I use web services to render the report. The
> asp.net
> > > app and reporting services are on the same windows 2003 server (not
> using
> > > active directory).
> > > > >
> > > > > Because reporting services uses Windows authentication and does not
> > > allow anonymous access, I have created a windows account (called
> "RSUser")
> > > that has access to my reports. When the user runs a report, I pass in
> the
> > > credentials for this windows account like this...
> > > > >
> > > > > rs.Credentials = New System.Net.NetworkCredential("RSUser",
> "password",
> > > "domain")
> > > > >
> > > > > This all works, and the report renders using the permissions from
> > > RSUser. The problem is that all the reports use treeviews for drill-down
> > > (and some use drill-through). When you expand a drill down you are
> prompted
> > > for a windows login. I think this is because this postback is now coming
> > > from the client PC, instead if from the asp.net app (i.e. on the
> server),
> > > and so reporting services needs to anthenticate this new user.
> > > > >
> > > > > The only solution that I have found for this is developing a
> security
> > > extension for reporting services...
> > > > >
> > > > >
> > >
> http://msdn.microsoft.com/library/?url=/library/en-us/dnsql2k/html/ufairs.asp?frame=true#ufairs_topic3
> > > > >
> > > > > ... but this seems like overkill and a very complicated process, and
> > > Microsoft says in the article that this is not fully tested and should
> not
> > > be used in a production environment (but that where I need it for).
> > > > >
> > > > > Does anyone have a solution ?
> > > > >
> > > > > Craig HB
> > >
> > >
> > >
>
>|||> Can i use my existing forms authentication
> ticket or do I need to create a new one.
No, you cannot use your app Forms Authentication ticket and you don't have
to have another logon form. Instead, your application needs to call the RS
LogonUser SOAP API once it authenticates the user. You will end up with two
authentication tickets (cookies) but this shouldn't be too much of an issue.
The MS article should be good enough to address you scenario. You just need
to understand how RS Forms Authentication works by debugging the extension.
I have a two-part article in the works for a magazine about Forms
Authentication. Unfortunately, judging by the editors speed, it won't make
it before the end of the year. Meanwhile, you can check the other threads
on this topic. It's been discussed many times.
--
Hope this helps.
----
Teo Lachev, MCSD, MCT
Author: "Microsoft Reporting Services in Action"
Publisher website: http://www.manning.com/lachev
Buy it from Amazon.com: http://shrinkster.com/eq
Home page and blog: http://www.prologika.com/
----
"jbmeeh" <jbmeeh@.discussions.microsoft.com> wrote in message
news:3F687097-1790-4FF9-B8CB-0A163BF3074C@.microsoft.com...
> I have seen this article and it is good if I wanted to build a standalone
> application to allow access to the report server. However, i have an
existing
> application with forms authentication in which I want to embed url access
to
> the report server. I was hoping that there would be code samples or an
> article for this particular issue. I don't need to present another form to
> the user to capture credentials. Can i use my existing forms
authentication
> ticket or do I need to create a new one. Do I call the LogonUser
webservice
> to create a cookie for a user that has been created on the report manager.
It
> seems like there are a lot of people trying to solve the same problem, but
> not too many examples.
> "Teo Lachev" wrote:
> > Start here
> >
http://msdn.microsoft.com/library/?url=/library/en-us/dnsql2k/html/ufairs.asp?frame=true#ufairs_topic3
> >
> > --
> > Hope this helps.
> >
> > ----
> > Teo Lachev, MCSD, MCT
> > Author: "Microsoft Reporting Services in Action"
> > Publisher website: http://www.manning.com/lachev
> > Buy it from Amazon.com: http://shrinkster.com/eq
> > Home page and blog: http://www.prologika.com/
> > ----
> >
> > "jbmeeh" <jbmeeh@.discussions.microsoft.com> wrote in message
> > news:3A2F7D63-C267-4CED-A5CC-4B42186B98B6@.microsoft.com...
> > > Is there any sample code for writing a custom security extension? I
have
> > > already validated the user and I want to provide url access to the
report
> > > server.
> > >
> > > "Teo" wrote:
> > >
> > > > Craig,
> > > >
> > > > You are right. You get prompted because the drilldown and
drillthough
> > > > interactive features require URL acccess and request goes out on the
> > client
> > > > side of the application.
> > > >
> > > > In a nutshell, if your reports have interactive features you need to
go
> > for
> > > > URL access. For Internet-oriented apps this means writing a custom
> > security
> > > > extension. It is not that involved to write and I have deployed an
> > > > application that uses a custom security extension in a production
> > > > environment. There are some gotchas to avoid but in general my
> > experience
> > > > writing custom security extensions have been positive and you will
learn
> > a
> > > > lot about how RS handles authentication and authorization.
> > > >
> > > > --
> > > > Hope this helps.
> > > >
> > > > ---
> > > > Teo Lachev, MCSD, MCT
> > > > Author: "Microsoft Reporting Services in Action"
> > > > http://www.prologika.com
> > > >
> > > >
> > > > "Gash" <Gash@.discussions.microsoft.com> wrote in message
> > > > news:FFF038F5-4A21-4DFA-846C-6A3A84683D2D@.microsoft.com...
> > > > > Just a thought: Have you tried to setup a individual Application
pool
> > that
> > > > works with your RSUser Account?
> > > > >
> > > > > "Craig HB" wrote:
> > > > >
> > > > > > I am building an asp.net app that will use reporting services to
> > show
> > > > reports within the application. Users login to the application and
when
> > they
> > > > need to see a report I use web services to render the report. The
> > asp.net
> > > > app and reporting services are on the same windows 2003 server (not
> > using
> > > > active directory).
> > > > > >
> > > > > > Because reporting services uses Windows authentication and does
not
> > > > allow anonymous access, I have created a windows account (called
> > "RSUser")
> > > > that has access to my reports. When the user runs a report, I pass
in
> > the
> > > > credentials for this windows account like this...
> > > > > >
> > > > > > rs.Credentials = New System.Net.NetworkCredential("RSUser",
> > "password",
> > > > "domain")
> > > > > >
> > > > > > This all works, and the report renders using the permissions
from
> > > > RSUser. The problem is that all the reports use treeviews for
drill-down
> > > > (and some use drill-through). When you expand a drill down you are
> > prompted
> > > > for a windows login. I think this is because this postback is now
coming
> > > > from the client PC, instead if from the asp.net app (i.e. on the
> > server),
> > > > and so reporting services needs to anthenticate this new user.
> > > > > >
> > > > > > The only solution that I have found for this is developing a
> > security
> > > > extension for reporting services...
> > > > > >
> > > > > >
> > > >
> >
http://msdn.microsoft.com/library/?url=/library/en-us/dnsql2k/html/ufairs.asp?frame=true#ufairs_topic3
> > > > > >
> > > > > > ... but this seems like overkill and a very complicated process,
and
> > > > Microsoft says in the article that this is not fully tested and
should
> > not
> > > > be used in a production environment (but that where I need it for).
> > > > > >
> > > > > > Does anyone have a solution ?
> > > > > >
> > > > > > Craig HB
> > > >
> > > >
> > > >
> >
> >
> >|||Is there any sample code for writing a custom security extension? I have
already validated the user and I want to provide url access to the report
server.
"Teo" wrote:
> Craig,
> You are right. You get prompted because the drilldown and drillthough
> interactive features require URL acccess and request goes out on the client
> side of the application.
> In a nutshell, if your reports have interactive features you need to go for
> URL access. For Internet-oriented apps this means writing a custom security
> extension. It is not that involved to write and I have deployed an
> application that uses a custom security extension in a production
> environment. There are some gotchas to avoid but in general my experience
> writing custom security extensions have been positive and you will learn a
> lot about how RS handles authentication and authorization.
> --
> Hope this helps.
> ---
> Teo Lachev, MCSD, MCT
> Author: "Microsoft Reporting Services in Action"
> http://www.prologika.com
>
> "Gash" <Gash@.discussions.microsoft.com> wrote in message
> news:FFF038F5-4A21-4DFA-846C-6A3A84683D2D@.microsoft.com...
> > Just a thought: Have you tried to setup a individual Application pool that
> works with your RSUser Account?
> >
> > "Craig HB" wrote:
> >
> > > I am building an asp.net app that will use reporting services to show
> reports within the application. Users login to the application and when they
> need to see a report I use web services to render the report. The asp.net
> app and reporting services are on the same windows 2003 server (not using
> active directory).
> > >
> > > Because reporting services uses Windows authentication and does not
> allow anonymous access, I have created a windows account (called "RSUser")
> that has access to my reports. When the user runs a report, I pass in the
> credentials for this windows account like this...
> > >
> > > rs.Credentials = New System.Net.NetworkCredential("RSUser", "password",
> "domain")
> > >
> > > This all works, and the report renders using the permissions from
> RSUser. The problem is that all the reports use treeviews for drill-down
> (and some use drill-through). When you expand a drill down you are prompted
> for a windows login. I think this is because this postback is now coming
> from the client PC, instead if from the asp.net app (i.e. on the server),
> and so reporting services needs to anthenticate this new user.
> > >
> > > The only solution that I have found for this is developing a security
> extension for reporting services...
> > >
> > >
> http://msdn.microsoft.com/library/?url=/library/en-us/dnsql2k/html/ufairs.asp?frame=true#ufairs_topic3
> > >
> > > ... but this seems like overkill and a very complicated process, and
> Microsoft says in the article that this is not fully tested and should not
> be used in a production environment (but that where I need it for).
> > >
> > > Does anyone have a solution ?
> > >
> > > Craig HB
>
>|||Teo. Is it possible to use web forms authentication with the standard
edition of RS?
If not, I'm guessing there is no other way to use the viewer over the
Internet..
Thanks, AHH
BTW: I bought your book - best one out there..|||Thanks. No, extending RS requires Enterprise Edition. Sorry.
How about generating reports on the server side of the app and sacrificing
the interactive features and the toolbar?
--
Hope this helps.
----
Teo Lachev, MCSD, MCT
Author: "Microsoft Reporting Services in Action"
Publisher website: http://www.manning.com/lachev
Buy it from Amazon.com: http://shrinkster.com/eq
Home page and blog: http://www.prologika.com/
----
"AHH" <AHH@.discussions.microsoft.com> wrote in message
news:13CACEA1-BD84-4D6A-BB25-63D43E0F56A8@.microsoft.com...
> Teo. Is it possible to use web forms authentication with the standard
> edition of RS?
> If not, I'm guessing there is no other way to use the viewer over the
> Internet..
> Thanks, AHH
> BTW: I bought your book - best one out there..
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment