Hi, Experts.
Another problem with Reporting Services authentication:
We have a windows 2003 server + iis 6.0 +Reporting Setvices
whose reports access to a sql server windows 2003 (both are situated
in the same domain).
Since I must use stored credentials in order to create subscriptions
I've decided to put a user from domain windows in stored
authentication.
As the result I´ve obtain the following error:
Error al procesar el informe. (rsProcessingAborted) Obtener ayuda en
línea
No se puede crear una conexión al origen de datos Ventas.
(rsErrorOpeningConnection) Obtener ayuda en línea
Invalid authorization specification
The user I've chosen is the same that I use to design reports and to
access the sql server usually, so I don´t understand the cause of this
error.
Good. Seeing that it has not work I´ve changed the user to "sa" and
everything works fine.
The unique problem I have that according to the policy secuirty of the
company
it is forbidden to use the sa user in order to execute the reports.
Windows authentication is strongly recommended. Any idea?
Regards
Maciej KiewraHi, Experts.
The ServicePack is the real reason of my problem.
I´ve removed RS and I've installed it again (without applying service pack)
everything ok.
Then I've installed the servicepack and now "windows authentication" does not work.
I know that in the service pack 1 a new System Property has been add that
permits the windows authentication to be disabled, but this parameter is set
to true, so it is not a case.
It seems that Reporting Service is already very premature
Regards
Maciej Kiewra
mkiewra@.mail.fujitsu.es (Maciej Kiewra) wrote in message news:<bc86bf57.0504050912.36611411@.posting.google.com>...
> Hi, Experts.
>
> Another problem with Reporting Services authentication:
> We have a windows 2003 server + iis 6.0 +Reporting Setvices
> whose reports access to a sql server windows 2003 (both are situated
> in the same domain).
> Since I must use stored credentials in order to create subscriptions
> I've decided to put a user from domain windows in stored
> authentication.
> As the result I´ve obtain the following error:
> Error al procesar el informe. (rsProcessingAborted) Obtener ayuda en
> línea
> No se puede crear una conexión al origen de datos Ventas.
> (rsErrorOpeningConnection) Obtener ayuda en línea
> Invalid authorization specification
> The user I've chosen is the same that I use to design reports and to
> access the sql server usually, so I don´t understand the cause of this
> error.
> Good. Seeing that it has not work I´ve changed the user to "sa" and
> everything works fine.
> The unique problem I have that according to the policy secuirty of the
> company
> it is forbidden to use the sa user in order to execute the reports.
> Windows authentication is strongly recommended. Any idea?
> Regards
> Maciej Kiewrasql
Showing posts with label services. Show all posts
Showing posts with label services. Show all posts
Tuesday, March 27, 2012
Sunday, March 25, 2012
Authorization problems with dso and asp (vbscript)
Hi all,
I have an authorization problem while trying to access to Metadata informations of Analysis Services via DSO with vbscript over IIS.
Calling from Browser an ASP page with the following content:
---
dim dsoServer, dsoDatabase, dsoCube
set dsoServer = Server.CreateObject ("DSO.Server")
dsoServer.Connect ("<myServerName>")
...
--
produces the following error:
Unable to connect to the registry on the server (DSCWDMT), or you are not a member of
the OLAP Administrators group on this server.
I found in this forum a similar post, and its proposed solution (apply sp1 to AS) will not work, because I have already SP1 installed (see also article Q297232 on MSDN).
I did the following tests:
1) run examples on \Programs\Microsoft Analysis Services\Samples
Yes, they work, but without DSO. I need DSO
2) Build a dll and register it for wwwroot.
Same error message
3) follow instruction on Q224973 (MSDN)
Same error message
I have the suspect, that the installation and/or the authorizations on W2K are not correct, but I do not know what.
I run SQL2K with unthrusted authorization (i.e. with user logon and password). This use is also allowed to see cubes (at least SELECT) in Analysis services. MDX Commands work fine and I get results.
So the question is: which user is trying to access DSO Services via Internet ?
if it is IUSR_<ServerName>, than it cannot work, because it has only guest auth. on ServerName, and it would not be correct to change it.
Do you have any hint ?
Background Infos:
OS: W2K with sp2
IS: IIS 5
Database: MS SQL2K with sp1
AS: SP1
Language: Visual Basic scripting edition (VBSCRIPT)
Thanks in advance
MatteoHi,
Remember that using Windows 2000 and your web server - IIS 5.0 - all connections and all things that you use from WEB use the default Windows 2000 user account that's IIS_<machine name>...
For example, if you must use a different Regional Settings for your WEB Aplications - ASP - and set it on the server by <b>Administrator</b> account, nothing will be changed by WEB users but the account used to local permissions on IIS is the IIS account ( IIS_<machine name> or IWS_<machine name> - I don't remember now ) .
[ ]'s|||Yes, this is correct. Everything works under the account IUSR_<MachineName>.
The problem ist meanwhile solved.
The error message came because IIUSR_<MachineName> could not read Registry Entries for HKLM/SOFTWARE/Microsoft/OLAP Server/...
So I added IUSR_<MachineName> wit readonly authorisation. This solved the problem.
Anyway this cannot be a good solution, because You change punctually something without a general application rule.
So I keep on searching.
Thanks,
Matteo
I have an authorization problem while trying to access to Metadata informations of Analysis Services via DSO with vbscript over IIS.
Calling from Browser an ASP page with the following content:
---
dim dsoServer, dsoDatabase, dsoCube
set dsoServer = Server.CreateObject ("DSO.Server")
dsoServer.Connect ("<myServerName>")
...
--
produces the following error:
Unable to connect to the registry on the server (DSCWDMT), or you are not a member of
the OLAP Administrators group on this server.
I found in this forum a similar post, and its proposed solution (apply sp1 to AS) will not work, because I have already SP1 installed (see also article Q297232 on MSDN).
I did the following tests:
1) run examples on \Programs\Microsoft Analysis Services\Samples
Yes, they work, but without DSO. I need DSO
2) Build a dll and register it for wwwroot.
Same error message
3) follow instruction on Q224973 (MSDN)
Same error message
I have the suspect, that the installation and/or the authorizations on W2K are not correct, but I do not know what.
I run SQL2K with unthrusted authorization (i.e. with user logon and password). This use is also allowed to see cubes (at least SELECT) in Analysis services. MDX Commands work fine and I get results.
So the question is: which user is trying to access DSO Services via Internet ?
if it is IUSR_<ServerName>, than it cannot work, because it has only guest auth. on ServerName, and it would not be correct to change it.
Do you have any hint ?
Background Infos:
OS: W2K with sp2
IS: IIS 5
Database: MS SQL2K with sp1
AS: SP1
Language: Visual Basic scripting edition (VBSCRIPT)
Thanks in advance
MatteoHi,
Remember that using Windows 2000 and your web server - IIS 5.0 - all connections and all things that you use from WEB use the default Windows 2000 user account that's IIS_<machine name>...
For example, if you must use a different Regional Settings for your WEB Aplications - ASP - and set it on the server by <b>Administrator</b> account, nothing will be changed by WEB users but the account used to local permissions on IIS is the IIS account ( IIS_<machine name> or IWS_<machine name> - I don't remember now ) .
[ ]'s|||Yes, this is correct. Everything works under the account IUSR_<MachineName>.
The problem ist meanwhile solved.
The error message came because IIUSR_<MachineName> could not read Registry Entries for HKLM/SOFTWARE/Microsoft/OLAP Server/...
So I added IUSR_<MachineName> wit readonly authorisation. This solved the problem.
Anyway this cannot be a good solution, because You change punctually something without a general application rule.
So I keep on searching.
Thanks,
Matteo
Authorization Error in Reporting Services on Windows 2003
Hi,
I have just reinstalled Reporting Services on win 2003 server that was
added to a domain and has been renamed. Two strange things happen:
1) In IE I am prompted for an ID and password with a basic security
prompt.
2) After supplying the credentials I get some of the report manager web
page but it has a 401 error instead of the folder and options to manage
projects.
The page looks like this:
Error
The request failed with HTTP status 401: Unauthorized.
Home
The reporting services error log contains the following error:
Unknown!ui!ed8!2/9/2005-20:44:32:: v VERBOSE: User
map'<Users><User><Name>DOMAIN\Administrator</Name><Paths><Pa=ADth>/reports/= Home.aspx</Path><NrReq>1</NrReq></Paths></User><=AD/Users>'
Unknown!ui!a24!2/9/2005-20:44:33:: v VERBOSE: User
map'<Users><User><Name>DOMAIN\Administrator</Name><Paths><Pa=ADth>/reports/= Pages/Folder.aspx</Path><NrReq>1</NrReq></Paths>=AD</User></Users>'
Unknown!ui!a24!2/9/2005-20:44:34:: e ERROR: The request failed with
HTTP status 401: Unauthorized.
Unknown!ui!a24!2/9/2005-20:44:35:: e ERROR: HTTP status code --> 500
I have not changed any of the config files that are installed.
Thanks for any help in advance,
EricTry restarting IIS. I think that is how they fixed the problem here.|||Try restarting IIS. I think that is how they cured the problem here.
I have just reinstalled Reporting Services on win 2003 server that was
added to a domain and has been renamed. Two strange things happen:
1) In IE I am prompted for an ID and password with a basic security
prompt.
2) After supplying the credentials I get some of the report manager web
page but it has a 401 error instead of the folder and options to manage
projects.
The page looks like this:
Error
The request failed with HTTP status 401: Unauthorized.
Home
The reporting services error log contains the following error:
Unknown!ui!ed8!2/9/2005-20:44:32:: v VERBOSE: User
map'<Users><User><Name>DOMAIN\Administrator</Name><Paths><Pa=ADth>/reports/= Home.aspx</Path><NrReq>1</NrReq></Paths></User><=AD/Users>'
Unknown!ui!a24!2/9/2005-20:44:33:: v VERBOSE: User
map'<Users><User><Name>DOMAIN\Administrator</Name><Paths><Pa=ADth>/reports/= Pages/Folder.aspx</Path><NrReq>1</NrReq></Paths>=AD</User></Users>'
Unknown!ui!a24!2/9/2005-20:44:34:: e ERROR: The request failed with
HTTP status 401: Unauthorized.
Unknown!ui!a24!2/9/2005-20:44:35:: e ERROR: HTTP status code --> 500
I have not changed any of the config files that are installed.
Thanks for any help in advance,
EricTry restarting IIS. I think that is how they fixed the problem here.|||Try restarting IIS. I think that is how they cured the problem here.
authorization error in reporting services on win2003
Hi,
I have just reinstalled Reporting Services on win 2003 server that was
added to a domain and has been renamed. Two strange things happen:
1) In IE I am prompted for an ID and password with a basic security
prompt.
2) After supplying the credentials I get some of the report manager web
page but it has a 401 error instead of the folder and options to manage
projects.
I have just reinstalled Reporting Services on win 2003 server that was
added to a domain and has been renamed. Two strange things happen:
1) In IE I am prompted for an ID and password with a basic security
prompt.
2) After supplying the credentials I get some of the report manager web
page but it has a 401 error instead of the folder and options to manage
projects.
The page looks like this:
Error
The request failed with HTTP status 401: Unauthorized.
Home
The reporting services error log contains the following error:
Unknown!ui!ed8!2/9/2005-20:44:32:: v VERBOSE: User
map'<Users><User><Name>DOMAIN\Administrator</Name><Paths><Path>/reports/Home.aspx</Path><NrReq>1</NrReq></Paths></User></Users>'
Unknown!ui!a24!2/9/2005-20:44:33:: v VERBOSE: User
map'<Users><User><Name>DOMAIN\Administrator</Name><Paths><Path>/reports/Pages/Folder.aspx</Path><NrReq>1</NrReq></Paths></User></Users>'
Unknown!ui!a24!2/9/2005-20:44:34:: e ERROR: The request failed with
HTTP status 401: Unauthorized.
Unknown!ui!a24!2/9/2005-20:44:35:: e ERROR: HTTP status code --> 500
I have not changed any of the config files that are installed.
Thanks for any help in advance,
EricI have no idea, although there if you search Google groups for "sql
2000 reporting services http 401" there are a number of hits which may
be useful. You will probably get a better answer in
microsoft.public.sqlserver.reportingsvcs.
Simon
Authorization Based on UserId and Parameter Data
Hi All,
I am novice for reporting services.
Is it possible to get the parameters of the report and do authorisation
check based on the parameter value and UserId ?
Or is there other alternative to this kind of requirement..
Thanks,
RaghuHi,
It is possible but not advisable, there is no field mask for the password
field. Best bet is to use custom form for the password authentication.
Amarnath
"RAV" wrote:
> Hi All,
> I am novice for reporting services.
> Is it possible to get the parameters of the report and do authorisation
> check based on the parameter value and UserId ?
> Or is there other alternative to this kind of requirement..
> Thanks,
> Raghu
>
I am novice for reporting services.
Is it possible to get the parameters of the report and do authorisation
check based on the parameter value and UserId ?
Or is there other alternative to this kind of requirement..
Thanks,
RaghuHi,
It is possible but not advisable, there is no field mask for the password
field. Best bet is to use custom form for the password authentication.
Amarnath
"RAV" wrote:
> Hi All,
> I am novice for reporting services.
> Is it possible to get the parameters of the report and do authorisation
> check based on the parameter value and UserId ?
> Or is there other alternative to this kind of requirement..
> Thanks,
> Raghu
>
Authentication/Security Issue!
Hi,
I have installed SQL reporting services on the local system test machine
[standard edition] which points to a DB that is on a different machine.
Everything works ok if I use a domain account and assign security rights for
each report. But in production I will want to have a local windows account
and assign read rights on the reports individually. I tried doing this in
the test environment.
When I try to access the site using the IP I get the windows log on box.
After entering the local user account I can get to the reports but as soon
as I try and run the report it gives me this error:
The permissions granted to user [domain\user] are insufficient for
performing this operation. (rsAccessDenied)
The problem is i am not logged on as a domain user but as a local machine
user.
Was wondering if any of you have come across this error before and possibly
know the cause/solution to this.
Thanks for your help!
Regards
AnilHi Anil:
Even if you go to an IP address for the server, when you run a report
the report is rendered by an IFRAME element with the URL pointing to
the report server by name.
To verify this behavior, just right-click in the report area, select
properties, and look at the URL. You'll notice your address bar might
look like http://x.x.x.x, but the report properties URL will indicate
http://reporting. The server always uses the <ReportServerUrl> element
in RSWebApplication.config.
Since the IFRAME points you back to the server by name, IE is probably
automatically logging you in again with your domain account, which is
not in a Browse role. You can change IE's behavior in Tools ->
Internet Options -> Security -> Custom Level -> User Authentication
(at the bottom of the list).
--
Scott
http://www.OdeToCode.com
On Mon, 16 Aug 2004 12:31:41 +1200, "anil" <test@.test.com> wrote:
>Hi,
>I have installed SQL reporting services on the local system test machine
>[standard edition] which points to a DB that is on a different machine.
>Everything works ok if I use a domain account and assign security rights for
>each report. But in production I will want to have a local windows account
>and assign read rights on the reports individually. I tried doing this in
>the test environment.
>When I try to access the site using the IP I get the windows log on box.
>After entering the local user account I can get to the reports but as soon
>as I try and run the report it gives me this error:
>
>The permissions granted to user [domain\user] are insufficient for
>performing this operation. (rsAccessDenied)
>The problem is i am not logged on as a domain user but as a local machine
>user.
>Was wondering if any of you have come across this error before and possibly
>know the cause/solution to this.
>Thanks for your help!
>Regards
>Anil
>
I have installed SQL reporting services on the local system test machine
[standard edition] which points to a DB that is on a different machine.
Everything works ok if I use a domain account and assign security rights for
each report. But in production I will want to have a local windows account
and assign read rights on the reports individually. I tried doing this in
the test environment.
When I try to access the site using the IP I get the windows log on box.
After entering the local user account I can get to the reports but as soon
as I try and run the report it gives me this error:
The permissions granted to user [domain\user] are insufficient for
performing this operation. (rsAccessDenied)
The problem is i am not logged on as a domain user but as a local machine
user.
Was wondering if any of you have come across this error before and possibly
know the cause/solution to this.
Thanks for your help!
Regards
AnilHi Anil:
Even if you go to an IP address for the server, when you run a report
the report is rendered by an IFRAME element with the URL pointing to
the report server by name.
To verify this behavior, just right-click in the report area, select
properties, and look at the URL. You'll notice your address bar might
look like http://x.x.x.x, but the report properties URL will indicate
http://reporting. The server always uses the <ReportServerUrl> element
in RSWebApplication.config.
Since the IFRAME points you back to the server by name, IE is probably
automatically logging you in again with your domain account, which is
not in a Browse role. You can change IE's behavior in Tools ->
Internet Options -> Security -> Custom Level -> User Authentication
(at the bottom of the list).
--
Scott
http://www.OdeToCode.com
On Mon, 16 Aug 2004 12:31:41 +1200, "anil" <test@.test.com> wrote:
>Hi,
>I have installed SQL reporting services on the local system test machine
>[standard edition] which points to a DB that is on a different machine.
>Everything works ok if I use a domain account and assign security rights for
>each report. But in production I will want to have a local windows account
>and assign read rights on the reports individually. I tried doing this in
>the test environment.
>When I try to access the site using the IP I get the windows log on box.
>After entering the local user account I can get to the reports but as soon
>as I try and run the report it gives me this error:
>
>The permissions granted to user [domain\user] are insufficient for
>performing this operation. (rsAccessDenied)
>The problem is i am not logged on as a domain user but as a local machine
>user.
>Was wondering if any of you have come across this error before and possibly
>know the cause/solution to this.
>Thanks for your help!
>Regards
>Anil
>
authentication/db connection issues with new setup
Hi,
I've pretty much just thrown together a reporting services (2005)
configuration which connects to a mature sql server 2000 database held
elsewhere. Forgive me for probably not having too much of a clue
about how things should be set up, but I had a go.
I'll get straight to the problem.. that is I can view reports from the
machine running the server, using my own credentials or those of
someone else (tested by running IE7 under an alternative account on
the domain).
However, when using those same user credentials but from a different
machine, I get the following error:
An error has occurred during report processing.
Cannot create a connection to data source 'dsTachyon'.
Login failed for user '(null)'. Reason: Not associated with a trusted
SQL Server connection.
Any ideas as to what would be causing this?
cheers,
ChrisMy guess is that it's a "double hop" authentication problem.
You can connect directly to the db when you're on the server, which is a
direct connection. But when you're trying to connect to the db through the
report server, you have one connection hop from your pc to the report
server, and one hop from the report server to the db server. This is called
a double hop.
There are two ways of fixing it.
1) You can connect to the db with a static account that has read access to
the db you get your data from. Instead of using Windows Integrated
Authentication, you use "Credentials stored securely in the report server".
This can be either a SQL account or a Windows account. If you use this, make
sure you're encrypting the data in your report database, in order to encrypt
the password you add.
2) Configure the report server and the db server to use Kerberos, to allow
the credentials to be sent from your pc through the report server to the db
server.
If you want to use Kerberos, start by reading
Configuring Authentication for Reporting Services
http://msdn2.microsoft.com/en-us/library/bb283249.aspx
Specifying Credential and Connection Information
http://msdn2.microsoft.com/en-us/library/ms160330.aspx#
And
Configuring Constrained Delegation for Kerberos (IIS 6.0)
http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/df979570-81f6-4586-83c6-676bb005b13e.mspx?mfr=true
You also need to make sure Anonymous Access to the Report Server web
application is not allowed.
My suggestion is to first see if you're able to connect to the data with the
first setup (using a static account). If it works, you should use Kerberos,
as this is a more secure solution. If it doesn't work with a static account,
you might want to work out why before setting up Kerberos, because it's
usually easier, but less secure to make it work with a static account.
Kaisa M. Lindahl Lervik
"Not Me" <clhumphreys@.gmail.com> wrote in message
news:1174310214.836485.140910@.n59g2000hsh.googlegroups.com...
> Hi,
> I've pretty much just thrown together a reporting services (2005)
> configuration which connects to a mature sql server 2000 database held
> elsewhere. Forgive me for probably not having too much of a clue
> about how things should be set up, but I had a go.
> I'll get straight to the problem.. that is I can view reports from the
> machine running the server, using my own credentials or those of
> someone else (tested by running IE7 under an alternative account on
> the domain).
> However, when using those same user credentials but from a different
> machine, I get the following error:
> An error has occurred during report processing.
> Cannot create a connection to data source 'dsTachyon'.
> Login failed for user '(null)'. Reason: Not associated with a trusted
> SQL Server connection.
> Any ideas as to what would be causing this?
> cheers,
> Chris
>|||On 19 Mar, 14:00, "Kaisa M. Lindahl Lervik" <kais...@.hotmail.com>
wrote:
> My guess is that it's a "double hop" authentication problem.
> You can connect directly to the db when you're on the server, which is a
> direct connection. But when you're trying to connect to the db through the
> report server, you have one connection hop from your pc to the report
> server, and one hop from the report server to the db server. This is called
> a double hop.
Thank you! Great depth to your reply, I've tried the static account
solution and that works so I'll give Kerberos a look.
Cheers,
Chris
I've pretty much just thrown together a reporting services (2005)
configuration which connects to a mature sql server 2000 database held
elsewhere. Forgive me for probably not having too much of a clue
about how things should be set up, but I had a go.
I'll get straight to the problem.. that is I can view reports from the
machine running the server, using my own credentials or those of
someone else (tested by running IE7 under an alternative account on
the domain).
However, when using those same user credentials but from a different
machine, I get the following error:
An error has occurred during report processing.
Cannot create a connection to data source 'dsTachyon'.
Login failed for user '(null)'. Reason: Not associated with a trusted
SQL Server connection.
Any ideas as to what would be causing this?
cheers,
ChrisMy guess is that it's a "double hop" authentication problem.
You can connect directly to the db when you're on the server, which is a
direct connection. But when you're trying to connect to the db through the
report server, you have one connection hop from your pc to the report
server, and one hop from the report server to the db server. This is called
a double hop.
There are two ways of fixing it.
1) You can connect to the db with a static account that has read access to
the db you get your data from. Instead of using Windows Integrated
Authentication, you use "Credentials stored securely in the report server".
This can be either a SQL account or a Windows account. If you use this, make
sure you're encrypting the data in your report database, in order to encrypt
the password you add.
2) Configure the report server and the db server to use Kerberos, to allow
the credentials to be sent from your pc through the report server to the db
server.
If you want to use Kerberos, start by reading
Configuring Authentication for Reporting Services
http://msdn2.microsoft.com/en-us/library/bb283249.aspx
Specifying Credential and Connection Information
http://msdn2.microsoft.com/en-us/library/ms160330.aspx#
And
Configuring Constrained Delegation for Kerberos (IIS 6.0)
http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/df979570-81f6-4586-83c6-676bb005b13e.mspx?mfr=true
You also need to make sure Anonymous Access to the Report Server web
application is not allowed.
My suggestion is to first see if you're able to connect to the data with the
first setup (using a static account). If it works, you should use Kerberos,
as this is a more secure solution. If it doesn't work with a static account,
you might want to work out why before setting up Kerberos, because it's
usually easier, but less secure to make it work with a static account.
Kaisa M. Lindahl Lervik
"Not Me" <clhumphreys@.gmail.com> wrote in message
news:1174310214.836485.140910@.n59g2000hsh.googlegroups.com...
> Hi,
> I've pretty much just thrown together a reporting services (2005)
> configuration which connects to a mature sql server 2000 database held
> elsewhere. Forgive me for probably not having too much of a clue
> about how things should be set up, but I had a go.
> I'll get straight to the problem.. that is I can view reports from the
> machine running the server, using my own credentials or those of
> someone else (tested by running IE7 under an alternative account on
> the domain).
> However, when using those same user credentials but from a different
> machine, I get the following error:
> An error has occurred during report processing.
> Cannot create a connection to data source 'dsTachyon'.
> Login failed for user '(null)'. Reason: Not associated with a trusted
> SQL Server connection.
> Any ideas as to what would be causing this?
> cheers,
> Chris
>|||On 19 Mar, 14:00, "Kaisa M. Lindahl Lervik" <kais...@.hotmail.com>
wrote:
> My guess is that it's a "double hop" authentication problem.
> You can connect directly to the db when you're on the server, which is a
> direct connection. But when you're trying to connect to the db through the
> report server, you have one connection hop from your pc to the report
> server, and one hop from the report server to the db server. This is called
> a double hop.
Thank you! Great depth to your reply, I've tried the static account
solution and that works so I'll give Kerberos a look.
Cheers,
Chris
Authentication with AD and cookies
Hi all!
We are going to set up Reporting Services 2005. We have two groups of
customers that are going to access our reports; internal and external
customers.
The internal customers should be authenticated through Active Directory,
while the external customers should be authenticated using cookies. The
external customers will first logon to another web-application which has its
own user database. From this application they will have a link to Reporting
Services.
How will I have to set up my reporting services server(s) to achieve this?
The internal and external uses are not going to share reports. However, the
extenal users should access linked reports (ie. same report but different
parameter values).
Thanks in advance for your help.RS doesn't support a mixed security mode, so it has to be either Windows or
custom security. It looks like in your scenario, Windows security could be a
better fit. Assuming that you don't need the external customer identity in
your reports, once the web app authenticates the external customers, it can
connect to RS using a single trusted account, e.g. the identity of the IIS
application pool in Windows Server 2003.
--
HTH,
---
Teo Lachev, MVP, MCSD, MCT
"Microsoft Reporting Services in Action"
"Applied Microsoft Analysis Services 2005"
Home page and blog: http://www.prologika.com/
---
"Billy" <Billy@.discussions.microsoft.com> wrote in message
news:8CBE5F6F-B2A5-44DA-A8DA-E4887C60BF67@.microsoft.com...
> Hi all!
> We are going to set up Reporting Services 2005. We have two groups of
> customers that are going to access our reports; internal and external
> customers.
> The internal customers should be authenticated through Active Directory,
> while the external customers should be authenticated using cookies. The
> external customers will first logon to another web-application which has
> its
> own user database. From this application they will have a link to
> Reporting
> Services.
> How will I have to set up my reporting services server(s) to achieve this?
> The internal and external uses are not going to share reports. However,
> the
> extenal users should access linked reports (ie. same report but different
> parameter values).
> Thanks in advance for your help.
>|||ok.
Is it possible to set up two separate instances of RS om the same server and
then route external users to instance A and internal users to instance B?
"Teo Lachev [MVP]" wrote:
> RS doesn't support a mixed security mode, so it has to be either Windows or
> custom security. It looks like in your scenario, Windows security could be a
> better fit. Assuming that you don't need the external customer identity in
> your reports, once the web app authenticates the external customers, it can
> connect to RS using a single trusted account, e.g. the identity of the IIS
> application pool in Windows Server 2003.
> --
> HTH,
> ---
> Teo Lachev, MVP, MCSD, MCT
> "Microsoft Reporting Services in Action"
> "Applied Microsoft Analysis Services 2005"
> Home page and blog: http://www.prologika.com/
> ---
> "Billy" <Billy@.discussions.microsoft.com> wrote in message
> news:8CBE5F6F-B2A5-44DA-A8DA-E4887C60BF67@.microsoft.com...
> > Hi all!
> >
> > We are going to set up Reporting Services 2005. We have two groups of
> > customers that are going to access our reports; internal and external
> > customers.
> >
> > The internal customers should be authenticated through Active Directory,
> > while the external customers should be authenticated using cookies. The
> > external customers will first logon to another web-application which has
> > its
> > own user database. From this application they will have a link to
> > Reporting
> > Services.
> >
> > How will I have to set up my reporting services server(s) to achieve this?
> > The internal and external uses are not going to share reports. However,
> > the
> > extenal users should access linked reports (ie. same report but different
> > parameter values).
> >
> > Thanks in advance for your help.
> >
>
>|||I don't think this scenario is officially supported but it looks like when
there is a will, there is a way
(http://www.sqljunkies.com/HowTo/525B575A-7F61-483A-AC8F-FEC700C34674.scuk).
--
HTH,
---
Teo Lachev, MVP, MCSD, MCT
"Microsoft Reporting Services in Action"
"Applied Microsoft Analysis Services 2005"
Home page and blog: http://www.prologika.com/
---
"Billy" <Billy@.discussions.microsoft.com> wrote in message
news:E6DD5D19-8C25-4C1E-8154-5C736723D80C@.microsoft.com...
> ok.
> Is it possible to set up two separate instances of RS om the same server
> and
> then route external users to instance A and internal users to instance B?
> "Teo Lachev [MVP]" wrote:
>> RS doesn't support a mixed security mode, so it has to be either Windows
>> or
>> custom security. It looks like in your scenario, Windows security could
>> be a
>> better fit. Assuming that you don't need the external customer identity
>> in
>> your reports, once the web app authenticates the external customers, it
>> can
>> connect to RS using a single trusted account, e.g. the identity of the
>> IIS
>> application pool in Windows Server 2003.
>> --
>> HTH,
>> ---
>> Teo Lachev, MVP, MCSD, MCT
>> "Microsoft Reporting Services in Action"
>> "Applied Microsoft Analysis Services 2005"
>> Home page and blog: http://www.prologika.com/
>> ---
>> "Billy" <Billy@.discussions.microsoft.com> wrote in message
>> news:8CBE5F6F-B2A5-44DA-A8DA-E4887C60BF67@.microsoft.com...
>> > Hi all!
>> >
>> > We are going to set up Reporting Services 2005. We have two groups of
>> > customers that are going to access our reports; internal and external
>> > customers.
>> >
>> > The internal customers should be authenticated through Active
>> > Directory,
>> > while the external customers should be authenticated using cookies. The
>> > external customers will first logon to another web-application which
>> > has
>> > its
>> > own user database. From this application they will have a link to
>> > Reporting
>> > Services.
>> >
>> > How will I have to set up my reporting services server(s) to achieve
>> > this?
>> > The internal and external uses are not going to share reports. However,
>> > the
>> > extenal users should access linked reports (ie. same report but
>> > different
>> > parameter values).
>> >
>> > Thanks in advance for your help.
>> >
>>
We are going to set up Reporting Services 2005. We have two groups of
customers that are going to access our reports; internal and external
customers.
The internal customers should be authenticated through Active Directory,
while the external customers should be authenticated using cookies. The
external customers will first logon to another web-application which has its
own user database. From this application they will have a link to Reporting
Services.
How will I have to set up my reporting services server(s) to achieve this?
The internal and external uses are not going to share reports. However, the
extenal users should access linked reports (ie. same report but different
parameter values).
Thanks in advance for your help.RS doesn't support a mixed security mode, so it has to be either Windows or
custom security. It looks like in your scenario, Windows security could be a
better fit. Assuming that you don't need the external customer identity in
your reports, once the web app authenticates the external customers, it can
connect to RS using a single trusted account, e.g. the identity of the IIS
application pool in Windows Server 2003.
--
HTH,
---
Teo Lachev, MVP, MCSD, MCT
"Microsoft Reporting Services in Action"
"Applied Microsoft Analysis Services 2005"
Home page and blog: http://www.prologika.com/
---
"Billy" <Billy@.discussions.microsoft.com> wrote in message
news:8CBE5F6F-B2A5-44DA-A8DA-E4887C60BF67@.microsoft.com...
> Hi all!
> We are going to set up Reporting Services 2005. We have two groups of
> customers that are going to access our reports; internal and external
> customers.
> The internal customers should be authenticated through Active Directory,
> while the external customers should be authenticated using cookies. The
> external customers will first logon to another web-application which has
> its
> own user database. From this application they will have a link to
> Reporting
> Services.
> How will I have to set up my reporting services server(s) to achieve this?
> The internal and external uses are not going to share reports. However,
> the
> extenal users should access linked reports (ie. same report but different
> parameter values).
> Thanks in advance for your help.
>|||ok.
Is it possible to set up two separate instances of RS om the same server and
then route external users to instance A and internal users to instance B?
"Teo Lachev [MVP]" wrote:
> RS doesn't support a mixed security mode, so it has to be either Windows or
> custom security. It looks like in your scenario, Windows security could be a
> better fit. Assuming that you don't need the external customer identity in
> your reports, once the web app authenticates the external customers, it can
> connect to RS using a single trusted account, e.g. the identity of the IIS
> application pool in Windows Server 2003.
> --
> HTH,
> ---
> Teo Lachev, MVP, MCSD, MCT
> "Microsoft Reporting Services in Action"
> "Applied Microsoft Analysis Services 2005"
> Home page and blog: http://www.prologika.com/
> ---
> "Billy" <Billy@.discussions.microsoft.com> wrote in message
> news:8CBE5F6F-B2A5-44DA-A8DA-E4887C60BF67@.microsoft.com...
> > Hi all!
> >
> > We are going to set up Reporting Services 2005. We have two groups of
> > customers that are going to access our reports; internal and external
> > customers.
> >
> > The internal customers should be authenticated through Active Directory,
> > while the external customers should be authenticated using cookies. The
> > external customers will first logon to another web-application which has
> > its
> > own user database. From this application they will have a link to
> > Reporting
> > Services.
> >
> > How will I have to set up my reporting services server(s) to achieve this?
> > The internal and external uses are not going to share reports. However,
> > the
> > extenal users should access linked reports (ie. same report but different
> > parameter values).
> >
> > Thanks in advance for your help.
> >
>
>|||I don't think this scenario is officially supported but it looks like when
there is a will, there is a way
(http://www.sqljunkies.com/HowTo/525B575A-7F61-483A-AC8F-FEC700C34674.scuk).
--
HTH,
---
Teo Lachev, MVP, MCSD, MCT
"Microsoft Reporting Services in Action"
"Applied Microsoft Analysis Services 2005"
Home page and blog: http://www.prologika.com/
---
"Billy" <Billy@.discussions.microsoft.com> wrote in message
news:E6DD5D19-8C25-4C1E-8154-5C736723D80C@.microsoft.com...
> ok.
> Is it possible to set up two separate instances of RS om the same server
> and
> then route external users to instance A and internal users to instance B?
> "Teo Lachev [MVP]" wrote:
>> RS doesn't support a mixed security mode, so it has to be either Windows
>> or
>> custom security. It looks like in your scenario, Windows security could
>> be a
>> better fit. Assuming that you don't need the external customer identity
>> in
>> your reports, once the web app authenticates the external customers, it
>> can
>> connect to RS using a single trusted account, e.g. the identity of the
>> IIS
>> application pool in Windows Server 2003.
>> --
>> HTH,
>> ---
>> Teo Lachev, MVP, MCSD, MCT
>> "Microsoft Reporting Services in Action"
>> "Applied Microsoft Analysis Services 2005"
>> Home page and blog: http://www.prologika.com/
>> ---
>> "Billy" <Billy@.discussions.microsoft.com> wrote in message
>> news:8CBE5F6F-B2A5-44DA-A8DA-E4887C60BF67@.microsoft.com...
>> > Hi all!
>> >
>> > We are going to set up Reporting Services 2005. We have two groups of
>> > customers that are going to access our reports; internal and external
>> > customers.
>> >
>> > The internal customers should be authenticated through Active
>> > Directory,
>> > while the external customers should be authenticated using cookies. The
>> > external customers will first logon to another web-application which
>> > has
>> > its
>> > own user database. From this application they will have a link to
>> > Reporting
>> > Services.
>> >
>> > How will I have to set up my reporting services server(s) to achieve
>> > this?
>> > The internal and external uses are not going to share reports. However,
>> > the
>> > extenal users should access linked reports (ie. same report but
>> > different
>> > parameter values).
>> >
>> > Thanks in advance for your help.
>> >
>>
Authentication Reporting Services and web reportviewer
Hi,
I’ve an application Web which uses to reportviewer to show information. I want that all the users of the application accede to reports by means of he himself user and password. This user is a local user of report’s server. The problem is that when attempt to show report always appear the following error:
The request failed with HTTP status 401: Unauthorized.
The code that use is the following one:
ReportViewer1.ServerReport.ReportServerCredentials = new ReportViewerCredentials("Usuario", "pwd", "servidor");
using System;
using System.Data;
using System.Configuration;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
using Microsoft.Reporting.WebForms;
using System.Net;
using System.Security.Principal;
using System.Runtime.InteropServices;
/// <summary>
/// Summary description for ReportViewerCredentials
/// </summary>
public class ReportViewerCredentials : IReportServerCredentials
{
[DllImport("advapi32.dll", SetLastError = true)]
public extern static bool LogonUser(String lpszUsername, String lpszDomain, String lpszPassword, int dwLogonType, int dwLogonProvider, ref IntPtr phToken);
[DllImport("kernel32.dll", CharSet = CharSet.Auto)]
public extern static bool CloseHandle(IntPtr handle);
[DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)]
public extern static bool DuplicateToken(IntPtr ExistingTokenHandle,
int SECURITY_IMPERSONATION_LEVEL, ref IntPtr DuplicateTokenHandle);
public ReportViewerCredentials()
{
}
public ReportViewerCredentials(string username)
{
this.Username = username;
}
public ReportViewerCredentials(string username, string password)
{
this.Username = username;
this.Password = password;
}
public ReportViewerCredentials(string username, string password, string domain)
{
this.Username = username;
this.Password = password;
this.Domain = domain;
}
public string Username
{
get
{
return this.username;
}
set
{
string username = value;
if (username.Contains("\\"))
{
this.domain = username.Substring(0, username.IndexOf("\\"));
this.username = username.Substring(username.IndexOf("\\") + 1);
}
else
{
this.username = username;
}
}
}
private string username;
public string Password
{
get
{
return this.password;
}
set
{
this.password = value;
}
}
private string password;
public string Domain
{
get
{
return this.domain;
}
set
{
this.domain = value;
}
}
private string domain;
#region IReportServerCredentials Members
public bool GetBasicCredentials(out string basicUser, out string basicPassword, out string basicDomain)
{
basicUser = username;
basicPassword = password;
basicDomain = domain;
return username != null && password != null && domain != null;
}
public bool GetFormsCredentials(out string formsUser, out string formsPassword, out string formsAuthority)
{
formsUser = username;
formsPassword = password;
formsAuthority = domain;
return username != null && password != null && domain != null;
}
public bool GetFormsCredentials(out Cookie authCookie,out string user, out string password, out string authority)
{
authCookie = null;
user = password = authority = null;
return false;// Not implemented
}
public WindowsIdentity ImpersonationUser
{
get
{
string[] args = new string[3] { this.Domain.ToString(), this.Username.ToString(), this.Password.ToString() };
IntPtr tokenHandle = new IntPtr(0);
IntPtr dupeTokenHandle = new IntPtr(0);
//const int LOGON32_PROVIDER_DEFAULT = 0;
////This parameter causes LogonUser to create a primary token.
//const int LOGON32_LOGON_INTERACTIVE = 2;
const int LOGON32_PROVIDER_DEFAULT = 3;
//This parameter causes LogonUser to create a primary token.
const int LOGON32_LOGON_INTERACTIVE = 9;
const int SecurityImpersonation = 2;
tokenHandle = IntPtr.Zero;
dupeTokenHandle = IntPtr.Zero;
try
{
// Call LogonUser to obtain an handle to an access token.
bool returnValue = LogonUser(args[1], args[0], args[2],
LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT,
ref tokenHandle);
if (false == returnValue)
{
Console.WriteLine("LogonUser failed with error code : {0}",Marshal.GetLastWin32Error());
return null;
}
// Check the identity.
System.Diagnostics.Trace.WriteLine("Before impersonation: "
+ WindowsIdentity.GetCurrent().Name);
bool retVal = DuplicateToken(tokenHandle, SecurityImpersonation, ref dupeTokenHandle);
if (false == retVal)
{
CloseHandle(tokenHandle);
Console.WriteLine("Exception in token duplication.");
return null;
}
// The token that is passed to the following constructor must
// be a primary token to impersonate.
WindowsIdentity newId = new WindowsIdentity(dupeTokenHandle);
WindowsImpersonationContext impersonatedUser = newId.Impersonate();
// Free the tokens.
if (tokenHandle != IntPtr.Zero)
CloseHandle(tokenHandle);
if (dupeTokenHandle != IntPtr.Zero)
CloseHandle(dupeTokenHandle);
// Check the identity.
System.Diagnostics.Trace.WriteLine("After impersonation: "
+ WindowsIdentity.GetCurrent().Name);
return newId;
}
catch (Exception ex)
{
Console.WriteLine("Exception occurred. " + ex.Message);
}
return null;
}
}
public ICredentials NetworkCredentials
{
get
{
return null;// Not using NetworkCredentials to authenticate.
}
}
#endregion
}
Go to the following links, this will solve your problem
http://blogs.msdn.com/bimusings/archive/2005/12/05/500195.aspx
http://www.odetocode.com/Articles/216.aspx
Authentication Problem x64
Win 2003 Server x64, .Net 2.0 x64 Reporting Services 2005. RS Database is a remote SQL 2005 on the same Domain in the same room. I can only get the report manager to authenticate local users; it will not authenticate Domain users.If I set up a local user and add a New Role Assignment all works OK.I have no problem adding a Domain user to a New Role Assignment, it allows this, but it will not authenticate the user.Adding the Domain user to the Windows Administrators group also has no effect.
Am I missing something simple?
I doubt this has anything to do with the x64-ness of your HW.
When you say "it will not authenticate the user", what exactly do you mean?
|||If I try to log on to http://mymachine/reports with a local user it will let me on.If I try to log on as a Domain user, it keeps bringing up the logon screen. (Windows Authentication)Both users are set up in a role in RS.
|||It sounds to me like IIS is not recognizing the user. Does that user have permissions on the machine aside from being in the RS role?|||If you are asking about the Domain users, NO. I am expecting it to work like Share Point, where you add the Domain user in the site and give it permissions on the site. Am I assuming wrong?|||Can you check the IIS logs on the machine for when the domain user tries to connect?
SRS doesn't grant the user any permissions on the box, so if the user did not have a valid account on the machine before, he still won't be able to have access to SRS because IIS will fail the request before it even gets to SRS.
|||John,
I see the Get entry in the IIS log, no other entries. I see a success audit entry in the Security Log for that user.
If I log on with the the local user, I see the POST entries etc in the IIS log.
Do I need to set up the domain user to have some local rights?
|||I finally wipped the machine clean and started again. Now RS will authenticate a domain user fine.Thursday, March 22, 2012
Authentication over the internet
I am building an asp.net app that will use reporting services to show reports within the application. Users login to the application and when they need to see a report I use web services to render the report. The asp.net app and reporting services are on the same windows 2003 server (not using active directory).
Because reporting services uses Windows authentication and does not allow anonymous access, I have created a windows account (called "RSUser") that has access to my reports. When the user runs a report, I pass in the credentials for this windows account like this...
rs.Credentials = New System.Net.NetworkCredential("RSUser", "password", "domain")
This all works, and the report renders using the permissions from RSUser. The problem is that all the reports use treeviews for drill-down (and some use drill-through). When you expand a drill down you are prompted for a windows login. I think this is because this postback is now coming from the client PC, instead if from the asp.net app (i.e. on the server), and so reporting services needs to anthenticate this new user.
The only solution that I have found for this is developing a security extension for reporting services...
http://msdn.microsoft.com/library/?url=/library/en-us/dnsql2k/html/ufairs.asp?frame=true#ufairs_topic3
... but this seems like overkill and a very complicated process, and Microsoft says in the article that this is not fully tested and should not be used in a production environment (but that where I need it for).
Does anyone have a solution ?
Craig HBJust a thought: Have you tried to setup a individual Application pool that works with your RSUser Account?
"Craig HB" wrote:
> I am building an asp.net app that will use reporting services to show reports within the application. Users login to the application and when they need to see a report I use web services to render the report. The asp.net app and reporting services are on the same windows 2003 server (not using active directory).
> Because reporting services uses Windows authentication and does not allow anonymous access, I have created a windows account (called "RSUser") that has access to my reports. When the user runs a report, I pass in the credentials for this windows account like this...
> rs.Credentials = New System.Net.NetworkCredential("RSUser", "password", "domain")
> This all works, and the report renders using the permissions from RSUser. The problem is that all the reports use treeviews for drill-down (and some use drill-through). When you expand a drill down you are prompted for a windows login. I think this is because this postback is now coming from the client PC, instead if from the asp.net app (i.e. on the server), and so reporting services needs to anthenticate this new user.
> The only solution that I have found for this is developing a security extension for reporting services...
> http://msdn.microsoft.com/library/?url=/library/en-us/dnsql2k/html/ufairs.asp?frame=true#ufairs_topic3
> ... but this seems like overkill and a very complicated process, and Microsoft says in the article that this is not fully tested and should not be used in a production environment (but that where I need it for).
> Does anyone have a solution ?
> Craig HB|||Craig,
You are right. You get prompted because the drilldown and drillthough
interactive features require URL acccess and request goes out on the client
side of the application.
In a nutshell, if your reports have interactive features you need to go for
URL access. For Internet-oriented apps this means writing a custom security
extension. It is not that involved to write and I have deployed an
application that uses a custom security extension in a production
environment. There are some gotchas to avoid but in general my experience
writing custom security extensions have been positive and you will learn a
lot about how RS handles authentication and authorization.
--
Hope this helps.
---
Teo Lachev, MCSD, MCT
Author: "Microsoft Reporting Services in Action"
http://www.prologika.com
"Gash" <Gash@.discussions.microsoft.com> wrote in message
news:FFF038F5-4A21-4DFA-846C-6A3A84683D2D@.microsoft.com...
> Just a thought: Have you tried to setup a individual Application pool that
works with your RSUser Account?
> "Craig HB" wrote:
> > I am building an asp.net app that will use reporting services to show
reports within the application. Users login to the application and when they
need to see a report I use web services to render the report. The asp.net
app and reporting services are on the same windows 2003 server (not using
active directory).
> >
> > Because reporting services uses Windows authentication and does not
allow anonymous access, I have created a windows account (called "RSUser")
that has access to my reports. When the user runs a report, I pass in the
credentials for this windows account like this...
> >
> > rs.Credentials = New System.Net.NetworkCredential("RSUser", "password",
"domain")
> >
> > This all works, and the report renders using the permissions from
RSUser. The problem is that all the reports use treeviews for drill-down
(and some use drill-through). When you expand a drill down you are prompted
for a windows login. I think this is because this postback is now coming
from the client PC, instead if from the asp.net app (i.e. on the server),
and so reporting services needs to anthenticate this new user.
> >
> > The only solution that I have found for this is developing a security
extension for reporting services...
> >
> >
http://msdn.microsoft.com/library/?url=/library/en-us/dnsql2k/html/ufairs.asp?frame=true#ufairs_topic3
> >
> > ... but this seems like overkill and a very complicated process, and
Microsoft says in the article that this is not fully tested and should not
be used in a production environment (but that where I need it for).
> >
> > Does anyone have a solution ?
> >
> > Craig HB|||Start here
http://msdn.microsoft.com/library/?url=/library/en-us/dnsql2k/html/ufairs.asp?frame=true#ufairs_topic3
--
Hope this helps.
----
Teo Lachev, MCSD, MCT
Author: "Microsoft Reporting Services in Action"
Publisher website: http://www.manning.com/lachev
Buy it from Amazon.com: http://shrinkster.com/eq
Home page and blog: http://www.prologika.com/
----
"jbmeeh" <jbmeeh@.discussions.microsoft.com> wrote in message
news:3A2F7D63-C267-4CED-A5CC-4B42186B98B6@.microsoft.com...
> Is there any sample code for writing a custom security extension? I have
> already validated the user and I want to provide url access to the report
> server.
> "Teo" wrote:
> > Craig,
> >
> > You are right. You get prompted because the drilldown and drillthough
> > interactive features require URL acccess and request goes out on the
client
> > side of the application.
> >
> > In a nutshell, if your reports have interactive features you need to go
for
> > URL access. For Internet-oriented apps this means writing a custom
security
> > extension. It is not that involved to write and I have deployed an
> > application that uses a custom security extension in a production
> > environment. There are some gotchas to avoid but in general my
experience
> > writing custom security extensions have been positive and you will learn
a
> > lot about how RS handles authentication and authorization.
> >
> > --
> > Hope this helps.
> >
> > ---
> > Teo Lachev, MCSD, MCT
> > Author: "Microsoft Reporting Services in Action"
> > http://www.prologika.com
> >
> >
> > "Gash" <Gash@.discussions.microsoft.com> wrote in message
> > news:FFF038F5-4A21-4DFA-846C-6A3A84683D2D@.microsoft.com...
> > > Just a thought: Have you tried to setup a individual Application pool
that
> > works with your RSUser Account?
> > >
> > > "Craig HB" wrote:
> > >
> > > > I am building an asp.net app that will use reporting services to
show
> > reports within the application. Users login to the application and when
they
> > need to see a report I use web services to render the report. The
asp.net
> > app and reporting services are on the same windows 2003 server (not
using
> > active directory).
> > > >
> > > > Because reporting services uses Windows authentication and does not
> > allow anonymous access, I have created a windows account (called
"RSUser")
> > that has access to my reports. When the user runs a report, I pass in
the
> > credentials for this windows account like this...
> > > >
> > > > rs.Credentials = New System.Net.NetworkCredential("RSUser",
"password",
> > "domain")
> > > >
> > > > This all works, and the report renders using the permissions from
> > RSUser. The problem is that all the reports use treeviews for drill-down
> > (and some use drill-through). When you expand a drill down you are
prompted
> > for a windows login. I think this is because this postback is now coming
> > from the client PC, instead if from the asp.net app (i.e. on the
server),
> > and so reporting services needs to anthenticate this new user.
> > > >
> > > > The only solution that I have found for this is developing a
security
> > extension for reporting services...
> > > >
> > > >
> >
http://msdn.microsoft.com/library/?url=/library/en-us/dnsql2k/html/ufairs.asp?frame=true#ufairs_topic3
> > > >
> > > > ... but this seems like overkill and a very complicated process, and
> > Microsoft says in the article that this is not fully tested and should
not
> > be used in a production environment (but that where I need it for).
> > > >
> > > > Does anyone have a solution ?
> > > >
> > > > Craig HB
> >
> >
> >|||I have seen this article and it is good if I wanted to build a standalone
application to allow access to the report server. However, i have an existing
application with forms authentication in which I want to embed url access to
the report server. I was hoping that there would be code samples or an
article for this particular issue. I don't need to present another form to
the user to capture credentials. Can i use my existing forms authentication
ticket or do I need to create a new one. Do I call the LogonUser webservice
to create a cookie for a user that has been created on the report manager. It
seems like there are a lot of people trying to solve the same problem, but
not too many examples.
"Teo Lachev" wrote:
> Start here
> http://msdn.microsoft.com/library/?url=/library/en-us/dnsql2k/html/ufairs.asp?frame=true#ufairs_topic3
> --
> Hope this helps.
> ----
> Teo Lachev, MCSD, MCT
> Author: "Microsoft Reporting Services in Action"
> Publisher website: http://www.manning.com/lachev
> Buy it from Amazon.com: http://shrinkster.com/eq
> Home page and blog: http://www.prologika.com/
> ----
> "jbmeeh" <jbmeeh@.discussions.microsoft.com> wrote in message
> news:3A2F7D63-C267-4CED-A5CC-4B42186B98B6@.microsoft.com...
> > Is there any sample code for writing a custom security extension? I have
> > already validated the user and I want to provide url access to the report
> > server.
> >
> > "Teo" wrote:
> >
> > > Craig,
> > >
> > > You are right. You get prompted because the drilldown and drillthough
> > > interactive features require URL acccess and request goes out on the
> client
> > > side of the application.
> > >
> > > In a nutshell, if your reports have interactive features you need to go
> for
> > > URL access. For Internet-oriented apps this means writing a custom
> security
> > > extension. It is not that involved to write and I have deployed an
> > > application that uses a custom security extension in a production
> > > environment. There are some gotchas to avoid but in general my
> experience
> > > writing custom security extensions have been positive and you will learn
> a
> > > lot about how RS handles authentication and authorization.
> > >
> > > --
> > > Hope this helps.
> > >
> > > ---
> > > Teo Lachev, MCSD, MCT
> > > Author: "Microsoft Reporting Services in Action"
> > > http://www.prologika.com
> > >
> > >
> > > "Gash" <Gash@.discussions.microsoft.com> wrote in message
> > > news:FFF038F5-4A21-4DFA-846C-6A3A84683D2D@.microsoft.com...
> > > > Just a thought: Have you tried to setup a individual Application pool
> that
> > > works with your RSUser Account?
> > > >
> > > > "Craig HB" wrote:
> > > >
> > > > > I am building an asp.net app that will use reporting services to
> show
> > > reports within the application. Users login to the application and when
> they
> > > need to see a report I use web services to render the report. The
> asp.net
> > > app and reporting services are on the same windows 2003 server (not
> using
> > > active directory).
> > > > >
> > > > > Because reporting services uses Windows authentication and does not
> > > allow anonymous access, I have created a windows account (called
> "RSUser")
> > > that has access to my reports. When the user runs a report, I pass in
> the
> > > credentials for this windows account like this...
> > > > >
> > > > > rs.Credentials = New System.Net.NetworkCredential("RSUser",
> "password",
> > > "domain")
> > > > >
> > > > > This all works, and the report renders using the permissions from
> > > RSUser. The problem is that all the reports use treeviews for drill-down
> > > (and some use drill-through). When you expand a drill down you are
> prompted
> > > for a windows login. I think this is because this postback is now coming
> > > from the client PC, instead if from the asp.net app (i.e. on the
> server),
> > > and so reporting services needs to anthenticate this new user.
> > > > >
> > > > > The only solution that I have found for this is developing a
> security
> > > extension for reporting services...
> > > > >
> > > > >
> > >
> http://msdn.microsoft.com/library/?url=/library/en-us/dnsql2k/html/ufairs.asp?frame=true#ufairs_topic3
> > > > >
> > > > > ... but this seems like overkill and a very complicated process, and
> > > Microsoft says in the article that this is not fully tested and should
> not
> > > be used in a production environment (but that where I need it for).
> > > > >
> > > > > Does anyone have a solution ?
> > > > >
> > > > > Craig HB
> > >
> > >
> > >
>
>|||> Can i use my existing forms authentication
> ticket or do I need to create a new one.
No, you cannot use your app Forms Authentication ticket and you don't have
to have another logon form. Instead, your application needs to call the RS
LogonUser SOAP API once it authenticates the user. You will end up with two
authentication tickets (cookies) but this shouldn't be too much of an issue.
The MS article should be good enough to address you scenario. You just need
to understand how RS Forms Authentication works by debugging the extension.
I have a two-part article in the works for a magazine about Forms
Authentication. Unfortunately, judging by the editors speed, it won't make
it before the end of the year. Meanwhile, you can check the other threads
on this topic. It's been discussed many times.
--
Hope this helps.
----
Teo Lachev, MCSD, MCT
Author: "Microsoft Reporting Services in Action"
Publisher website: http://www.manning.com/lachev
Buy it from Amazon.com: http://shrinkster.com/eq
Home page and blog: http://www.prologika.com/
----
"jbmeeh" <jbmeeh@.discussions.microsoft.com> wrote in message
news:3F687097-1790-4FF9-B8CB-0A163BF3074C@.microsoft.com...
> I have seen this article and it is good if I wanted to build a standalone
> application to allow access to the report server. However, i have an
existing
> application with forms authentication in which I want to embed url access
to
> the report server. I was hoping that there would be code samples or an
> article for this particular issue. I don't need to present another form to
> the user to capture credentials. Can i use my existing forms
authentication
> ticket or do I need to create a new one. Do I call the LogonUser
webservice
> to create a cookie for a user that has been created on the report manager.
It
> seems like there are a lot of people trying to solve the same problem, but
> not too many examples.
> "Teo Lachev" wrote:
> > Start here
> >
http://msdn.microsoft.com/library/?url=/library/en-us/dnsql2k/html/ufairs.asp?frame=true#ufairs_topic3
> >
> > --
> > Hope this helps.
> >
> > ----
> > Teo Lachev, MCSD, MCT
> > Author: "Microsoft Reporting Services in Action"
> > Publisher website: http://www.manning.com/lachev
> > Buy it from Amazon.com: http://shrinkster.com/eq
> > Home page and blog: http://www.prologika.com/
> > ----
> >
> > "jbmeeh" <jbmeeh@.discussions.microsoft.com> wrote in message
> > news:3A2F7D63-C267-4CED-A5CC-4B42186B98B6@.microsoft.com...
> > > Is there any sample code for writing a custom security extension? I
have
> > > already validated the user and I want to provide url access to the
report
> > > server.
> > >
> > > "Teo" wrote:
> > >
> > > > Craig,
> > > >
> > > > You are right. You get prompted because the drilldown and
drillthough
> > > > interactive features require URL acccess and request goes out on the
> > client
> > > > side of the application.
> > > >
> > > > In a nutshell, if your reports have interactive features you need to
go
> > for
> > > > URL access. For Internet-oriented apps this means writing a custom
> > security
> > > > extension. It is not that involved to write and I have deployed an
> > > > application that uses a custom security extension in a production
> > > > environment. There are some gotchas to avoid but in general my
> > experience
> > > > writing custom security extensions have been positive and you will
learn
> > a
> > > > lot about how RS handles authentication and authorization.
> > > >
> > > > --
> > > > Hope this helps.
> > > >
> > > > ---
> > > > Teo Lachev, MCSD, MCT
> > > > Author: "Microsoft Reporting Services in Action"
> > > > http://www.prologika.com
> > > >
> > > >
> > > > "Gash" <Gash@.discussions.microsoft.com> wrote in message
> > > > news:FFF038F5-4A21-4DFA-846C-6A3A84683D2D@.microsoft.com...
> > > > > Just a thought: Have you tried to setup a individual Application
pool
> > that
> > > > works with your RSUser Account?
> > > > >
> > > > > "Craig HB" wrote:
> > > > >
> > > > > > I am building an asp.net app that will use reporting services to
> > show
> > > > reports within the application. Users login to the application and
when
> > they
> > > > need to see a report I use web services to render the report. The
> > asp.net
> > > > app and reporting services are on the same windows 2003 server (not
> > using
> > > > active directory).
> > > > > >
> > > > > > Because reporting services uses Windows authentication and does
not
> > > > allow anonymous access, I have created a windows account (called
> > "RSUser")
> > > > that has access to my reports. When the user runs a report, I pass
in
> > the
> > > > credentials for this windows account like this...
> > > > > >
> > > > > > rs.Credentials = New System.Net.NetworkCredential("RSUser",
> > "password",
> > > > "domain")
> > > > > >
> > > > > > This all works, and the report renders using the permissions
from
> > > > RSUser. The problem is that all the reports use treeviews for
drill-down
> > > > (and some use drill-through). When you expand a drill down you are
> > prompted
> > > > for a windows login. I think this is because this postback is now
coming
> > > > from the client PC, instead if from the asp.net app (i.e. on the
> > server),
> > > > and so reporting services needs to anthenticate this new user.
> > > > > >
> > > > > > The only solution that I have found for this is developing a
> > security
> > > > extension for reporting services...
> > > > > >
> > > > > >
> > > >
> >
http://msdn.microsoft.com/library/?url=/library/en-us/dnsql2k/html/ufairs.asp?frame=true#ufairs_topic3
> > > > > >
> > > > > > ... but this seems like overkill and a very complicated process,
and
> > > > Microsoft says in the article that this is not fully tested and
should
> > not
> > > > be used in a production environment (but that where I need it for).
> > > > > >
> > > > > > Does anyone have a solution ?
> > > > > >
> > > > > > Craig HB
> > > >
> > > >
> > > >
> >
> >
> >|||Is there any sample code for writing a custom security extension? I have
already validated the user and I want to provide url access to the report
server.
"Teo" wrote:
> Craig,
> You are right. You get prompted because the drilldown and drillthough
> interactive features require URL acccess and request goes out on the client
> side of the application.
> In a nutshell, if your reports have interactive features you need to go for
> URL access. For Internet-oriented apps this means writing a custom security
> extension. It is not that involved to write and I have deployed an
> application that uses a custom security extension in a production
> environment. There are some gotchas to avoid but in general my experience
> writing custom security extensions have been positive and you will learn a
> lot about how RS handles authentication and authorization.
> --
> Hope this helps.
> ---
> Teo Lachev, MCSD, MCT
> Author: "Microsoft Reporting Services in Action"
> http://www.prologika.com
>
> "Gash" <Gash@.discussions.microsoft.com> wrote in message
> news:FFF038F5-4A21-4DFA-846C-6A3A84683D2D@.microsoft.com...
> > Just a thought: Have you tried to setup a individual Application pool that
> works with your RSUser Account?
> >
> > "Craig HB" wrote:
> >
> > > I am building an asp.net app that will use reporting services to show
> reports within the application. Users login to the application and when they
> need to see a report I use web services to render the report. The asp.net
> app and reporting services are on the same windows 2003 server (not using
> active directory).
> > >
> > > Because reporting services uses Windows authentication and does not
> allow anonymous access, I have created a windows account (called "RSUser")
> that has access to my reports. When the user runs a report, I pass in the
> credentials for this windows account like this...
> > >
> > > rs.Credentials = New System.Net.NetworkCredential("RSUser", "password",
> "domain")
> > >
> > > This all works, and the report renders using the permissions from
> RSUser. The problem is that all the reports use treeviews for drill-down
> (and some use drill-through). When you expand a drill down you are prompted
> for a windows login. I think this is because this postback is now coming
> from the client PC, instead if from the asp.net app (i.e. on the server),
> and so reporting services needs to anthenticate this new user.
> > >
> > > The only solution that I have found for this is developing a security
> extension for reporting services...
> > >
> > >
> http://msdn.microsoft.com/library/?url=/library/en-us/dnsql2k/html/ufairs.asp?frame=true#ufairs_topic3
> > >
> > > ... but this seems like overkill and a very complicated process, and
> Microsoft says in the article that this is not fully tested and should not
> be used in a production environment (but that where I need it for).
> > >
> > > Does anyone have a solution ?
> > >
> > > Craig HB
>
>|||Teo. Is it possible to use web forms authentication with the standard
edition of RS?
If not, I'm guessing there is no other way to use the viewer over the
Internet..
Thanks, AHH
BTW: I bought your book - best one out there..|||Thanks. No, extending RS requires Enterprise Edition. Sorry.
How about generating reports on the server side of the app and sacrificing
the interactive features and the toolbar?
--
Hope this helps.
----
Teo Lachev, MCSD, MCT
Author: "Microsoft Reporting Services in Action"
Publisher website: http://www.manning.com/lachev
Buy it from Amazon.com: http://shrinkster.com/eq
Home page and blog: http://www.prologika.com/
----
"AHH" <AHH@.discussions.microsoft.com> wrote in message
news:13CACEA1-BD84-4D6A-BB25-63D43E0F56A8@.microsoft.com...
> Teo. Is it possible to use web forms authentication with the standard
> edition of RS?
> If not, I'm guessing there is no other way to use the viewer over the
> Internet..
> Thanks, AHH
> BTW: I bought your book - best one out there..
Because reporting services uses Windows authentication and does not allow anonymous access, I have created a windows account (called "RSUser") that has access to my reports. When the user runs a report, I pass in the credentials for this windows account like this...
rs.Credentials = New System.Net.NetworkCredential("RSUser", "password", "domain")
This all works, and the report renders using the permissions from RSUser. The problem is that all the reports use treeviews for drill-down (and some use drill-through). When you expand a drill down you are prompted for a windows login. I think this is because this postback is now coming from the client PC, instead if from the asp.net app (i.e. on the server), and so reporting services needs to anthenticate this new user.
The only solution that I have found for this is developing a security extension for reporting services...
http://msdn.microsoft.com/library/?url=/library/en-us/dnsql2k/html/ufairs.asp?frame=true#ufairs_topic3
... but this seems like overkill and a very complicated process, and Microsoft says in the article that this is not fully tested and should not be used in a production environment (but that where I need it for).
Does anyone have a solution ?
Craig HBJust a thought: Have you tried to setup a individual Application pool that works with your RSUser Account?
"Craig HB" wrote:
> I am building an asp.net app that will use reporting services to show reports within the application. Users login to the application and when they need to see a report I use web services to render the report. The asp.net app and reporting services are on the same windows 2003 server (not using active directory).
> Because reporting services uses Windows authentication and does not allow anonymous access, I have created a windows account (called "RSUser") that has access to my reports. When the user runs a report, I pass in the credentials for this windows account like this...
> rs.Credentials = New System.Net.NetworkCredential("RSUser", "password", "domain")
> This all works, and the report renders using the permissions from RSUser. The problem is that all the reports use treeviews for drill-down (and some use drill-through). When you expand a drill down you are prompted for a windows login. I think this is because this postback is now coming from the client PC, instead if from the asp.net app (i.e. on the server), and so reporting services needs to anthenticate this new user.
> The only solution that I have found for this is developing a security extension for reporting services...
> http://msdn.microsoft.com/library/?url=/library/en-us/dnsql2k/html/ufairs.asp?frame=true#ufairs_topic3
> ... but this seems like overkill and a very complicated process, and Microsoft says in the article that this is not fully tested and should not be used in a production environment (but that where I need it for).
> Does anyone have a solution ?
> Craig HB|||Craig,
You are right. You get prompted because the drilldown and drillthough
interactive features require URL acccess and request goes out on the client
side of the application.
In a nutshell, if your reports have interactive features you need to go for
URL access. For Internet-oriented apps this means writing a custom security
extension. It is not that involved to write and I have deployed an
application that uses a custom security extension in a production
environment. There are some gotchas to avoid but in general my experience
writing custom security extensions have been positive and you will learn a
lot about how RS handles authentication and authorization.
--
Hope this helps.
---
Teo Lachev, MCSD, MCT
Author: "Microsoft Reporting Services in Action"
http://www.prologika.com
"Gash" <Gash@.discussions.microsoft.com> wrote in message
news:FFF038F5-4A21-4DFA-846C-6A3A84683D2D@.microsoft.com...
> Just a thought: Have you tried to setup a individual Application pool that
works with your RSUser Account?
> "Craig HB" wrote:
> > I am building an asp.net app that will use reporting services to show
reports within the application. Users login to the application and when they
need to see a report I use web services to render the report. The asp.net
app and reporting services are on the same windows 2003 server (not using
active directory).
> >
> > Because reporting services uses Windows authentication and does not
allow anonymous access, I have created a windows account (called "RSUser")
that has access to my reports. When the user runs a report, I pass in the
credentials for this windows account like this...
> >
> > rs.Credentials = New System.Net.NetworkCredential("RSUser", "password",
"domain")
> >
> > This all works, and the report renders using the permissions from
RSUser. The problem is that all the reports use treeviews for drill-down
(and some use drill-through). When you expand a drill down you are prompted
for a windows login. I think this is because this postback is now coming
from the client PC, instead if from the asp.net app (i.e. on the server),
and so reporting services needs to anthenticate this new user.
> >
> > The only solution that I have found for this is developing a security
extension for reporting services...
> >
> >
http://msdn.microsoft.com/library/?url=/library/en-us/dnsql2k/html/ufairs.asp?frame=true#ufairs_topic3
> >
> > ... but this seems like overkill and a very complicated process, and
Microsoft says in the article that this is not fully tested and should not
be used in a production environment (but that where I need it for).
> >
> > Does anyone have a solution ?
> >
> > Craig HB|||Start here
http://msdn.microsoft.com/library/?url=/library/en-us/dnsql2k/html/ufairs.asp?frame=true#ufairs_topic3
--
Hope this helps.
----
Teo Lachev, MCSD, MCT
Author: "Microsoft Reporting Services in Action"
Publisher website: http://www.manning.com/lachev
Buy it from Amazon.com: http://shrinkster.com/eq
Home page and blog: http://www.prologika.com/
----
"jbmeeh" <jbmeeh@.discussions.microsoft.com> wrote in message
news:3A2F7D63-C267-4CED-A5CC-4B42186B98B6@.microsoft.com...
> Is there any sample code for writing a custom security extension? I have
> already validated the user and I want to provide url access to the report
> server.
> "Teo" wrote:
> > Craig,
> >
> > You are right. You get prompted because the drilldown and drillthough
> > interactive features require URL acccess and request goes out on the
client
> > side of the application.
> >
> > In a nutshell, if your reports have interactive features you need to go
for
> > URL access. For Internet-oriented apps this means writing a custom
security
> > extension. It is not that involved to write and I have deployed an
> > application that uses a custom security extension in a production
> > environment. There are some gotchas to avoid but in general my
experience
> > writing custom security extensions have been positive and you will learn
a
> > lot about how RS handles authentication and authorization.
> >
> > --
> > Hope this helps.
> >
> > ---
> > Teo Lachev, MCSD, MCT
> > Author: "Microsoft Reporting Services in Action"
> > http://www.prologika.com
> >
> >
> > "Gash" <Gash@.discussions.microsoft.com> wrote in message
> > news:FFF038F5-4A21-4DFA-846C-6A3A84683D2D@.microsoft.com...
> > > Just a thought: Have you tried to setup a individual Application pool
that
> > works with your RSUser Account?
> > >
> > > "Craig HB" wrote:
> > >
> > > > I am building an asp.net app that will use reporting services to
show
> > reports within the application. Users login to the application and when
they
> > need to see a report I use web services to render the report. The
asp.net
> > app and reporting services are on the same windows 2003 server (not
using
> > active directory).
> > > >
> > > > Because reporting services uses Windows authentication and does not
> > allow anonymous access, I have created a windows account (called
"RSUser")
> > that has access to my reports. When the user runs a report, I pass in
the
> > credentials for this windows account like this...
> > > >
> > > > rs.Credentials = New System.Net.NetworkCredential("RSUser",
"password",
> > "domain")
> > > >
> > > > This all works, and the report renders using the permissions from
> > RSUser. The problem is that all the reports use treeviews for drill-down
> > (and some use drill-through). When you expand a drill down you are
prompted
> > for a windows login. I think this is because this postback is now coming
> > from the client PC, instead if from the asp.net app (i.e. on the
server),
> > and so reporting services needs to anthenticate this new user.
> > > >
> > > > The only solution that I have found for this is developing a
security
> > extension for reporting services...
> > > >
> > > >
> >
http://msdn.microsoft.com/library/?url=/library/en-us/dnsql2k/html/ufairs.asp?frame=true#ufairs_topic3
> > > >
> > > > ... but this seems like overkill and a very complicated process, and
> > Microsoft says in the article that this is not fully tested and should
not
> > be used in a production environment (but that where I need it for).
> > > >
> > > > Does anyone have a solution ?
> > > >
> > > > Craig HB
> >
> >
> >|||I have seen this article and it is good if I wanted to build a standalone
application to allow access to the report server. However, i have an existing
application with forms authentication in which I want to embed url access to
the report server. I was hoping that there would be code samples or an
article for this particular issue. I don't need to present another form to
the user to capture credentials. Can i use my existing forms authentication
ticket or do I need to create a new one. Do I call the LogonUser webservice
to create a cookie for a user that has been created on the report manager. It
seems like there are a lot of people trying to solve the same problem, but
not too many examples.
"Teo Lachev" wrote:
> Start here
> http://msdn.microsoft.com/library/?url=/library/en-us/dnsql2k/html/ufairs.asp?frame=true#ufairs_topic3
> --
> Hope this helps.
> ----
> Teo Lachev, MCSD, MCT
> Author: "Microsoft Reporting Services in Action"
> Publisher website: http://www.manning.com/lachev
> Buy it from Amazon.com: http://shrinkster.com/eq
> Home page and blog: http://www.prologika.com/
> ----
> "jbmeeh" <jbmeeh@.discussions.microsoft.com> wrote in message
> news:3A2F7D63-C267-4CED-A5CC-4B42186B98B6@.microsoft.com...
> > Is there any sample code for writing a custom security extension? I have
> > already validated the user and I want to provide url access to the report
> > server.
> >
> > "Teo" wrote:
> >
> > > Craig,
> > >
> > > You are right. You get prompted because the drilldown and drillthough
> > > interactive features require URL acccess and request goes out on the
> client
> > > side of the application.
> > >
> > > In a nutshell, if your reports have interactive features you need to go
> for
> > > URL access. For Internet-oriented apps this means writing a custom
> security
> > > extension. It is not that involved to write and I have deployed an
> > > application that uses a custom security extension in a production
> > > environment. There are some gotchas to avoid but in general my
> experience
> > > writing custom security extensions have been positive and you will learn
> a
> > > lot about how RS handles authentication and authorization.
> > >
> > > --
> > > Hope this helps.
> > >
> > > ---
> > > Teo Lachev, MCSD, MCT
> > > Author: "Microsoft Reporting Services in Action"
> > > http://www.prologika.com
> > >
> > >
> > > "Gash" <Gash@.discussions.microsoft.com> wrote in message
> > > news:FFF038F5-4A21-4DFA-846C-6A3A84683D2D@.microsoft.com...
> > > > Just a thought: Have you tried to setup a individual Application pool
> that
> > > works with your RSUser Account?
> > > >
> > > > "Craig HB" wrote:
> > > >
> > > > > I am building an asp.net app that will use reporting services to
> show
> > > reports within the application. Users login to the application and when
> they
> > > need to see a report I use web services to render the report. The
> asp.net
> > > app and reporting services are on the same windows 2003 server (not
> using
> > > active directory).
> > > > >
> > > > > Because reporting services uses Windows authentication and does not
> > > allow anonymous access, I have created a windows account (called
> "RSUser")
> > > that has access to my reports. When the user runs a report, I pass in
> the
> > > credentials for this windows account like this...
> > > > >
> > > > > rs.Credentials = New System.Net.NetworkCredential("RSUser",
> "password",
> > > "domain")
> > > > >
> > > > > This all works, and the report renders using the permissions from
> > > RSUser. The problem is that all the reports use treeviews for drill-down
> > > (and some use drill-through). When you expand a drill down you are
> prompted
> > > for a windows login. I think this is because this postback is now coming
> > > from the client PC, instead if from the asp.net app (i.e. on the
> server),
> > > and so reporting services needs to anthenticate this new user.
> > > > >
> > > > > The only solution that I have found for this is developing a
> security
> > > extension for reporting services...
> > > > >
> > > > >
> > >
> http://msdn.microsoft.com/library/?url=/library/en-us/dnsql2k/html/ufairs.asp?frame=true#ufairs_topic3
> > > > >
> > > > > ... but this seems like overkill and a very complicated process, and
> > > Microsoft says in the article that this is not fully tested and should
> not
> > > be used in a production environment (but that where I need it for).
> > > > >
> > > > > Does anyone have a solution ?
> > > > >
> > > > > Craig HB
> > >
> > >
> > >
>
>|||> Can i use my existing forms authentication
> ticket or do I need to create a new one.
No, you cannot use your app Forms Authentication ticket and you don't have
to have another logon form. Instead, your application needs to call the RS
LogonUser SOAP API once it authenticates the user. You will end up with two
authentication tickets (cookies) but this shouldn't be too much of an issue.
The MS article should be good enough to address you scenario. You just need
to understand how RS Forms Authentication works by debugging the extension.
I have a two-part article in the works for a magazine about Forms
Authentication. Unfortunately, judging by the editors speed, it won't make
it before the end of the year. Meanwhile, you can check the other threads
on this topic. It's been discussed many times.
--
Hope this helps.
----
Teo Lachev, MCSD, MCT
Author: "Microsoft Reporting Services in Action"
Publisher website: http://www.manning.com/lachev
Buy it from Amazon.com: http://shrinkster.com/eq
Home page and blog: http://www.prologika.com/
----
"jbmeeh" <jbmeeh@.discussions.microsoft.com> wrote in message
news:3F687097-1790-4FF9-B8CB-0A163BF3074C@.microsoft.com...
> I have seen this article and it is good if I wanted to build a standalone
> application to allow access to the report server. However, i have an
existing
> application with forms authentication in which I want to embed url access
to
> the report server. I was hoping that there would be code samples or an
> article for this particular issue. I don't need to present another form to
> the user to capture credentials. Can i use my existing forms
authentication
> ticket or do I need to create a new one. Do I call the LogonUser
webservice
> to create a cookie for a user that has been created on the report manager.
It
> seems like there are a lot of people trying to solve the same problem, but
> not too many examples.
> "Teo Lachev" wrote:
> > Start here
> >
http://msdn.microsoft.com/library/?url=/library/en-us/dnsql2k/html/ufairs.asp?frame=true#ufairs_topic3
> >
> > --
> > Hope this helps.
> >
> > ----
> > Teo Lachev, MCSD, MCT
> > Author: "Microsoft Reporting Services in Action"
> > Publisher website: http://www.manning.com/lachev
> > Buy it from Amazon.com: http://shrinkster.com/eq
> > Home page and blog: http://www.prologika.com/
> > ----
> >
> > "jbmeeh" <jbmeeh@.discussions.microsoft.com> wrote in message
> > news:3A2F7D63-C267-4CED-A5CC-4B42186B98B6@.microsoft.com...
> > > Is there any sample code for writing a custom security extension? I
have
> > > already validated the user and I want to provide url access to the
report
> > > server.
> > >
> > > "Teo" wrote:
> > >
> > > > Craig,
> > > >
> > > > You are right. You get prompted because the drilldown and
drillthough
> > > > interactive features require URL acccess and request goes out on the
> > client
> > > > side of the application.
> > > >
> > > > In a nutshell, if your reports have interactive features you need to
go
> > for
> > > > URL access. For Internet-oriented apps this means writing a custom
> > security
> > > > extension. It is not that involved to write and I have deployed an
> > > > application that uses a custom security extension in a production
> > > > environment. There are some gotchas to avoid but in general my
> > experience
> > > > writing custom security extensions have been positive and you will
learn
> > a
> > > > lot about how RS handles authentication and authorization.
> > > >
> > > > --
> > > > Hope this helps.
> > > >
> > > > ---
> > > > Teo Lachev, MCSD, MCT
> > > > Author: "Microsoft Reporting Services in Action"
> > > > http://www.prologika.com
> > > >
> > > >
> > > > "Gash" <Gash@.discussions.microsoft.com> wrote in message
> > > > news:FFF038F5-4A21-4DFA-846C-6A3A84683D2D@.microsoft.com...
> > > > > Just a thought: Have you tried to setup a individual Application
pool
> > that
> > > > works with your RSUser Account?
> > > > >
> > > > > "Craig HB" wrote:
> > > > >
> > > > > > I am building an asp.net app that will use reporting services to
> > show
> > > > reports within the application. Users login to the application and
when
> > they
> > > > need to see a report I use web services to render the report. The
> > asp.net
> > > > app and reporting services are on the same windows 2003 server (not
> > using
> > > > active directory).
> > > > > >
> > > > > > Because reporting services uses Windows authentication and does
not
> > > > allow anonymous access, I have created a windows account (called
> > "RSUser")
> > > > that has access to my reports. When the user runs a report, I pass
in
> > the
> > > > credentials for this windows account like this...
> > > > > >
> > > > > > rs.Credentials = New System.Net.NetworkCredential("RSUser",
> > "password",
> > > > "domain")
> > > > > >
> > > > > > This all works, and the report renders using the permissions
from
> > > > RSUser. The problem is that all the reports use treeviews for
drill-down
> > > > (and some use drill-through). When you expand a drill down you are
> > prompted
> > > > for a windows login. I think this is because this postback is now
coming
> > > > from the client PC, instead if from the asp.net app (i.e. on the
> > server),
> > > > and so reporting services needs to anthenticate this new user.
> > > > > >
> > > > > > The only solution that I have found for this is developing a
> > security
> > > > extension for reporting services...
> > > > > >
> > > > > >
> > > >
> >
http://msdn.microsoft.com/library/?url=/library/en-us/dnsql2k/html/ufairs.asp?frame=true#ufairs_topic3
> > > > > >
> > > > > > ... but this seems like overkill and a very complicated process,
and
> > > > Microsoft says in the article that this is not fully tested and
should
> > not
> > > > be used in a production environment (but that where I need it for).
> > > > > >
> > > > > > Does anyone have a solution ?
> > > > > >
> > > > > > Craig HB
> > > >
> > > >
> > > >
> >
> >
> >|||Is there any sample code for writing a custom security extension? I have
already validated the user and I want to provide url access to the report
server.
"Teo" wrote:
> Craig,
> You are right. You get prompted because the drilldown and drillthough
> interactive features require URL acccess and request goes out on the client
> side of the application.
> In a nutshell, if your reports have interactive features you need to go for
> URL access. For Internet-oriented apps this means writing a custom security
> extension. It is not that involved to write and I have deployed an
> application that uses a custom security extension in a production
> environment. There are some gotchas to avoid but in general my experience
> writing custom security extensions have been positive and you will learn a
> lot about how RS handles authentication and authorization.
> --
> Hope this helps.
> ---
> Teo Lachev, MCSD, MCT
> Author: "Microsoft Reporting Services in Action"
> http://www.prologika.com
>
> "Gash" <Gash@.discussions.microsoft.com> wrote in message
> news:FFF038F5-4A21-4DFA-846C-6A3A84683D2D@.microsoft.com...
> > Just a thought: Have you tried to setup a individual Application pool that
> works with your RSUser Account?
> >
> > "Craig HB" wrote:
> >
> > > I am building an asp.net app that will use reporting services to show
> reports within the application. Users login to the application and when they
> need to see a report I use web services to render the report. The asp.net
> app and reporting services are on the same windows 2003 server (not using
> active directory).
> > >
> > > Because reporting services uses Windows authentication and does not
> allow anonymous access, I have created a windows account (called "RSUser")
> that has access to my reports. When the user runs a report, I pass in the
> credentials for this windows account like this...
> > >
> > > rs.Credentials = New System.Net.NetworkCredential("RSUser", "password",
> "domain")
> > >
> > > This all works, and the report renders using the permissions from
> RSUser. The problem is that all the reports use treeviews for drill-down
> (and some use drill-through). When you expand a drill down you are prompted
> for a windows login. I think this is because this postback is now coming
> from the client PC, instead if from the asp.net app (i.e. on the server),
> and so reporting services needs to anthenticate this new user.
> > >
> > > The only solution that I have found for this is developing a security
> extension for reporting services...
> > >
> > >
> http://msdn.microsoft.com/library/?url=/library/en-us/dnsql2k/html/ufairs.asp?frame=true#ufairs_topic3
> > >
> > > ... but this seems like overkill and a very complicated process, and
> Microsoft says in the article that this is not fully tested and should not
> be used in a production environment (but that where I need it for).
> > >
> > > Does anyone have a solution ?
> > >
> > > Craig HB
>
>|||Teo. Is it possible to use web forms authentication with the standard
edition of RS?
If not, I'm guessing there is no other way to use the viewer over the
Internet..
Thanks, AHH
BTW: I bought your book - best one out there..|||Thanks. No, extending RS requires Enterprise Edition. Sorry.
How about generating reports on the server side of the app and sacrificing
the interactive features and the toolbar?
--
Hope this helps.
----
Teo Lachev, MCSD, MCT
Author: "Microsoft Reporting Services in Action"
Publisher website: http://www.manning.com/lachev
Buy it from Amazon.com: http://shrinkster.com/eq
Home page and blog: http://www.prologika.com/
----
"AHH" <AHH@.discussions.microsoft.com> wrote in message
news:13CACEA1-BD84-4D6A-BB25-63D43E0F56A8@.microsoft.com...
> Teo. Is it possible to use web forms authentication with the standard
> edition of RS?
> If not, I'm guessing there is no other way to use the viewer over the
> Internet..
> Thanks, AHH
> BTW: I bought your book - best one out there..
Authentication on 2003 server
Hi
I've installed 2003 server and RS with no problems. Also got Sharepoint
Services to run 100%. The only issue is that every time i click on a report a
username, password dialog appears. On XP this didn't happen. Everything is on
NT integrated security and my account is part of the admins group. Any ideas ?Does you Windows 2003 box belong to your login domain?
--
Hope this helps.
---
Teo Lachev, MVP [SQL Server], MCSD, MCT
Author: "Microsoft Reporting Services in Action"
Publisher website: http://www.manning.com/lachev
Buy it from Amazon.com: http://shrinkster.com/eq
Home page and blog: http://www.prologika.com/
---
"Markus" <Markus@.discussions.microsoft.com> wrote in message
news:F0BD2F13-3140-403D-B823-FAA6E5CFD7C8@.microsoft.com...
> Hi
> I've installed 2003 server and RS with no problems. Also got Sharepoint
> Services to run 100%. The only issue is that every time i click on a
report a
> username, password dialog appears. On XP this didn't happen. Everything is
on
> NT integrated security and my account is part of the admins group. Any
ideas ?
I've installed 2003 server and RS with no problems. Also got Sharepoint
Services to run 100%. The only issue is that every time i click on a report a
username, password dialog appears. On XP this didn't happen. Everything is on
NT integrated security and my account is part of the admins group. Any ideas ?Does you Windows 2003 box belong to your login domain?
--
Hope this helps.
---
Teo Lachev, MVP [SQL Server], MCSD, MCT
Author: "Microsoft Reporting Services in Action"
Publisher website: http://www.manning.com/lachev
Buy it from Amazon.com: http://shrinkster.com/eq
Home page and blog: http://www.prologika.com/
---
"Markus" <Markus@.discussions.microsoft.com> wrote in message
news:F0BD2F13-3140-403D-B823-FAA6E5CFD7C8@.microsoft.com...
> Hi
> I've installed 2003 server and RS with no problems. Also got Sharepoint
> Services to run 100%. The only issue is that every time i click on a
report a
> username, password dialog appears. On XP this didn't happen. Everything is
on
> NT integrated security and my account is part of the admins group. Any
ideas ?
Tuesday, March 20, 2012
Authentication across internet
From what I have understood, Reporting Services could be configured to use Basic Authentication. In this way, a user can access a RS-server across the internet and he/she will be prompted for a valid username/password when trying to access.
However, from what I can understand this username and password will be sent uncrypted over the Internet (from the client machine to the RS-server), right?
My problem is, I need to give access to users acress the internet to a RS-server. The users uses all kind of operating systems (Windows, Linux, MacOS tec). And the communication needs to be encrypted.
How would you recommend me to implement security for this solution? I guess some kind of "Forms authentication" will have to be used? But how to make sure the data traffic is encrypted? And where do you recommend me to store the username and passwords? In an Active Directory on the server side, or in a separate database on the server side?
regards Andreas
You need to set up your report server to use SSL, that way all communication is encrypted. This would be done in IIS but also requires some config chages to reporting services.
Both Basic authentication and Forms would work in this scenario.
Use AD for the user accounts if possible.
|||Thank you for your quick reply!
My SSL experience is very limited as well, but I guess it means that I need to buy a certificate from some trusted store? Otherwise the clients will always be warned when trying to connect, right?
Regards Andreas
|||If you have a fix client list, give them a link to download your own CA public key should be good enough. Of coz if its facing internet I suggest you pay for SSL. Not only your authentication, your report data are flying nude via the line, I guess that might be another issue and reason why SSL is required.|||Ok, thank you for your answers! An SSL-certificate it will be!
Just so that I didn't missunderstood. If I configure IIS to use SSL, the login name and password will be safly encrypted, even if I use Basic authentication, or?
Regards Andreas
|||Yes, ALL communication is encrypted.sqlMonday, March 19, 2012
Authentication
I have Server2003/SQL2000/IIS6 and have just installed Reporting services. I
have two websites on the server. Access to reports is fine using the
http://servername/reportServer, and using IUSR_servername, but I would like
to have reports available via the Internet using domain names. Saw the
earlier post and read I needed to change configuration. I've tried:
<Configuration>
<UI>
<ReportServerUrl>http://servername/ReportServer</ReportServerUrl
<ReportServerExternalURL>http://www.domain.org/ReportServer</ReportServerExternalURL>
</UI>
and
I've added virtual directories under above domain for reportManager and
reportServer giving appropriate read/execute permissions and security under
IIS.
I continue to get: HTTP Error 403 - Forbidden
Can I do this?
And, is it possible to have both domains access the reportServer and not
just one?
Thanks so much
JanetJanet -
In what file was this change supposed to be made for external access?
Thanks,
Ken
"janetb" <janetb@.discussions.microsoft.com> wrote in message
news:207273D1-A54E-49D2-82E8-7EEB65BDFADA@.microsoft.com...
> I have Server2003/SQL2000/IIS6 and have just installed Reporting services.
I
> have two websites on the server. Access to reports is fine using the
> http://servername/reportServer, and using IUSR_servername, but I would
like
> to have reports available via the Internet using domain names. Saw the
> earlier post and read I needed to change configuration. I've tried:
> <Configuration>
> <UI>
> <ReportServerUrl>http://servername/ReportServer</ReportServerUrl>
>
<ReportServerExternalURL>http://www.domain.org/ReportServer</ReportServerExt
ernalURL>
> </UI>
> and
> I've added virtual directories under above domain for reportManager and
> reportServer giving appropriate read/execute permissions and security
under
> IIS.
> I continue to get: HTTP Error 403 - Forbidden
> Can I do this?
> And, is it possible to have both domains access the reportServer and not
> just one?
> Thanks so much
> Janet
>|||Ken
c:\programfiles\microsoft sql server\mssql\reporting services\report
manager\ rswebapplication.config
Janet
"Ken" wrote:
> Janet -
> In what file was this change supposed to be made for external access?
> Thanks,
> Ken
>
> "janetb" <janetb@.discussions.microsoft.com> wrote in message
> news:207273D1-A54E-49D2-82E8-7EEB65BDFADA@.microsoft.com...
> > I have Server2003/SQL2000/IIS6 and have just installed Reporting services.
> I
> > have two websites on the server. Access to reports is fine using the
> > http://servername/reportServer, and using IUSR_servername, but I would
> like
> > to have reports available via the Internet using domain names. Saw the
> > earlier post and read I needed to change configuration. I've tried:
> >
> > <Configuration>
> > <UI>
> > <ReportServerUrl>http://servername/ReportServer</ReportServerUrl>
> >
> <ReportServerExternalURL>http://www.domain.org/ReportServer</ReportServerExt
> ernalURL>
> > </UI>
> >
> > and
> >
> > I've added virtual directories under above domain for reportManager and
> > reportServer giving appropriate read/execute permissions and security
> under
> > IIS.
> >
> > I continue to get: HTTP Error 403 - Forbidden
> >
> > Can I do this?
> > And, is it possible to have both domains access the reportServer and not
> > just one?
> >
> > Thanks so much
> > Janet
> >
>
>
have two websites on the server. Access to reports is fine using the
http://servername/reportServer, and using IUSR_servername, but I would like
to have reports available via the Internet using domain names. Saw the
earlier post and read I needed to change configuration. I've tried:
<Configuration>
<UI>
<ReportServerUrl>http://servername/ReportServer</ReportServerUrl
<ReportServerExternalURL>http://www.domain.org/ReportServer</ReportServerExternalURL>
</UI>
and
I've added virtual directories under above domain for reportManager and
reportServer giving appropriate read/execute permissions and security under
IIS.
I continue to get: HTTP Error 403 - Forbidden
Can I do this?
And, is it possible to have both domains access the reportServer and not
just one?
Thanks so much
JanetJanet -
In what file was this change supposed to be made for external access?
Thanks,
Ken
"janetb" <janetb@.discussions.microsoft.com> wrote in message
news:207273D1-A54E-49D2-82E8-7EEB65BDFADA@.microsoft.com...
> I have Server2003/SQL2000/IIS6 and have just installed Reporting services.
I
> have two websites on the server. Access to reports is fine using the
> http://servername/reportServer, and using IUSR_servername, but I would
like
> to have reports available via the Internet using domain names. Saw the
> earlier post and read I needed to change configuration. I've tried:
> <Configuration>
> <UI>
> <ReportServerUrl>http://servername/ReportServer</ReportServerUrl>
>
<ReportServerExternalURL>http://www.domain.org/ReportServer</ReportServerExt
ernalURL>
> </UI>
> and
> I've added virtual directories under above domain for reportManager and
> reportServer giving appropriate read/execute permissions and security
under
> IIS.
> I continue to get: HTTP Error 403 - Forbidden
> Can I do this?
> And, is it possible to have both domains access the reportServer and not
> just one?
> Thanks so much
> Janet
>|||Ken
c:\programfiles\microsoft sql server\mssql\reporting services\report
manager\ rswebapplication.config
Janet
"Ken" wrote:
> Janet -
> In what file was this change supposed to be made for external access?
> Thanks,
> Ken
>
> "janetb" <janetb@.discussions.microsoft.com> wrote in message
> news:207273D1-A54E-49D2-82E8-7EEB65BDFADA@.microsoft.com...
> > I have Server2003/SQL2000/IIS6 and have just installed Reporting services.
> I
> > have two websites on the server. Access to reports is fine using the
> > http://servername/reportServer, and using IUSR_servername, but I would
> like
> > to have reports available via the Internet using domain names. Saw the
> > earlier post and read I needed to change configuration. I've tried:
> >
> > <Configuration>
> > <UI>
> > <ReportServerUrl>http://servername/ReportServer</ReportServerUrl>
> >
> <ReportServerExternalURL>http://www.domain.org/ReportServer</ReportServerExt
> ernalURL>
> > </UI>
> >
> > and
> >
> > I've added virtual directories under above domain for reportManager and
> > reportServer giving appropriate read/execute permissions and security
> under
> > IIS.
> >
> > I continue to get: HTTP Error 403 - Forbidden
> >
> > Can I do this?
> > And, is it possible to have both domains access the reportServer and not
> > just one?
> >
> > Thanks so much
> > Janet
> >
>
>
Authenticating to Native SQL 2005 Web Services
Hi,
In a SOA architecture, is it possible for an Internet (NOT intranet) user
of a Windows Forms app to authenticate with the Native Web Services of SQL
Server 2005 using Windows Integrated Authentication? The users would NOT be
in the same domain or in a trusted domain. If so, could you point me to som
e
configuration instructions please.
Thanks.
--
JohnHello John,
Based on my scope, Integrated Windows Authentication works only in
scenarios where the client computer can contact a domain controller to
validate their credentials or keep a circuit open for point to point
connection to server. In most firewall configurations, this scenario is not
possible and not desirable. Though it is not IIS, the requirement are
similar:
IIS Authentication and Security for Internet Developers
http://msdn.microsoft.com/library/d...-us/dnauth/html
/dnauth_security.asp
264921.KB.EN-US INFO: How IIS Authenticates Browser Clients
http://support.microsoft.com/defaul...KB;EN-US;264921
Internet Information Services 5.0 Authentication Methods
http://www.windowsitpro.com/article...?articleid=8443
IIS 101: The Basics of IIS Authentication
http://www.iisadministrator.com/Art...ArticleID=15843
As for authentication of Web service in SQL 2005, it requests client to
send credential to server directly. Otherwise it fails.
Regards,
Peter Yang
MCSE2000/2003, MCSA, MCDBA
Microsoft Online Partner Support
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
========================================
=============
This posting is provided "AS IS" with no warranties, and confers no rights.
| Thread-Topic: Authenticating to Native SQL 2005 Web Services
| thread-index: AcXeqMzup44GBeNiRta2Kazq0yKi6Q==
| X-WBNR-Posting-Host: 71.192.119.68
| From: "examnotes" <Jthayer@.online.nospam>
| Subject: Authenticating to Native SQL 2005 Web Services
| Date: Mon, 31 Oct 2005 21:55:02 -0800
| Lines: 9
| Message-ID: <E83A79C0-D7BB-4C3A-9435-166B06A081FA@.microsoft.com>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| Newsgroups: microsoft.public.sqlserver.security
| NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.sqlserver.security:6416
| X-Tomcat-NG: microsoft.public.sqlserver.security
|
| Hi,
| In a SOA architecture, is it possible for an Internet (NOT intranet)
user
| of a Windows Forms app to authenticate with the Native Web Services of
SQL
| Server 2005 using Windows Integrated Authentication? The users would NOT
be
| in the same domain or in a trusted domain. If so, could you point me to
some
| configuration instructions please.
| Thanks.
| --
| John
|
In a SOA architecture, is it possible for an Internet (NOT intranet) user
of a Windows Forms app to authenticate with the Native Web Services of SQL
Server 2005 using Windows Integrated Authentication? The users would NOT be
in the same domain or in a trusted domain. If so, could you point me to som
e
configuration instructions please.
Thanks.
--
JohnHello John,
Based on my scope, Integrated Windows Authentication works only in
scenarios where the client computer can contact a domain controller to
validate their credentials or keep a circuit open for point to point
connection to server. In most firewall configurations, this scenario is not
possible and not desirable. Though it is not IIS, the requirement are
similar:
IIS Authentication and Security for Internet Developers
http://msdn.microsoft.com/library/d...-us/dnauth/html
/dnauth_security.asp
264921.KB.EN-US INFO: How IIS Authenticates Browser Clients
http://support.microsoft.com/defaul...KB;EN-US;264921
Internet Information Services 5.0 Authentication Methods
http://www.windowsitpro.com/article...?articleid=8443
IIS 101: The Basics of IIS Authentication
http://www.iisadministrator.com/Art...ArticleID=15843
As for authentication of Web service in SQL 2005, it requests client to
send credential to server directly. Otherwise it fails.
Regards,
Peter Yang
MCSE2000/2003, MCSA, MCDBA
Microsoft Online Partner Support
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
========================================
=============
This posting is provided "AS IS" with no warranties, and confers no rights.
| Thread-Topic: Authenticating to Native SQL 2005 Web Services
| thread-index: AcXeqMzup44GBeNiRta2Kazq0yKi6Q==
| X-WBNR-Posting-Host: 71.192.119.68
| From: "examnotes" <Jthayer@.online.nospam>
| Subject: Authenticating to Native SQL 2005 Web Services
| Date: Mon, 31 Oct 2005 21:55:02 -0800
| Lines: 9
| Message-ID: <E83A79C0-D7BB-4C3A-9435-166B06A081FA@.microsoft.com>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| Newsgroups: microsoft.public.sqlserver.security
| NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.sqlserver.security:6416
| X-Tomcat-NG: microsoft.public.sqlserver.security
|
| Hi,
| In a SOA architecture, is it possible for an Internet (NOT intranet)
user
| of a Windows Forms app to authenticate with the Native Web Services of
SQL
| Server 2005 using Windows Integrated Authentication? The users would NOT
be
| in the same domain or in a trusted domain. If so, could you point me to
some
| configuration instructions please.
| Thanks.
| --
| John
|
Wednesday, March 7, 2012
Audit Level None still auditing failed logins
Do I need to restart SQL Services when i change the audit level to none so
that i do not capture failed logins in the error logs.
If so, is there any other way i can avoid logging those changes without
restarting the SQL Server as its in production.
Also how to do i retain only maybe 10 SQL error log files . We run
sp_cycle_errorlog every 4 days and is there a way to roll over after 10
files only...cos now we see errorlog files that go through errorlog.21,
errorlog.22 and so on till i have to delete them manually. Id like to have
maybe just 5 or 10 of them before they can be overwritten.
ThanksYou will have to recycle SQL Server to stop the audit logging. There is not
another way to stop it.
Rand
This posting is provided "as is" with no warranties and confers no rights.
that i do not capture failed logins in the error logs.
If so, is there any other way i can avoid logging those changes without
restarting the SQL Server as its in production.
Also how to do i retain only maybe 10 SQL error log files . We run
sp_cycle_errorlog every 4 days and is there a way to roll over after 10
files only...cos now we see errorlog files that go through errorlog.21,
errorlog.22 and so on till i have to delete them manually. Id like to have
maybe just 5 or 10 of them before they can be overwritten.
ThanksYou will have to recycle SQL Server to stop the audit logging. There is not
another way to stop it.
Rand
This posting is provided "as is" with no warranties and confers no rights.
Saturday, February 25, 2012
Attribute relationships
I am having trouble understanding SQL Server 2005 Analysis Services dimension terminology. In AS 2000, you defined relationships with hierarchies...just drag and drop levels. In AS 2005, you drag and drop hierarhy relationships, but you can also define attribute relationships. What is the difference between defining a dimension like:
Hierarchy
Level 0
Level 1
Level 2
Level 3
Generated Attribute 23
Level 0
Level 1
Level 2
Level 3
VS.
Hierarchy
Level 0
Level 1
attribute relationship to Level 0
Level 2
attribute relationship to Level 1
Level 3
attribute relatiohship to Level 2
Generated Attribute 23
Level 3
Both designs seem to accomplish the same thing. But there must be some kind of differences. I've read the other thread on attribute definition, but I was hoping for a layman's explanation.
You touched one of the most fundamental questions in AS 2005.
You should look at what is called "Natural hierarchy" and you definitely should be using it in your dimension.
Not sure if what you have as a second example is Natural hierarchy. (Not clear what is the key of your dimension) But it looks close.
Some past posts on the same matter:
http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=360657&SiteID=1
http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=377519&SiteID=1
http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=193477&SiteID=1
Edward.
--
This posting is provided "AS IS" with no warranties, and confers no rights.
Thanks for the reply and the link to those treads. I've seem some of those treads before, but they never made sense before. I've since re-read the Project Real Analysis Services Technical Drilldown article and I believe I understand now. In my example above, the second option is the prefered design. Level 0 is the top, Level 1 roll ups up to Level 0, Level 2 rolls up to Level 1, etc. It was confusing because you drag the table fields onto the Hierarchy and Level area just like AS 2000. When you do this, AS 2005 creates a Key attribute that contains all of the levels. It is my understanding now that if the hierarchy are Natural and not Reporting Hierarchies, it is best to define the attribute relationship in the Hierarchy pane and remove the attribute from the attribute key definition. Thanks again.
Eric
Friday, February 24, 2012
attribute key cannot be found - regular hierarchy
I am a newbie in Analysis Services. I have just designed a cube, drawing data from a bigger database. In the cube measures are about responses to questionnairies. There are 3 dimensions: question, time of response and user (who responded).
Sorry for the short delay, my internet connection was just lame this morning.
The full list of errors is the following (I now check it again and I put to bold something I find interesting):
Errors in the OLAP storage engine: The attribute key cannot be found: Table: dbo_Activity, Column: Id, Value: {F1B5099A-F1D4-4156-945E-0D733EB71C8C}. Errors in the OLAP storage engine: The attribute key was converted to an unknown member because the attribute key was not found. Attribute Enterprise of Dimension: User from Database: QueStorm, Record: 2.
Errors in the OLAP storage engine: The attribute key cannot be found: Table: dbo_Activity, Column: Id, Value: {F1B5099A-F1D4-4156-945E-0D733EB71C8C}. Errors in the OLAP storage engine: The attribute key was converted to an unknown member because the attribute key was not found. Attribute Enterprise of Dimension: User from Database: QueStorm, Record: 2. Errors in the OLAP storage engine: The process operation ended because the number of errors encountered during processing reached the defined limit of allowable errors for the operation. Errors in the OLAP storage engine: An error occurred while the 'Enterprise' attribute of the 'User' dimension from the 'QueStorm' database was being processed.
Errors and Warnings from Response
Errors in the OLAP storage engine: The process operation ended because the number of errors encountered during processing reached the defined limit of allowable errors for the operation.
Errors in the OLAP storage engine: An error occurred while the 'Enterprise' attribute of the 'User' dimension from the 'QueStorm' database was being processed.
Errors in the OLAP storage engine: The process operation ended because the number of errors encountered during processing reached the defined limit of allowable errors for the operation.
Errors in the OLAP storage engine: The attribute key cannot be found: Table: dbo_Activity, Column: Id, Value: {F1B5099A-F1D4-4156-945E-0D733EB71C8C}.
Errors in the OLAP storage engine: The attribute key was converted to an unknown member because the attribute key was not found. Attribute Enterprise of Dimension: User from Database: QueStorm, Record: 2.
Finally, I am not even using the greek description in the cube.
The user hierarchy is a user-enterprise-activity hierarchy.
When the cube is processed I receive the following error when it reaches to process the enterprise part:
Warning 1 Errors in the OLAP storage engine: The attribute key cannot be found: Table: dbo_Activity, Column: Id, Value: {F1B5099A-F1D4-4156-945E-0D733EB71C8C}. 0 0
(then it believes to be unknown, it finds too many errors and stops).
This value is a correct value for an activity Id. But I suppose this means that the link between enterprise and activity doesn't work (it's perfectly ok in the relational database). But I cannot find why.
SELECT
DISTINCT
[dbo_Activity].[Id] AS [dbo_ActivityId0_0],[dbo_Activity].[EnglishDescription] AS [dbo_ActivityEnglishDescription0_1],[dbo_Activity].[FrenchDescription] AS [dbo_ActivityFrenchDescription0_2]
FROM
(
SELECT Activity.Id, LocalizedActivity.Description AS EnglishDescription, LocalizedActivity_1.Description AS FrenchDescription,
LocalizedActivity_2.Description AS GreekDescription, LocalizedActivity_2.NationalCode AS GreekCode, LocalizedActivity.NationalCode AS EnglishCode,
LocalizedActivity_1.NationalCode AS FrenchCode
FROM Activity INNER JOIN
LocalizedActivity ON Activity.Id = LocalizedActivity.ActivityId INNER JOIN
LocalizedActivity AS LocalizedActivity_1 ON Activity.Id = LocalizedActivity_1.ActivityId INNER JOIN
LocalizedActivity AS LocalizedActivity_2 ON Activity.Id = LocalizedActivity_2.ActivityId
WHERE (LocalizedActivity.Language = 'en-GB') AND (LocalizedActivity_1.Language = 'fr-FR') AND (LocalizedActivity_2.Language = 'gr-GR')
)
AS [dbo_Activity]
Processing Dimension Attribute 'Enterprise' failed. 1 rows have been read.
Start time: 24/5/2006 5:19:28 μμ; End time: 24/5/2006 5:19:28 μμ; Duration: 0:00:00
SQL queries 1
SELECT
DISTINCT
[dbo_Enterprise].[Id] AS [dbo_EnterpriseId0_0],[dbo_Enterprise].[Name] AS [dbo_EnterpriseName0_1],[dbo_Enterprise].[NationalCode] AS [dbo_EnterpriseNationalCode0_2],[dbo_Enterprise].[PrimaryActivity] AS [dbo_EnterprisePrimaryActivity0_3]
FROM
(
SELECT Id, Name, PrimaryActivity, NationalCode
FROM Enterprise
)
AS [dbo_Enterprise]
Can you post some more information about you situation.
Is error you receive is happening during processing of dimension or partition? If you are processing entire cube, please try to process your dimensions firts and then process partition, by partition.
What is the stucture of your user dimension?
I also see some non-english descriptions in the query, where do they come from?
Edward.
--
This posting is provided "AS IS" with no warranties, and confers no rights.
Sorry for the short delay, my internet connection was just lame this morning.
The problem is happening during cube processing, but also during user dimension processing.
The user dimension comes from this named query (yes it's a bit familiar for those accustomed to asp.net ;)):
SELECT aspnet_Users.UserId, aspnet_Users.UserName, aspnet_Users.Enterprise, aspnet_Membership.Email
FROM aspnet_Users INNER JOIN
aspnet_Membership ON aspnet_Users.UserId = aspnet_Membership.UserId
Afterwards in the User dimension hierarcy,
User (...) has Enterprise and User Name as attributes,
Enterprise (..) has Activity, Name_ and National Code as attributes and
Activity (.) has English Description and French Description as attributes
Detailed code in the end of the post
The descriptions, as it is shown in the code in the first post come from LocalizedActivity table. Activity is thus a named query, drawing data from the activity table and the localized activity one (multiple lines for the latter, two for english language, two for french and two for greek - yes I know, it's a strange combination of languages ;)).
[Code for the dimension in case it helps]
<Source xsi:type="DataSourceViewBinding" dwd:design-time-name="fae66f4d-967b-400e-9dd5-fe6ba89a6771">
<DataSourceViewID>Local Sql Server</DataSourceViewID>
</Source>
<UnknownMember>Visible</UnknownMember>
<CurrentStorageMode>Molap</CurrentStorageMode>
<Attributes>
<Attribute dwd:design-time-name="623f18b9-82f5-4641-9b53-e159ef88c0a3">
<ID>Aspnet Users</ID>
<Name>Aspnet Users</Name>
<Usage>Key</Usage>
<EstimatedCount>2</EstimatedCount>
<KeyColumns>
<KeyColumn dwd:design-time-name="7c5aecb6-c79f-489f-b16d-517a00536a99">
<NullProcessing>UnknownMember</NullProcessing>
<DataType>WChar</DataType>
<Source xsi:type="ColumnBinding" dwd:design-time-name="5c6894e9-7c7e-4d9e-a5e0-0db5e73af31a">
<TableID>dbo_aspnet_Users</TableID>
<ColumnID>UserId</ColumnID>
</Source>
</KeyColumn>
</KeyColumns>
<AttributeRelationships>
<AttributeRelationship dwd:design-time-name="9a225117-5e19-4e93-98ca-1f9c8aecbb34">
<AttributeID>User Name</AttributeID>
<Name>User Name</Name>
</AttributeRelationship>
<AttributeRelationship dwd:design-time-name="4bd453e1-04c5-44d4-925a-07b781710eb9">
<AttributeID>Enterprise</AttributeID>
<Name>Enterprise</Name>
</AttributeRelationship>
</AttributeRelationships>
<OrderBy>Key</OrderBy>
<InstanceSelection>DropDown</InstanceSelection>
</Attribute>
<Attribute dwd:design-time-name="4d504c73-5be5-4643-ad53-5945dbe0093e">
<ID>User Name</ID>
<Name>User Name</Name>
<Type>PersonFullName</Type>
<EstimatedCount>2</EstimatedCount>
<KeyColumns>
<KeyColumn dwd:design-time-name="1e48b643-917b-4cab-ac8e-c2b5b5836ef3">
<DataType>WChar</DataType>
<DataSize>256</DataSize>
<Source xsi:type="ColumnBinding" dwd:design-time-name="6047a2f6-953b-428a-86bf-59a4a716c9bb">
<TableID>dbo_aspnet_Users</TableID>
<ColumnID>UserName</ColumnID>
</Source>
</KeyColumn>
</KeyColumns>
<NameColumn dwd:design-time-name="c8a05998-f1cb-4a4b-bfbc-dc6412078020">
<DataType>WChar</DataType>
<DataSize>256</DataSize>
<Source xsi:type="ColumnBinding" dwd:design-time-name="72d2f7aa-9128-4f32-8c99-3393eade848f">
<TableID>dbo_aspnet_Users</TableID>
<ColumnID>UserName</ColumnID>
</Source>
</NameColumn>
<OrderBy>Key</OrderBy>
<InstanceSelection>DropDown</InstanceSelection>
</Attribute>
<Attribute dwd:design-time-name="5eda6b5e-78ef-4c22-8000-3a93dd23d6a4">
<ID>Enterprise</ID>
<Name>Enterprise</Name>
<KeyColumns>
<KeyColumn dwd:design-time-name="9c5e9ce9-d304-4fb3-b1c4-cbffee628798">
<NullProcessing>UnknownMember</NullProcessing>
<DataType>WChar</DataType>
<Source xsi:type="ColumnBinding" dwd:design-time-name="b1fea07e-c3cd-4811-aebc-21d90d834bec">
<TableID>dbo_Enterprise</TableID>
<ColumnID>Id</ColumnID>
</Source>
</KeyColumn>
</KeyColumns>
<NameColumn dwd:design-time-name="b50a3458-488b-45a2-8e33-5237b26fe3b6">
<DataType>WChar</DataType>
<DataSize>50</DataSize>
<Source xsi:type="ColumnBinding" dwd:design-time-name="13b0aaa9-c817-46b5-9609-36039dc8e487">
<TableID>dbo_Enterprise</TableID>
<ColumnID>Name</ColumnID>
</Source>
</NameColumn>
<AttributeRelationships>
<AttributeRelationship dwd:design-time-name="4a5648da-1625-4b0d-9911-41c45ab64325">
<AttributeID>National Code</AttributeID>
<Name>National Code</Name>
</AttributeRelationship>
<AttributeRelationship dwd:design-time-name="1f5d1cdb-3872-4d6b-97fc-e81cabd89429">
<AttributeID>Name</AttributeID>
<Name>Name_</Name>
</AttributeRelationship>
<AttributeRelationship dwd:design-time-name="c7be6cbf-f255-420c-8d70-c4b24d80706f">
<AttributeID>Activity</AttributeID>
<Name>Activity</Name>
<Visible>false</Visible>
</AttributeRelationship>
</AttributeRelationships>
<OrderBy>Key</OrderBy>
<InstanceSelection>DropDown</InstanceSelection>
</Attribute>
<Attribute dwd:design-time-name="5fa36ff1-0d08-4336-9bd7-90c15a6baf53">
<ID>National Code</ID>
<Name>National Code</Name>
<KeyColumns>
<KeyColumn dwd:design-time-name="8ec125a2-426e-41d1-bdf2-5c07b540b41b">
<DataType>WChar</DataType>
<DataSize>16</DataSize>
<Source xsi:type="ColumnBinding" dwd:design-time-name="eaeb27bc-d602-4e02-992c-8d619633b365">
<TableID>dbo_Enterprise</TableID>
<ColumnID>NationalCode</ColumnID>
</Source>
</KeyColumn>
</KeyColumns>
<OrderBy>Key</OrderBy>
</Attribute>
<Attribute dwd:design-time-name="5248c844-b5b4-4946-be3b-cd035c7d36d7">
<ID>Name</ID>
<Name>Name</Name>
<Type>Caption</Type>
<KeyColumns>
<KeyColumn dwd:design-time-name="30bbddd9-ebb1-4570-ac88-1825911cca8d">
<DataType>WChar</DataType>
<DataSize>50</DataSize>
<Source xsi:type="ColumnBinding" dwd:design-time-name="7b76b669-47bf-403e-b5e9-c95480031621">
<TableID>dbo_Enterprise</TableID>
<ColumnID>Name</ColumnID>
</Source>
</KeyColumn>
</KeyColumns>
<OrderBy>Key</OrderBy>
</Attribute>
<Attribute dwd:design-time-name="94b00c3c-bdb6-434e-93be-59cd8b702c86">
<ID>Activity</ID>
<Name>Activity</Name>
<KeyColumns>
<KeyColumn dwd:design-time-name="7e570409-f592-460b-83bb-7d36bd5c83ef">
<NullProcessing>UnknownMember</NullProcessing>
<DataType>WChar</DataType>
<Source xsi:type="ColumnBinding" dwd:design-time-name="633bf76c-9410-4513-9933-b3439975ce44">
<TableID>dbo_Activity</TableID>
<ColumnID>Id</ColumnID>
</Source>
</KeyColumn>
</KeyColumns>
<AttributeRelationships>
<AttributeRelationship dwd:design-time-name="376c55ce-bff9-48a1-bc19-0985819f9af8">
<AttributeID>Description</AttributeID>
<Name>EnglishDescription</Name>
</AttributeRelationship>
<AttributeRelationship dwd:design-time-name="612f91ad-e799-4aaa-bf7f-08a13a7a69ec">
<AttributeID>EnglishDescription 1</AttributeID>
<Name>FrenchDescription</Name>
</AttributeRelationship>
</AttributeRelationships>
<OrderBy>Key</OrderBy>
</Attribute>
<Attribute dwd:design-time-name="e6bcad35-b68c-477a-a03a-3f6b5de37d69">
<ID>Description</ID>
<Name>EnglishDescription</Name>
<Type>Caption</Type>
<KeyColumns>
<KeyColumn dwd:design-time-name="6a48f875-38dd-449f-8c4b-a037be5851b4">
<DataType>WChar</DataType>
<DataSize>128</DataSize>
<Source xsi:type="ColumnBinding" dwd:design-time-name="aa6ce269-8d62-408c-b7a9-538eee58708c">
<TableID>dbo_Activity</TableID>
<ColumnID>EnglishDescription</ColumnID>
</Source>
</KeyColumn>
</KeyColumns>
<OrderBy>Key</OrderBy>
</Attribute>
<Attribute dwd:design-time-name="51245cda-daf1-43d5-9c16-83f03c58c84d">
<ID>EnglishDescription 1</ID>
<Name>FrenchDescription</Name>
<Type>Caption</Type>
<KeyColumns>
<KeyColumn dwd:design-time-name="16b37f49-cbd4-4e2b-ad2f-87053b15083b">
<DataType>WChar</DataType>
<DataSize>128</DataSize>
<Source xsi:type="ColumnBinding" dwd:design-time-name="4fcc5408-b96d-4e24-b3d6-43bb33ca345b">
<TableID>dbo_Activity</TableID>
<ColumnID>FrenchDescription</ColumnID>
</Source>
</KeyColumn>
</KeyColumns>
<OrderBy>Key</OrderBy>
</Attribute>
</Attributes>
<Hierarchies>
<Hierarchy dwd:design-time-name="80e30aa7-1d98-49a3-ae89-14022ba5ff24">
<ID>Activity - Enterprise</ID>
<Name>Activity - Enterprise</Name>
<Levels>
<Level dwd:design-time-name="aaba10df-78c3-4509-b520-52b6e6fe656f">
<ID>Activity</ID>
<Name>Activity</Name>
<SourceAttributeID>Activity</SourceAttributeID>
</Level>
<Level dwd:design-time-name="05e46e50-bb6e-4f14-b4c8-2609dc5a9fb6">
<ID>Enterprise</ID>
<Name>Enterprise</Name>
<SourceAttributeID>Enterprise</SourceAttributeID>
</Level>
<Level dwd:design-time-name="348e276e-dc64-4665-b8ac-64f5739b40c4">
<ID>Aspnet Users</ID>
<Name>User</Name>
<SourceAttributeID>Aspnet Users</SourceAttributeID>
</Level>
</Levels>
</Hierarchy>
</Hierarchies>|||
It is bit strange...
Your error indicates:
Table: dbo_Activity, Column: Id, Value: {F1B5099A-F1D4-4156-945E-0D733EB71C8C}
But little below from there I see error message: Processing Dimension Attribute 'Enterprise' failed. 'Enterprise' attribute is based on the dbo_Enterprise table.
Processing of which attribute is failing?
Another observation, are you running Enterprise version of Analysis Services? In this case you should be able to take advantage of Translations feature and get rid of extra description in French and Greek.
Edward.
--
This posting is provided "AS IS" with no warranties, and confers no rights.
The full list of errors is the following (I now check it again and I put to bold something I find interesting):
Errors in the OLAP storage engine: The attribute key cannot be found: Table: dbo_Activity, Column: Id, Value: {F1B5099A-F1D4-4156-945E-0D733EB71C8C}. Errors in the OLAP storage engine: The attribute key was converted to an unknown member because the attribute key was not found. Attribute Enterprise of Dimension: User from Database: QueStorm, Record: 2.
Errors in the OLAP storage engine: The attribute key cannot be found: Table: dbo_Activity, Column: Id, Value: {F1B5099A-F1D4-4156-945E-0D733EB71C8C}. Errors in the OLAP storage engine: The attribute key was converted to an unknown member because the attribute key was not found. Attribute Enterprise of Dimension: User from Database: QueStorm, Record: 2. Errors in the OLAP storage engine: The process operation ended because the number of errors encountered during processing reached the defined limit of allowable errors for the operation. Errors in the OLAP storage engine: An error occurred while the 'Enterprise' attribute of the 'User' dimension from the 'QueStorm' database was being processed.
Errors and Warnings from Response
Errors in the OLAP storage engine: The process operation ended because the number of errors encountered during processing reached the defined limit of allowable errors for the operation.
Errors in the OLAP storage engine: An error occurred while the 'Enterprise' attribute of the 'User' dimension from the 'QueStorm' database was being processed.
Errors in the OLAP storage engine: The process operation ended because the number of errors encountered during processing reached the defined limit of allowable errors for the operation.
Errors in the OLAP storage engine: The attribute key cannot be found: Table: dbo_Activity, Column: Id, Value: {F1B5099A-F1D4-4156-945E-0D733EB71C8C}.
Errors in the OLAP storage engine: The attribute key was converted to an unknown member because the attribute key was not found. Attribute Enterprise of Dimension: User from Database: QueStorm, Record: 2.
I run Standard version. In any case, I need the French descriptions for the relational part of the application (so the table is already there, filled).|||
The problem I beleive is following:
When processing your Activity attribute, Analysis Server will send a SQL query to read all ActivityId's and will save these ActivityId's as keys for Activity attribute
While processing Enterprise attribute, it will send SQL query for EnterpriseId and also for matching ActvityId to know what is going to be the parent Activity for specific Enterprise.
Try copy SQL query for Activity attribute from processing dialog and append "Where" clause to it with ActivityId you getting from the Enterprise attribute error and send it directly. I suspect you will get an empty result.
The problem could be with the way you defined your Descritpion columns in SQL server. You need to make sure you set the collation correctly on Descriotion columns.
But this just a theory. Try doing the experiment above and see if get any results from the SQL query.
Edward.
--
This posting is provided "AS IS" with no warranties, and confers no rights.
Send it directly to where? Try it in Server Management Studio, that is? Or modify the named query for the Enterprise?
Thank you very much, I suspect some recent changes I made to the enterprise description (I tried to use the enterprise name as the description field of the enterprise instead of the key and I suspect it didn't work)
|||When running the query with the above id in the data view query editor, the results are ok (not empty).
Changing the name attribute didn't solve the problem
I send here an image in case it helps:
http://recursive-cacophony.net/tec-goblin/Irrelevant/UserDim.PNG
BTW, in ff this control works weirdly (I cannot use html code)|||
May be the last thing before I give up:)
Try creating new tables for your French and Greek descriptions: LocalizedActivity_1_F and LocalizedActivity_2_G
When creating these tables set collation for Description column to Latin1_General_BIN (I assume you are using SQL Server as your relational database ).
Populate these tables with data from LocalizedActivity_1 and LocalizedActivity_2, change your named query to point to the new tables and try processing dimension again.
Edward.
--
This posting is provided "AS IS" with no warranties, and confers no rights.
Finally, I am not even using the greek description in the cube.
In SQL Server Management Studio I can see data in all languages perfectly, and all fields are nvarchar, in the Cube they are wchar, I don't see many ways this could be a problem... :S|||Well, I finally found what was the problem. It had not to do with the cube, nor with the collation. It is actually in the select statement I have in the first post:
Using INNER JOIN (as the query designer always does) is a bad idea when sometimes the entries do not exist : for example there are no greek nor english descriptions for the activities right now in the database (it is for future use). So, if you use inner joins instead of nested select statements, you lose all the row, so instead of something like:
[anactivityId] [anactivityFrenchDescription] null null
you have no row at all.
Subscribe to:
Posts (Atom)