Hi,
I have a table users where there is a user_id and an department column.
Also i have a table called KRS where there are the same columns, when a userid is given i want to auto fill in the departmentid,
Can someone help me with this?
Cheers WimYou want help creating a denormalized database?
[sigh...]
If you absolutely need to do this, you can accomplish it through an INSERT trigger on your KRS table.
Why are you duplicating data like this?|||You want help creating a denormalized database?
[sigh...]
If you absolutely need to do this, you can accomplish it through an INSERT trigger on your KRS table.
Why are you duplicating data like this?I keep trying to shoot myself it the foot, but the rifle wobbles when I pull the trigger. Can one of you guys hold it for me?
I actually thought about trying to formulate a reply to this question, but nothing I wrote seemed fit to post. I'm thinking that a VIEW would make life a lot easier in the long run, what do you think?
-PatP
Showing posts with label users. Show all posts
Showing posts with label users. Show all posts
Thursday, March 29, 2012
Sunday, March 25, 2012
Authorization
Hi,
How to develop the application will run under user who have permission to view the reports.
When multiple users are accessing reports for example in this case i have 5 users.
could anyone help to me.
regards
kumar
first i have some question are the user in Domain or not if so then you can give each user the privileges on the reports you want on the reporting service
and by code you get the identity of the user in the context and then he will gain the privileges on the reports he can view
this is a great article which explain how you can do this
http://msdn2.microsoft.com/en-us/library/ms159846.aspx
http://msdn2.microsoft.com/en-us/library/ms159778.aspx
Authentication to SQL Server in ASP on Active Directory
I would like to be able to autheticate users connecting to SQL Server in
Active Server Pages on MS Active Directory.
Is this possible? If so, how?
Thank you.
AAAHi,
then you have to Map AD user account / group to sql server then you are
able to do it . please refer sp_adduser for more information it can be done
very well using this sp it is used to map those Windows (AD) accounts to SQL
and then use it in you ASP connection string. What is your Authentication
mode ?!
--
Andy Davis
Active Crypt Team
---SQL Server Encryption
Decryption Software
http://www.activecrypt.com
"AuntieAuntieAuntie" wrote:
> I would like to be able to autheticate users connecting to SQL Server in
> Active Server Pages on MS Active Directory.
> Is this possible? If so, how?
> Thank you.
> AAA|||Hi Andy,
This is the situation, (we can add users) but, not Domain Accounts that
belong to Domain Groups without a password on the connection string, within
an ASP on Active Directory, this is my current connection string:
<%
Dim strDatabaseType, objConn, cst
cst = "Provider=SQLOLEDB;data source=Z0123456;" &_
"Database=myDatabase;User ID=99;password=XXXXXXX;"
Set objConn = Server.CreateObject("ADODB.Connection")
%>
We would like to use a Domain Account as the userID without the password on
this connection string. On the database side, this account belongs to a
Domain Group, that has access to the database, it this possible? How can we
accomplish it?
AAA
"Andy Davis" wrote:
[vbcol=seagreen]
> Hi,
> then you have to Map AD user account / group to sql server then you are
> able to do it . please refer sp_adduser for more information it can be don
e
> very well using this sp it is used to map those Windows (AD) accounts to S
QL
> and then use it in you ASP connection string. What is your Authentication
> mode ?!
> --
> Andy Davis
> Active Crypt Team
> ---SQL Server Encryption
> Decryption Software
> http://www.activecrypt.com
>
> "AuntieAuntieAuntie" wrote:
>|||Hi,
We are using Windows Authentication for this applicaton.
AAA
"Andy Davis" wrote:
[vbcol=seagreen]
> Hi,
> then you have to Map AD user account / group to sql server then you are
> able to do it . please refer sp_adduser for more information it can be don
e
> very well using this sp it is used to map those Windows (AD) accounts to S
QL
> and then use it in you ASP connection string. What is your Authentication
> mode ?!
> --
> Andy Davis
> Active Crypt Team
> ---SQL Server Encryption
> Decryption Software
> http://www.activecrypt.com
>
> "AuntieAuntieAuntie" wrote:
>
Active Server Pages on MS Active Directory.
Is this possible? If so, how?
Thank you.
AAAHi,
then you have to Map AD user account / group to sql server then you are
able to do it . please refer sp_adduser for more information it can be done
very well using this sp it is used to map those Windows (AD) accounts to SQL
and then use it in you ASP connection string. What is your Authentication
mode ?!
--
Andy Davis
Active Crypt Team
---SQL Server Encryption
Decryption Software
http://www.activecrypt.com
"AuntieAuntieAuntie" wrote:
> I would like to be able to autheticate users connecting to SQL Server in
> Active Server Pages on MS Active Directory.
> Is this possible? If so, how?
> Thank you.
> AAA|||Hi Andy,
This is the situation, (we can add users) but, not Domain Accounts that
belong to Domain Groups without a password on the connection string, within
an ASP on Active Directory, this is my current connection string:
<%
Dim strDatabaseType, objConn, cst
cst = "Provider=SQLOLEDB;data source=Z0123456;" &_
"Database=myDatabase;User ID=99;password=XXXXXXX;"
Set objConn = Server.CreateObject("ADODB.Connection")
%>
We would like to use a Domain Account as the userID without the password on
this connection string. On the database side, this account belongs to a
Domain Group, that has access to the database, it this possible? How can we
accomplish it?
AAA
"Andy Davis" wrote:
[vbcol=seagreen]
> Hi,
> then you have to Map AD user account / group to sql server then you are
> able to do it . please refer sp_adduser for more information it can be don
e
> very well using this sp it is used to map those Windows (AD) accounts to S
QL
> and then use it in you ASP connection string. What is your Authentication
> mode ?!
> --
> Andy Davis
> Active Crypt Team
> ---SQL Server Encryption
> Decryption Software
> http://www.activecrypt.com
>
> "AuntieAuntieAuntie" wrote:
>|||Hi,
We are using Windows Authentication for this applicaton.
AAA
"Andy Davis" wrote:
[vbcol=seagreen]
> Hi,
> then you have to Map AD user account / group to sql server then you are
> able to do it . please refer sp_adduser for more information it can be don
e
> very well using this sp it is used to map those Windows (AD) accounts to S
QL
> and then use it in you ASP connection string. What is your Authentication
> mode ?!
> --
> Andy Davis
> Active Crypt Team
> ---SQL Server Encryption
> Decryption Software
> http://www.activecrypt.com
>
> "AuntieAuntieAuntie" wrote:
>
Authentication Reporting Services and web reportviewer
Hi,
I’ve an application Web which uses to reportviewer to show information. I want that all the users of the application accede to reports by means of he himself user and password. This user is a local user of report’s server. The problem is that when attempt to show report always appear the following error:
The request failed with HTTP status 401: Unauthorized.
The code that use is the following one:
ReportViewer1.ServerReport.ReportServerCredentials = new ReportViewerCredentials("Usuario", "pwd", "servidor");
using System;
using System.Data;
using System.Configuration;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
using Microsoft.Reporting.WebForms;
using System.Net;
using System.Security.Principal;
using System.Runtime.InteropServices;
/// <summary>
/// Summary description for ReportViewerCredentials
/// </summary>
public class ReportViewerCredentials : IReportServerCredentials
{
[DllImport("advapi32.dll", SetLastError = true)]
public extern static bool LogonUser(String lpszUsername, String lpszDomain, String lpszPassword, int dwLogonType, int dwLogonProvider, ref IntPtr phToken);
[DllImport("kernel32.dll", CharSet = CharSet.Auto)]
public extern static bool CloseHandle(IntPtr handle);
[DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)]
public extern static bool DuplicateToken(IntPtr ExistingTokenHandle,
int SECURITY_IMPERSONATION_LEVEL, ref IntPtr DuplicateTokenHandle);
public ReportViewerCredentials()
{
}
public ReportViewerCredentials(string username)
{
this.Username = username;
}
public ReportViewerCredentials(string username, string password)
{
this.Username = username;
this.Password = password;
}
public ReportViewerCredentials(string username, string password, string domain)
{
this.Username = username;
this.Password = password;
this.Domain = domain;
}
public string Username
{
get
{
return this.username;
}
set
{
string username = value;
if (username.Contains("\\"))
{
this.domain = username.Substring(0, username.IndexOf("\\"));
this.username = username.Substring(username.IndexOf("\\") + 1);
}
else
{
this.username = username;
}
}
}
private string username;
public string Password
{
get
{
return this.password;
}
set
{
this.password = value;
}
}
private string password;
public string Domain
{
get
{
return this.domain;
}
set
{
this.domain = value;
}
}
private string domain;
#region IReportServerCredentials Members
public bool GetBasicCredentials(out string basicUser, out string basicPassword, out string basicDomain)
{
basicUser = username;
basicPassword = password;
basicDomain = domain;
return username != null && password != null && domain != null;
}
public bool GetFormsCredentials(out string formsUser, out string formsPassword, out string formsAuthority)
{
formsUser = username;
formsPassword = password;
formsAuthority = domain;
return username != null && password != null && domain != null;
}
public bool GetFormsCredentials(out Cookie authCookie,out string user, out string password, out string authority)
{
authCookie = null;
user = password = authority = null;
return false;// Not implemented
}
public WindowsIdentity ImpersonationUser
{
get
{
string[] args = new string[3] { this.Domain.ToString(), this.Username.ToString(), this.Password.ToString() };
IntPtr tokenHandle = new IntPtr(0);
IntPtr dupeTokenHandle = new IntPtr(0);
//const int LOGON32_PROVIDER_DEFAULT = 0;
////This parameter causes LogonUser to create a primary token.
//const int LOGON32_LOGON_INTERACTIVE = 2;
const int LOGON32_PROVIDER_DEFAULT = 3;
//This parameter causes LogonUser to create a primary token.
const int LOGON32_LOGON_INTERACTIVE = 9;
const int SecurityImpersonation = 2;
tokenHandle = IntPtr.Zero;
dupeTokenHandle = IntPtr.Zero;
try
{
// Call LogonUser to obtain an handle to an access token.
bool returnValue = LogonUser(args[1], args[0], args[2],
LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT,
ref tokenHandle);
if (false == returnValue)
{
Console.WriteLine("LogonUser failed with error code : {0}",Marshal.GetLastWin32Error());
return null;
}
// Check the identity.
System.Diagnostics.Trace.WriteLine("Before impersonation: "
+ WindowsIdentity.GetCurrent().Name);
bool retVal = DuplicateToken(tokenHandle, SecurityImpersonation, ref dupeTokenHandle);
if (false == retVal)
{
CloseHandle(tokenHandle);
Console.WriteLine("Exception in token duplication.");
return null;
}
// The token that is passed to the following constructor must
// be a primary token to impersonate.
WindowsIdentity newId = new WindowsIdentity(dupeTokenHandle);
WindowsImpersonationContext impersonatedUser = newId.Impersonate();
// Free the tokens.
if (tokenHandle != IntPtr.Zero)
CloseHandle(tokenHandle);
if (dupeTokenHandle != IntPtr.Zero)
CloseHandle(dupeTokenHandle);
// Check the identity.
System.Diagnostics.Trace.WriteLine("After impersonation: "
+ WindowsIdentity.GetCurrent().Name);
return newId;
}
catch (Exception ex)
{
Console.WriteLine("Exception occurred. " + ex.Message);
}
return null;
}
}
public ICredentials NetworkCredentials
{
get
{
return null;// Not using NetworkCredentials to authenticate.
}
}
#endregion
}
Go to the following links, this will solve your problem
http://blogs.msdn.com/bimusings/archive/2005/12/05/500195.aspx
http://www.odetocode.com/Articles/216.aspx
Authentication Quirk
For some reason that I cannot figure out, some users are prompted for a
username and password when they request data in some reports. They can access
the reports OK, and choose the parameters OK, but then when they try to view
the report, they are prompted for credentials. If they click Cancel, the
report runs fine and the data is retrieved.
Any initial ideas?Do you have the datasource the report is using set to:
Connect Using:
The credentials supplied by the user running the report?
Adrian M.
"Mark Parter" <MarkParter@.discussions.microsoft.com> wrote in message
news:5D8230E0-EA56-4673-A88F-91E7C54F9DE8@.microsoft.com...
> For some reason that I cannot figure out, some users are prompted for a
> username and password when they request data in some reports. They can
> access
> the reports OK, and choose the parameters OK, but then when they try to
> view
> the report, they are prompted for credentials. If they click Cancel, the
> report runs fine and the data is retrieved.
> Any initial ideas?|||Thanks for replying.
To answer your question, no. The data source has the "Credentials stored
securely in the report server" option selected with the additional "Use as
Windows credentials when connecting to the data source" also selected.
Thanks.
"Adrian M." wrote:
> Do you have the datasource the report is using set to:
> Connect Using:
> The credentials supplied by the user running the report?
> Adrian M.
> "Mark Parter" <MarkParter@.discussions.microsoft.com> wrote in message
> news:5D8230E0-EA56-4673-A88F-91E7C54F9DE8@.microsoft.com...
> > For some reason that I cannot figure out, some users are prompted for a
> > username and password when they request data in some reports. They can
> > access
> > the reports OK, and choose the parameters OK, but then when they try to
> > view
> > the report, they are prompted for credentials. If they click Cancel, the
> > report runs fine and the data is retrieved.
> >
> > Any initial ideas?
>
>|||hmm, odd...
Some ideas, try the article http://support.microsoft.com/kb/842517
hth
Adrian M.
"Mark Parter" <MarkParter@.discussions.microsoft.com> wrote in message
news:FBAE3BCE-F1D9-4B02-AAAF-44199ADF3744@.microsoft.com...
> Thanks for replying.
> To answer your question, no. The data source has the "Credentials stored
> securely in the report server" option selected with the additional "Use as
> Windows credentials when connecting to the data source" also selected.
> Thanks.
> "Adrian M." wrote:
>> Do you have the datasource the report is using set to:
>> Connect Using:
>> The credentials supplied by the user running the report?
>> Adrian M.
>> "Mark Parter" <MarkParter@.discussions.microsoft.com> wrote in message
>> news:5D8230E0-EA56-4673-A88F-91E7C54F9DE8@.microsoft.com...
>> > For some reason that I cannot figure out, some users are prompted for a
>> > username and password when they request data in some reports. They can
>> > access
>> > the reports OK, and choose the parameters OK, but then when they try to
>> > view
>> > the report, they are prompted for credentials. If they click Cancel,
>> > the
>> > report runs fine and the data is retrieved.
>> >
>> > Any initial ideas?
>>|||Thanks for taking the time to help/post Adrian. For some unknown reason, the
problem has allegedly vanished. I say allegedly as a colleague informed me
yesterday that it was now working Ok for him but as I wasn't in the office
yesterday, I won't be able to confirm till Monday.
Fingers crossed.
"Adrian M." wrote:
> hmm, odd...
> Some ideas, try the article http://support.microsoft.com/kb/842517
> hth
> Adrian M.
> "Mark Parter" <MarkParter@.discussions.microsoft.com> wrote in message
> news:FBAE3BCE-F1D9-4B02-AAAF-44199ADF3744@.microsoft.com...
> > Thanks for replying.
> >
> > To answer your question, no. The data source has the "Credentials stored
> > securely in the report server" option selected with the additional "Use as
> > Windows credentials when connecting to the data source" also selected.
> >
> > Thanks.
> >
> > "Adrian M." wrote:
> >
> >> Do you have the datasource the report is using set to:
> >>
> >> Connect Using:
> >> The credentials supplied by the user running the report?
> >>
> >> Adrian M.
> >>
> >> "Mark Parter" <MarkParter@.discussions.microsoft.com> wrote in message
> >> news:5D8230E0-EA56-4673-A88F-91E7C54F9DE8@.microsoft.com...
> >> > For some reason that I cannot figure out, some users are prompted for a
> >> > username and password when they request data in some reports. They can
> >> > access
> >> > the reports OK, and choose the parameters OK, but then when they try to
> >> > view
> >> > the report, they are prompted for credentials. If they click Cancel,
> >> > the
> >> > report runs fine and the data is retrieved.
> >> >
> >> > Any initial ideas?
> >>
> >>
> >>
>
>
username and password when they request data in some reports. They can access
the reports OK, and choose the parameters OK, but then when they try to view
the report, they are prompted for credentials. If they click Cancel, the
report runs fine and the data is retrieved.
Any initial ideas?Do you have the datasource the report is using set to:
Connect Using:
The credentials supplied by the user running the report?
Adrian M.
"Mark Parter" <MarkParter@.discussions.microsoft.com> wrote in message
news:5D8230E0-EA56-4673-A88F-91E7C54F9DE8@.microsoft.com...
> For some reason that I cannot figure out, some users are prompted for a
> username and password when they request data in some reports. They can
> access
> the reports OK, and choose the parameters OK, but then when they try to
> view
> the report, they are prompted for credentials. If they click Cancel, the
> report runs fine and the data is retrieved.
> Any initial ideas?|||Thanks for replying.
To answer your question, no. The data source has the "Credentials stored
securely in the report server" option selected with the additional "Use as
Windows credentials when connecting to the data source" also selected.
Thanks.
"Adrian M." wrote:
> Do you have the datasource the report is using set to:
> Connect Using:
> The credentials supplied by the user running the report?
> Adrian M.
> "Mark Parter" <MarkParter@.discussions.microsoft.com> wrote in message
> news:5D8230E0-EA56-4673-A88F-91E7C54F9DE8@.microsoft.com...
> > For some reason that I cannot figure out, some users are prompted for a
> > username and password when they request data in some reports. They can
> > access
> > the reports OK, and choose the parameters OK, but then when they try to
> > view
> > the report, they are prompted for credentials. If they click Cancel, the
> > report runs fine and the data is retrieved.
> >
> > Any initial ideas?
>
>|||hmm, odd...
Some ideas, try the article http://support.microsoft.com/kb/842517
hth
Adrian M.
"Mark Parter" <MarkParter@.discussions.microsoft.com> wrote in message
news:FBAE3BCE-F1D9-4B02-AAAF-44199ADF3744@.microsoft.com...
> Thanks for replying.
> To answer your question, no. The data source has the "Credentials stored
> securely in the report server" option selected with the additional "Use as
> Windows credentials when connecting to the data source" also selected.
> Thanks.
> "Adrian M." wrote:
>> Do you have the datasource the report is using set to:
>> Connect Using:
>> The credentials supplied by the user running the report?
>> Adrian M.
>> "Mark Parter" <MarkParter@.discussions.microsoft.com> wrote in message
>> news:5D8230E0-EA56-4673-A88F-91E7C54F9DE8@.microsoft.com...
>> > For some reason that I cannot figure out, some users are prompted for a
>> > username and password when they request data in some reports. They can
>> > access
>> > the reports OK, and choose the parameters OK, but then when they try to
>> > view
>> > the report, they are prompted for credentials. If they click Cancel,
>> > the
>> > report runs fine and the data is retrieved.
>> >
>> > Any initial ideas?
>>|||Thanks for taking the time to help/post Adrian. For some unknown reason, the
problem has allegedly vanished. I say allegedly as a colleague informed me
yesterday that it was now working Ok for him but as I wasn't in the office
yesterday, I won't be able to confirm till Monday.
Fingers crossed.
"Adrian M." wrote:
> hmm, odd...
> Some ideas, try the article http://support.microsoft.com/kb/842517
> hth
> Adrian M.
> "Mark Parter" <MarkParter@.discussions.microsoft.com> wrote in message
> news:FBAE3BCE-F1D9-4B02-AAAF-44199ADF3744@.microsoft.com...
> > Thanks for replying.
> >
> > To answer your question, no. The data source has the "Credentials stored
> > securely in the report server" option selected with the additional "Use as
> > Windows credentials when connecting to the data source" also selected.
> >
> > Thanks.
> >
> > "Adrian M." wrote:
> >
> >> Do you have the datasource the report is using set to:
> >>
> >> Connect Using:
> >> The credentials supplied by the user running the report?
> >>
> >> Adrian M.
> >>
> >> "Mark Parter" <MarkParter@.discussions.microsoft.com> wrote in message
> >> news:5D8230E0-EA56-4673-A88F-91E7C54F9DE8@.microsoft.com...
> >> > For some reason that I cannot figure out, some users are prompted for a
> >> > username and password when they request data in some reports. They can
> >> > access
> >> > the reports OK, and choose the parameters OK, but then when they try to
> >> > view
> >> > the report, they are prompted for credentials. If they click Cancel,
> >> > the
> >> > report runs fine and the data is retrieved.
> >> >
> >> > Any initial ideas?
> >>
> >>
> >>
>
>
Thursday, March 22, 2012
Authentication Problem
I have an NT domain with an SQL Server 2000 server. Although there is
normally no problem for users to connect to the SQL server, I am now trying
to setup access for the IIS on one of the NT4 servers.
I have setup an ODBC connection on the NT4 server and added the IUSR account
for the NT server on the SQL server. However when I open an ASP page that
uses the DBC connection I get the error:
[Microsoft][ODBC SQL Server Driver][SQL Server]Login failed for user 'NT
AUTHORITY\ANONYMOUS LOGON'.
I have also tried adding an SQL user account rather than a domain account
and tried to setup the ODBC connection using the SQL account but I then get
an error saying that it can't login as it is not associated with a trusted
SQL connection.
See if this helps:
http://support.microsoft.com/default...b;EN-US;247931
HTH,
Vyas, MVP (SQL Server)
http://vyaskn.tripod.com/
Is .NET important for a database professional?
http://vyaskn.tripod.com/poll.htm
"MJ" <spaamfree@.belmont.co.uk> wrote in message
news:10dvjd2gvhivcb2@.corp.supernews.com...
I have an NT domain with an SQL Server 2000 server. Although there is
normally no problem for users to connect to the SQL server, I am now trying
to setup access for the IIS on one of the NT4 servers.
I have setup an ODBC connection on the NT4 server and added the IUSR account
for the NT server on the SQL server. However when I open an ASP page that
uses the DBC connection I get the error:
[Microsoft][ODBC SQL Server Driver][SQL Server]Login failed for user 'NT
AUTHORITY\ANONYMOUS LOGON'.
I have also tried adding an SQL user account rather than a domain account
and tried to setup the ODBC connection using the SQL account but I then get
an error saying that it can't login as it is not associated with a trusted
SQL connection.
|||Moving a database from one disk to another on the same machine/same instance
of SQL Server should have NO effect on access..
You mentioned that users of OTHER databases are also having problems... The
table which might have the answer is in master..sysxlogins...
Do a dbcc checktable on it ( and maybe dbcc checkdb) on master... you may
have some corruption problems.
Wayne Snyder, MCDBA, SQL Server MVP
Mariner, Charlotte, NC
www.mariner-usa.com
(Please respond only to the newsgroups.)
I support the Professional Association of SQL Server (PASS) and it's
community of SQL Server professionals.
www.sqlpass.org
"MJ" <spaamfree@.belmont.co.uk> wrote in message
news:10dvjd2gvhivcb2@.corp.supernews.com...
> I have an NT domain with an SQL Server 2000 server. Although there is
> normally no problem for users to connect to the SQL server, I am now
trying
> to setup access for the IIS on one of the NT4 servers.
> I have setup an ODBC connection on the NT4 server and added the IUSR
account
> for the NT server on the SQL server. However when I open an ASP page that
> uses the DBC connection I get the error:
> [Microsoft][ODBC SQL Server Driver][SQL Server]Login failed for user 'NT
> AUTHORITY\ANONYMOUS LOGON'.
> I have also tried adding an SQL user account rather than a domain account
> and tried to setup the ODBC connection using the SQL account but I then
get
> an error saying that it can't login as it is not associated with a trusted
> SQL connection.
>
|||additionally, you might read in Books On Line about the procedure for moving
a log shipping database into production... It includes the tasks of getting
master..sysxlogins to match up with the database users..
Some of the information there will describe how the two tables work together
and how you might fix yours ( if it has been corrupted..)
Wayne Snyder, MCDBA, SQL Server MVP
Mariner, Charlotte, NC
www.mariner-usa.com
(Please respond only to the newsgroups.)
I support the Professional Association of SQL Server (PASS) and it's
community of SQL Server professionals.
www.sqlpass.org
"MJ" <spaamfree@.belmont.co.uk> wrote in message
news:10dvjd2gvhivcb2@.corp.supernews.com...
> I have an NT domain with an SQL Server 2000 server. Although there is
> normally no problem for users to connect to the SQL server, I am now
trying
> to setup access for the IIS on one of the NT4 servers.
> I have setup an ODBC connection on the NT4 server and added the IUSR
account
> for the NT server on the SQL server. However when I open an ASP page that
> uses the DBC connection I get the error:
> [Microsoft][ODBC SQL Server Driver][SQL Server]Login failed for user 'NT
> AUTHORITY\ANONYMOUS LOGON'.
> I have also tried adding an SQL user account rather than a domain account
> and tried to setup the ODBC connection using the SQL account but I then
get
> an error saying that it can't login as it is not associated with a trusted
> SQL connection.
>
normally no problem for users to connect to the SQL server, I am now trying
to setup access for the IIS on one of the NT4 servers.
I have setup an ODBC connection on the NT4 server and added the IUSR account
for the NT server on the SQL server. However when I open an ASP page that
uses the DBC connection I get the error:
[Microsoft][ODBC SQL Server Driver][SQL Server]Login failed for user 'NT
AUTHORITY\ANONYMOUS LOGON'.
I have also tried adding an SQL user account rather than a domain account
and tried to setup the ODBC connection using the SQL account but I then get
an error saying that it can't login as it is not associated with a trusted
SQL connection.
See if this helps:
http://support.microsoft.com/default...b;EN-US;247931
HTH,
Vyas, MVP (SQL Server)
http://vyaskn.tripod.com/
Is .NET important for a database professional?
http://vyaskn.tripod.com/poll.htm
"MJ" <spaamfree@.belmont.co.uk> wrote in message
news:10dvjd2gvhivcb2@.corp.supernews.com...
I have an NT domain with an SQL Server 2000 server. Although there is
normally no problem for users to connect to the SQL server, I am now trying
to setup access for the IIS on one of the NT4 servers.
I have setup an ODBC connection on the NT4 server and added the IUSR account
for the NT server on the SQL server. However when I open an ASP page that
uses the DBC connection I get the error:
[Microsoft][ODBC SQL Server Driver][SQL Server]Login failed for user 'NT
AUTHORITY\ANONYMOUS LOGON'.
I have also tried adding an SQL user account rather than a domain account
and tried to setup the ODBC connection using the SQL account but I then get
an error saying that it can't login as it is not associated with a trusted
SQL connection.
|||Moving a database from one disk to another on the same machine/same instance
of SQL Server should have NO effect on access..
You mentioned that users of OTHER databases are also having problems... The
table which might have the answer is in master..sysxlogins...
Do a dbcc checktable on it ( and maybe dbcc checkdb) on master... you may
have some corruption problems.
Wayne Snyder, MCDBA, SQL Server MVP
Mariner, Charlotte, NC
www.mariner-usa.com
(Please respond only to the newsgroups.)
I support the Professional Association of SQL Server (PASS) and it's
community of SQL Server professionals.
www.sqlpass.org
"MJ" <spaamfree@.belmont.co.uk> wrote in message
news:10dvjd2gvhivcb2@.corp.supernews.com...
> I have an NT domain with an SQL Server 2000 server. Although there is
> normally no problem for users to connect to the SQL server, I am now
trying
> to setup access for the IIS on one of the NT4 servers.
> I have setup an ODBC connection on the NT4 server and added the IUSR
account
> for the NT server on the SQL server. However when I open an ASP page that
> uses the DBC connection I get the error:
> [Microsoft][ODBC SQL Server Driver][SQL Server]Login failed for user 'NT
> AUTHORITY\ANONYMOUS LOGON'.
> I have also tried adding an SQL user account rather than a domain account
> and tried to setup the ODBC connection using the SQL account but I then
get
> an error saying that it can't login as it is not associated with a trusted
> SQL connection.
>
|||additionally, you might read in Books On Line about the procedure for moving
a log shipping database into production... It includes the tasks of getting
master..sysxlogins to match up with the database users..
Some of the information there will describe how the two tables work together
and how you might fix yours ( if it has been corrupted..)
Wayne Snyder, MCDBA, SQL Server MVP
Mariner, Charlotte, NC
www.mariner-usa.com
(Please respond only to the newsgroups.)
I support the Professional Association of SQL Server (PASS) and it's
community of SQL Server professionals.
www.sqlpass.org
"MJ" <spaamfree@.belmont.co.uk> wrote in message
news:10dvjd2gvhivcb2@.corp.supernews.com...
> I have an NT domain with an SQL Server 2000 server. Although there is
> normally no problem for users to connect to the SQL server, I am now
trying
> to setup access for the IIS on one of the NT4 servers.
> I have setup an ODBC connection on the NT4 server and added the IUSR
account
> for the NT server on the SQL server. However when I open an ASP page that
> uses the DBC connection I get the error:
> [Microsoft][ODBC SQL Server Driver][SQL Server]Login failed for user 'NT
> AUTHORITY\ANONYMOUS LOGON'.
> I have also tried adding an SQL user account rather than a domain account
> and tried to setup the ODBC connection using the SQL account but I then
get
> an error saying that it can't login as it is not associated with a trusted
> SQL connection.
>
Authentication Problem
I have an NT domain with an SQL Server 2000 server. Although there is
normally no problem for users to connect to the SQL server, I am now trying
to setup access for the IIS on one of the NT4 servers.
I have setup an ODBC connection on the NT4 server and added the IUSR account
for the NT server on the SQL server. However when I open an ASP page that
uses the DBC connection I get the error:
[Microsoft][ODBC SQL Server Driver][SQL Server]Login failed for
user 'NT
AUTHORITY\ANONYMOUS LOGON'.
I have also tried adding an SQL user account rather than a domain account
and tried to setup the ODBC connection using the SQL account but I then get
an error saying that it can't login as it is not associated with a trusted
SQL connection.See if this helps:
http://support.microsoft.com/defaul...kb;EN-US;247931
--
HTH,
Vyas, MVP (SQL Server)
http://vyaskn.tripod.com/
Is .NET important for a database professional?
http://vyaskn.tripod.com/poll.htm
"MJ" <spaamfree@.belmont.co.uk> wrote in message
news:10dvjd2gvhivcb2@.corp.supernews.com...
I have an NT domain with an SQL Server 2000 server. Although there is
normally no problem for users to connect to the SQL server, I am now trying
to setup access for the IIS on one of the NT4 servers.
I have setup an ODBC connection on the NT4 server and added the IUSR account
for the NT server on the SQL server. However when I open an ASP page that
uses the DBC connection I get the error:
[Microsoft][ODBC SQL Server Driver][SQL Server]Login failed for
user 'NT
AUTHORITY\ANONYMOUS LOGON'.
I have also tried adding an SQL user account rather than a domain account
and tried to setup the ODBC connection using the SQL account but I then get
an error saying that it can't login as it is not associated with a trusted
SQL connection.|||Moving a database from one disk to another on the same machine/same instance
of SQL Server should have NO effect on access..
You mentioned that users of OTHER databases are also having problems... The
table which might have the answer is in master..sysxlogins...
Do a dbcc checktable on it ( and maybe dbcc checkdb) on master... you may
have some corruption problems.
Wayne Snyder, MCDBA, SQL Server MVP
Mariner, Charlotte, NC
www.mariner-usa.com
(Please respond only to the newsgroups.)
I support the Professional Association of SQL Server (PASS) and it's
community of SQL Server professionals.
www.sqlpass.org
"MJ" <spaamfree@.belmont.co.uk> wrote in message
news:10dvjd2gvhivcb2@.corp.supernews.com...
> I have an NT domain with an SQL Server 2000 server. Although there is
> normally no problem for users to connect to the SQL server, I am now
trying
> to setup access for the IIS on one of the NT4 servers.
> I have setup an ODBC connection on the NT4 server and added the IUSR
account
> for the NT server on the SQL server. However when I open an ASP page that
> uses the DBC connection I get the error:
> [Microsoft][ODBC SQL Server Driver][SQL Server]Login failed fo
r user 'NT
> AUTHORITY\ANONYMOUS LOGON'.
> I have also tried adding an SQL user account rather than a domain account
> and tried to setup the ODBC connection using the SQL account but I then
get
> an error saying that it can't login as it is not associated with a trusted
> SQL connection.
>|||additionally, you might read in Books On Line about the procedure for moving
a log shipping database into production... It includes the tasks of getting
master..sysxlogins to match up with the database users..
Some of the information there will describe how the two tables work together
and how you might fix yours ( if it has been corrupted..)
Wayne Snyder, MCDBA, SQL Server MVP
Mariner, Charlotte, NC
www.mariner-usa.com
(Please respond only to the newsgroups.)
I support the Professional Association of SQL Server (PASS) and it's
community of SQL Server professionals.
www.sqlpass.org
"MJ" <spaamfree@.belmont.co.uk> wrote in message
news:10dvjd2gvhivcb2@.corp.supernews.com...
> I have an NT domain with an SQL Server 2000 server. Although there is
> normally no problem for users to connect to the SQL server, I am now
trying
> to setup access for the IIS on one of the NT4 servers.
> I have setup an ODBC connection on the NT4 server and added the IUSR
account
> for the NT server on the SQL server. However when I open an ASP page that
> uses the DBC connection I get the error:
> [Microsoft][ODBC SQL Server Driver][SQL Server]Login failed fo
r user 'NT
> AUTHORITY\ANONYMOUS LOGON'.
> I have also tried adding an SQL user account rather than a domain account
> and tried to setup the ODBC connection using the SQL account but I then
get
> an error saying that it can't login as it is not associated with a trusted
> SQL connection.
>
normally no problem for users to connect to the SQL server, I am now trying
to setup access for the IIS on one of the NT4 servers.
I have setup an ODBC connection on the NT4 server and added the IUSR account
for the NT server on the SQL server. However when I open an ASP page that
uses the DBC connection I get the error:
[Microsoft][ODBC SQL Server Driver][SQL Server]Login failed for
user 'NT
AUTHORITY\ANONYMOUS LOGON'.
I have also tried adding an SQL user account rather than a domain account
and tried to setup the ODBC connection using the SQL account but I then get
an error saying that it can't login as it is not associated with a trusted
SQL connection.See if this helps:
http://support.microsoft.com/defaul...kb;EN-US;247931
--
HTH,
Vyas, MVP (SQL Server)
http://vyaskn.tripod.com/
Is .NET important for a database professional?
http://vyaskn.tripod.com/poll.htm
"MJ" <spaamfree@.belmont.co.uk> wrote in message
news:10dvjd2gvhivcb2@.corp.supernews.com...
I have an NT domain with an SQL Server 2000 server. Although there is
normally no problem for users to connect to the SQL server, I am now trying
to setup access for the IIS on one of the NT4 servers.
I have setup an ODBC connection on the NT4 server and added the IUSR account
for the NT server on the SQL server. However when I open an ASP page that
uses the DBC connection I get the error:
[Microsoft][ODBC SQL Server Driver][SQL Server]Login failed for
user 'NT
AUTHORITY\ANONYMOUS LOGON'.
I have also tried adding an SQL user account rather than a domain account
and tried to setup the ODBC connection using the SQL account but I then get
an error saying that it can't login as it is not associated with a trusted
SQL connection.|||Moving a database from one disk to another on the same machine/same instance
of SQL Server should have NO effect on access..
You mentioned that users of OTHER databases are also having problems... The
table which might have the answer is in master..sysxlogins...
Do a dbcc checktable on it ( and maybe dbcc checkdb) on master... you may
have some corruption problems.
Wayne Snyder, MCDBA, SQL Server MVP
Mariner, Charlotte, NC
www.mariner-usa.com
(Please respond only to the newsgroups.)
I support the Professional Association of SQL Server (PASS) and it's
community of SQL Server professionals.
www.sqlpass.org
"MJ" <spaamfree@.belmont.co.uk> wrote in message
news:10dvjd2gvhivcb2@.corp.supernews.com...
> I have an NT domain with an SQL Server 2000 server. Although there is
> normally no problem for users to connect to the SQL server, I am now
trying
> to setup access for the IIS on one of the NT4 servers.
> I have setup an ODBC connection on the NT4 server and added the IUSR
account
> for the NT server on the SQL server. However when I open an ASP page that
> uses the DBC connection I get the error:
> [Microsoft][ODBC SQL Server Driver][SQL Server]Login failed fo
r user 'NT
> AUTHORITY\ANONYMOUS LOGON'.
> I have also tried adding an SQL user account rather than a domain account
> and tried to setup the ODBC connection using the SQL account but I then
get
> an error saying that it can't login as it is not associated with a trusted
> SQL connection.
>|||additionally, you might read in Books On Line about the procedure for moving
a log shipping database into production... It includes the tasks of getting
master..sysxlogins to match up with the database users..
Some of the information there will describe how the two tables work together
and how you might fix yours ( if it has been corrupted..)
Wayne Snyder, MCDBA, SQL Server MVP
Mariner, Charlotte, NC
www.mariner-usa.com
(Please respond only to the newsgroups.)
I support the Professional Association of SQL Server (PASS) and it's
community of SQL Server professionals.
www.sqlpass.org
"MJ" <spaamfree@.belmont.co.uk> wrote in message
news:10dvjd2gvhivcb2@.corp.supernews.com...
> I have an NT domain with an SQL Server 2000 server. Although there is
> normally no problem for users to connect to the SQL server, I am now
trying
> to setup access for the IIS on one of the NT4 servers.
> I have setup an ODBC connection on the NT4 server and added the IUSR
account
> for the NT server on the SQL server. However when I open an ASP page that
> uses the DBC connection I get the error:
> [Microsoft][ODBC SQL Server Driver][SQL Server]Login failed fo
r user 'NT
> AUTHORITY\ANONYMOUS LOGON'.
> I have also tried adding an SQL user account rather than a domain account
> and tried to setup the ODBC connection using the SQL account but I then
get
> an error saying that it can't login as it is not associated with a trusted
> SQL connection.
>
Authentication Problem
I have an NT domain with an SQL Server 2000 server. Although there is
normally no problem for users to connect to the SQL server, I am now trying
to setup access for the IIS on one of the NT4 servers.
I have setup an ODBC connection on the NT4 server and added the IUSR account
for the NT server on the SQL server. However when I open an ASP page that
uses the DBC connection I get the error:
[Microsoft][ODBC SQL Server Driver][SQL Server]Login failed for user 'NT
AUTHORITY\ANONYMOUS LOGON'.
I have also tried adding an SQL user account rather than a domain account
and tried to setup the ODBC connection using the SQL account but I then get
an error saying that it can't login as it is not associated with a trusted
SQL connection.See if this helps:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;247931
--
HTH,
Vyas, MVP (SQL Server)
http://vyaskn.tripod.com/
Is .NET important for a database professional?
http://vyaskn.tripod.com/poll.htm
"MJ" <spaamfree@.belmont.co.uk> wrote in message
news:10dvjd2gvhivcb2@.corp.supernews.com...
I have an NT domain with an SQL Server 2000 server. Although there is
normally no problem for users to connect to the SQL server, I am now trying
to setup access for the IIS on one of the NT4 servers.
I have setup an ODBC connection on the NT4 server and added the IUSR account
for the NT server on the SQL server. However when I open an ASP page that
uses the DBC connection I get the error:
[Microsoft][ODBC SQL Server Driver][SQL Server]Login failed for user 'NT
AUTHORITY\ANONYMOUS LOGON'.
I have also tried adding an SQL user account rather than a domain account
and tried to setup the ODBC connection using the SQL account but I then get
an error saying that it can't login as it is not associated with a trusted
SQL connection.|||Moving a database from one disk to another on the same machine/same instance
of SQL Server should have NO effect on access..
You mentioned that users of OTHER databases are also having problems... The
table which might have the answer is in master..sysxlogins...
Do a dbcc checktable on it ( and maybe dbcc checkdb) on master... you may
have some corruption problems.
--
Wayne Snyder, MCDBA, SQL Server MVP
Mariner, Charlotte, NC
www.mariner-usa.com
(Please respond only to the newsgroups.)
I support the Professional Association of SQL Server (PASS) and it's
community of SQL Server professionals.
www.sqlpass.org
"MJ" <spaamfree@.belmont.co.uk> wrote in message
news:10dvjd2gvhivcb2@.corp.supernews.com...
> I have an NT domain with an SQL Server 2000 server. Although there is
> normally no problem for users to connect to the SQL server, I am now
trying
> to setup access for the IIS on one of the NT4 servers.
> I have setup an ODBC connection on the NT4 server and added the IUSR
account
> for the NT server on the SQL server. However when I open an ASP page that
> uses the DBC connection I get the error:
> [Microsoft][ODBC SQL Server Driver][SQL Server]Login failed for user 'NT
> AUTHORITY\ANONYMOUS LOGON'.
> I have also tried adding an SQL user account rather than a domain account
> and tried to setup the ODBC connection using the SQL account but I then
get
> an error saying that it can't login as it is not associated with a trusted
> SQL connection.
>|||additionally, you might read in Books On Line about the procedure for moving
a log shipping database into production... It includes the tasks of getting
master..sysxlogins to match up with the database users..
Some of the information there will describe how the two tables work together
and how you might fix yours ( if it has been corrupted..)
--
Wayne Snyder, MCDBA, SQL Server MVP
Mariner, Charlotte, NC
www.mariner-usa.com
(Please respond only to the newsgroups.)
I support the Professional Association of SQL Server (PASS) and it's
community of SQL Server professionals.
www.sqlpass.org
"MJ" <spaamfree@.belmont.co.uk> wrote in message
news:10dvjd2gvhivcb2@.corp.supernews.com...
> I have an NT domain with an SQL Server 2000 server. Although there is
> normally no problem for users to connect to the SQL server, I am now
trying
> to setup access for the IIS on one of the NT4 servers.
> I have setup an ODBC connection on the NT4 server and added the IUSR
account
> for the NT server on the SQL server. However when I open an ASP page that
> uses the DBC connection I get the error:
> [Microsoft][ODBC SQL Server Driver][SQL Server]Login failed for user 'NT
> AUTHORITY\ANONYMOUS LOGON'.
> I have also tried adding an SQL user account rather than a domain account
> and tried to setup the ODBC connection using the SQL account but I then
get
> an error saying that it can't login as it is not associated with a trusted
> SQL connection.
>
normally no problem for users to connect to the SQL server, I am now trying
to setup access for the IIS on one of the NT4 servers.
I have setup an ODBC connection on the NT4 server and added the IUSR account
for the NT server on the SQL server. However when I open an ASP page that
uses the DBC connection I get the error:
[Microsoft][ODBC SQL Server Driver][SQL Server]Login failed for user 'NT
AUTHORITY\ANONYMOUS LOGON'.
I have also tried adding an SQL user account rather than a domain account
and tried to setup the ODBC connection using the SQL account but I then get
an error saying that it can't login as it is not associated with a trusted
SQL connection.See if this helps:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;247931
--
HTH,
Vyas, MVP (SQL Server)
http://vyaskn.tripod.com/
Is .NET important for a database professional?
http://vyaskn.tripod.com/poll.htm
"MJ" <spaamfree@.belmont.co.uk> wrote in message
news:10dvjd2gvhivcb2@.corp.supernews.com...
I have an NT domain with an SQL Server 2000 server. Although there is
normally no problem for users to connect to the SQL server, I am now trying
to setup access for the IIS on one of the NT4 servers.
I have setup an ODBC connection on the NT4 server and added the IUSR account
for the NT server on the SQL server. However when I open an ASP page that
uses the DBC connection I get the error:
[Microsoft][ODBC SQL Server Driver][SQL Server]Login failed for user 'NT
AUTHORITY\ANONYMOUS LOGON'.
I have also tried adding an SQL user account rather than a domain account
and tried to setup the ODBC connection using the SQL account but I then get
an error saying that it can't login as it is not associated with a trusted
SQL connection.|||Moving a database from one disk to another on the same machine/same instance
of SQL Server should have NO effect on access..
You mentioned that users of OTHER databases are also having problems... The
table which might have the answer is in master..sysxlogins...
Do a dbcc checktable on it ( and maybe dbcc checkdb) on master... you may
have some corruption problems.
--
Wayne Snyder, MCDBA, SQL Server MVP
Mariner, Charlotte, NC
www.mariner-usa.com
(Please respond only to the newsgroups.)
I support the Professional Association of SQL Server (PASS) and it's
community of SQL Server professionals.
www.sqlpass.org
"MJ" <spaamfree@.belmont.co.uk> wrote in message
news:10dvjd2gvhivcb2@.corp.supernews.com...
> I have an NT domain with an SQL Server 2000 server. Although there is
> normally no problem for users to connect to the SQL server, I am now
trying
> to setup access for the IIS on one of the NT4 servers.
> I have setup an ODBC connection on the NT4 server and added the IUSR
account
> for the NT server on the SQL server. However when I open an ASP page that
> uses the DBC connection I get the error:
> [Microsoft][ODBC SQL Server Driver][SQL Server]Login failed for user 'NT
> AUTHORITY\ANONYMOUS LOGON'.
> I have also tried adding an SQL user account rather than a domain account
> and tried to setup the ODBC connection using the SQL account but I then
get
> an error saying that it can't login as it is not associated with a trusted
> SQL connection.
>|||additionally, you might read in Books On Line about the procedure for moving
a log shipping database into production... It includes the tasks of getting
master..sysxlogins to match up with the database users..
Some of the information there will describe how the two tables work together
and how you might fix yours ( if it has been corrupted..)
--
Wayne Snyder, MCDBA, SQL Server MVP
Mariner, Charlotte, NC
www.mariner-usa.com
(Please respond only to the newsgroups.)
I support the Professional Association of SQL Server (PASS) and it's
community of SQL Server professionals.
www.sqlpass.org
"MJ" <spaamfree@.belmont.co.uk> wrote in message
news:10dvjd2gvhivcb2@.corp.supernews.com...
> I have an NT domain with an SQL Server 2000 server. Although there is
> normally no problem for users to connect to the SQL server, I am now
trying
> to setup access for the IIS on one of the NT4 servers.
> I have setup an ODBC connection on the NT4 server and added the IUSR
account
> for the NT server on the SQL server. However when I open an ASP page that
> uses the DBC connection I get the error:
> [Microsoft][ODBC SQL Server Driver][SQL Server]Login failed for user 'NT
> AUTHORITY\ANONYMOUS LOGON'.
> I have also tried adding an SQL user account rather than a domain account
> and tried to setup the ODBC connection using the SQL account but I then
get
> an error saying that it can't login as it is not associated with a trusted
> SQL connection.
>
Authentication over the internet
I am building an asp.net app that will use reporting services to show reports within the application. Users login to the application and when they need to see a report I use web services to render the report. The asp.net app and reporting services are on the same windows 2003 server (not using active directory).
Because reporting services uses Windows authentication and does not allow anonymous access, I have created a windows account (called "RSUser") that has access to my reports. When the user runs a report, I pass in the credentials for this windows account like this...
rs.Credentials = New System.Net.NetworkCredential("RSUser", "password", "domain")
This all works, and the report renders using the permissions from RSUser. The problem is that all the reports use treeviews for drill-down (and some use drill-through). When you expand a drill down you are prompted for a windows login. I think this is because this postback is now coming from the client PC, instead if from the asp.net app (i.e. on the server), and so reporting services needs to anthenticate this new user.
The only solution that I have found for this is developing a security extension for reporting services...
http://msdn.microsoft.com/library/?url=/library/en-us/dnsql2k/html/ufairs.asp?frame=true#ufairs_topic3
... but this seems like overkill and a very complicated process, and Microsoft says in the article that this is not fully tested and should not be used in a production environment (but that where I need it for).
Does anyone have a solution ?
Craig HBJust a thought: Have you tried to setup a individual Application pool that works with your RSUser Account?
"Craig HB" wrote:
> I am building an asp.net app that will use reporting services to show reports within the application. Users login to the application and when they need to see a report I use web services to render the report. The asp.net app and reporting services are on the same windows 2003 server (not using active directory).
> Because reporting services uses Windows authentication and does not allow anonymous access, I have created a windows account (called "RSUser") that has access to my reports. When the user runs a report, I pass in the credentials for this windows account like this...
> rs.Credentials = New System.Net.NetworkCredential("RSUser", "password", "domain")
> This all works, and the report renders using the permissions from RSUser. The problem is that all the reports use treeviews for drill-down (and some use drill-through). When you expand a drill down you are prompted for a windows login. I think this is because this postback is now coming from the client PC, instead if from the asp.net app (i.e. on the server), and so reporting services needs to anthenticate this new user.
> The only solution that I have found for this is developing a security extension for reporting services...
> http://msdn.microsoft.com/library/?url=/library/en-us/dnsql2k/html/ufairs.asp?frame=true#ufairs_topic3
> ... but this seems like overkill and a very complicated process, and Microsoft says in the article that this is not fully tested and should not be used in a production environment (but that where I need it for).
> Does anyone have a solution ?
> Craig HB|||Craig,
You are right. You get prompted because the drilldown and drillthough
interactive features require URL acccess and request goes out on the client
side of the application.
In a nutshell, if your reports have interactive features you need to go for
URL access. For Internet-oriented apps this means writing a custom security
extension. It is not that involved to write and I have deployed an
application that uses a custom security extension in a production
environment. There are some gotchas to avoid but in general my experience
writing custom security extensions have been positive and you will learn a
lot about how RS handles authentication and authorization.
--
Hope this helps.
---
Teo Lachev, MCSD, MCT
Author: "Microsoft Reporting Services in Action"
http://www.prologika.com
"Gash" <Gash@.discussions.microsoft.com> wrote in message
news:FFF038F5-4A21-4DFA-846C-6A3A84683D2D@.microsoft.com...
> Just a thought: Have you tried to setup a individual Application pool that
works with your RSUser Account?
> "Craig HB" wrote:
> > I am building an asp.net app that will use reporting services to show
reports within the application. Users login to the application and when they
need to see a report I use web services to render the report. The asp.net
app and reporting services are on the same windows 2003 server (not using
active directory).
> >
> > Because reporting services uses Windows authentication and does not
allow anonymous access, I have created a windows account (called "RSUser")
that has access to my reports. When the user runs a report, I pass in the
credentials for this windows account like this...
> >
> > rs.Credentials = New System.Net.NetworkCredential("RSUser", "password",
"domain")
> >
> > This all works, and the report renders using the permissions from
RSUser. The problem is that all the reports use treeviews for drill-down
(and some use drill-through). When you expand a drill down you are prompted
for a windows login. I think this is because this postback is now coming
from the client PC, instead if from the asp.net app (i.e. on the server),
and so reporting services needs to anthenticate this new user.
> >
> > The only solution that I have found for this is developing a security
extension for reporting services...
> >
> >
http://msdn.microsoft.com/library/?url=/library/en-us/dnsql2k/html/ufairs.asp?frame=true#ufairs_topic3
> >
> > ... but this seems like overkill and a very complicated process, and
Microsoft says in the article that this is not fully tested and should not
be used in a production environment (but that where I need it for).
> >
> > Does anyone have a solution ?
> >
> > Craig HB|||Start here
http://msdn.microsoft.com/library/?url=/library/en-us/dnsql2k/html/ufairs.asp?frame=true#ufairs_topic3
--
Hope this helps.
----
Teo Lachev, MCSD, MCT
Author: "Microsoft Reporting Services in Action"
Publisher website: http://www.manning.com/lachev
Buy it from Amazon.com: http://shrinkster.com/eq
Home page and blog: http://www.prologika.com/
----
"jbmeeh" <jbmeeh@.discussions.microsoft.com> wrote in message
news:3A2F7D63-C267-4CED-A5CC-4B42186B98B6@.microsoft.com...
> Is there any sample code for writing a custom security extension? I have
> already validated the user and I want to provide url access to the report
> server.
> "Teo" wrote:
> > Craig,
> >
> > You are right. You get prompted because the drilldown and drillthough
> > interactive features require URL acccess and request goes out on the
client
> > side of the application.
> >
> > In a nutshell, if your reports have interactive features you need to go
for
> > URL access. For Internet-oriented apps this means writing a custom
security
> > extension. It is not that involved to write and I have deployed an
> > application that uses a custom security extension in a production
> > environment. There are some gotchas to avoid but in general my
experience
> > writing custom security extensions have been positive and you will learn
a
> > lot about how RS handles authentication and authorization.
> >
> > --
> > Hope this helps.
> >
> > ---
> > Teo Lachev, MCSD, MCT
> > Author: "Microsoft Reporting Services in Action"
> > http://www.prologika.com
> >
> >
> > "Gash" <Gash@.discussions.microsoft.com> wrote in message
> > news:FFF038F5-4A21-4DFA-846C-6A3A84683D2D@.microsoft.com...
> > > Just a thought: Have you tried to setup a individual Application pool
that
> > works with your RSUser Account?
> > >
> > > "Craig HB" wrote:
> > >
> > > > I am building an asp.net app that will use reporting services to
show
> > reports within the application. Users login to the application and when
they
> > need to see a report I use web services to render the report. The
asp.net
> > app and reporting services are on the same windows 2003 server (not
using
> > active directory).
> > > >
> > > > Because reporting services uses Windows authentication and does not
> > allow anonymous access, I have created a windows account (called
"RSUser")
> > that has access to my reports. When the user runs a report, I pass in
the
> > credentials for this windows account like this...
> > > >
> > > > rs.Credentials = New System.Net.NetworkCredential("RSUser",
"password",
> > "domain")
> > > >
> > > > This all works, and the report renders using the permissions from
> > RSUser. The problem is that all the reports use treeviews for drill-down
> > (and some use drill-through). When you expand a drill down you are
prompted
> > for a windows login. I think this is because this postback is now coming
> > from the client PC, instead if from the asp.net app (i.e. on the
server),
> > and so reporting services needs to anthenticate this new user.
> > > >
> > > > The only solution that I have found for this is developing a
security
> > extension for reporting services...
> > > >
> > > >
> >
http://msdn.microsoft.com/library/?url=/library/en-us/dnsql2k/html/ufairs.asp?frame=true#ufairs_topic3
> > > >
> > > > ... but this seems like overkill and a very complicated process, and
> > Microsoft says in the article that this is not fully tested and should
not
> > be used in a production environment (but that where I need it for).
> > > >
> > > > Does anyone have a solution ?
> > > >
> > > > Craig HB
> >
> >
> >|||I have seen this article and it is good if I wanted to build a standalone
application to allow access to the report server. However, i have an existing
application with forms authentication in which I want to embed url access to
the report server. I was hoping that there would be code samples or an
article for this particular issue. I don't need to present another form to
the user to capture credentials. Can i use my existing forms authentication
ticket or do I need to create a new one. Do I call the LogonUser webservice
to create a cookie for a user that has been created on the report manager. It
seems like there are a lot of people trying to solve the same problem, but
not too many examples.
"Teo Lachev" wrote:
> Start here
> http://msdn.microsoft.com/library/?url=/library/en-us/dnsql2k/html/ufairs.asp?frame=true#ufairs_topic3
> --
> Hope this helps.
> ----
> Teo Lachev, MCSD, MCT
> Author: "Microsoft Reporting Services in Action"
> Publisher website: http://www.manning.com/lachev
> Buy it from Amazon.com: http://shrinkster.com/eq
> Home page and blog: http://www.prologika.com/
> ----
> "jbmeeh" <jbmeeh@.discussions.microsoft.com> wrote in message
> news:3A2F7D63-C267-4CED-A5CC-4B42186B98B6@.microsoft.com...
> > Is there any sample code for writing a custom security extension? I have
> > already validated the user and I want to provide url access to the report
> > server.
> >
> > "Teo" wrote:
> >
> > > Craig,
> > >
> > > You are right. You get prompted because the drilldown and drillthough
> > > interactive features require URL acccess and request goes out on the
> client
> > > side of the application.
> > >
> > > In a nutshell, if your reports have interactive features you need to go
> for
> > > URL access. For Internet-oriented apps this means writing a custom
> security
> > > extension. It is not that involved to write and I have deployed an
> > > application that uses a custom security extension in a production
> > > environment. There are some gotchas to avoid but in general my
> experience
> > > writing custom security extensions have been positive and you will learn
> a
> > > lot about how RS handles authentication and authorization.
> > >
> > > --
> > > Hope this helps.
> > >
> > > ---
> > > Teo Lachev, MCSD, MCT
> > > Author: "Microsoft Reporting Services in Action"
> > > http://www.prologika.com
> > >
> > >
> > > "Gash" <Gash@.discussions.microsoft.com> wrote in message
> > > news:FFF038F5-4A21-4DFA-846C-6A3A84683D2D@.microsoft.com...
> > > > Just a thought: Have you tried to setup a individual Application pool
> that
> > > works with your RSUser Account?
> > > >
> > > > "Craig HB" wrote:
> > > >
> > > > > I am building an asp.net app that will use reporting services to
> show
> > > reports within the application. Users login to the application and when
> they
> > > need to see a report I use web services to render the report. The
> asp.net
> > > app and reporting services are on the same windows 2003 server (not
> using
> > > active directory).
> > > > >
> > > > > Because reporting services uses Windows authentication and does not
> > > allow anonymous access, I have created a windows account (called
> "RSUser")
> > > that has access to my reports. When the user runs a report, I pass in
> the
> > > credentials for this windows account like this...
> > > > >
> > > > > rs.Credentials = New System.Net.NetworkCredential("RSUser",
> "password",
> > > "domain")
> > > > >
> > > > > This all works, and the report renders using the permissions from
> > > RSUser. The problem is that all the reports use treeviews for drill-down
> > > (and some use drill-through). When you expand a drill down you are
> prompted
> > > for a windows login. I think this is because this postback is now coming
> > > from the client PC, instead if from the asp.net app (i.e. on the
> server),
> > > and so reporting services needs to anthenticate this new user.
> > > > >
> > > > > The only solution that I have found for this is developing a
> security
> > > extension for reporting services...
> > > > >
> > > > >
> > >
> http://msdn.microsoft.com/library/?url=/library/en-us/dnsql2k/html/ufairs.asp?frame=true#ufairs_topic3
> > > > >
> > > > > ... but this seems like overkill and a very complicated process, and
> > > Microsoft says in the article that this is not fully tested and should
> not
> > > be used in a production environment (but that where I need it for).
> > > > >
> > > > > Does anyone have a solution ?
> > > > >
> > > > > Craig HB
> > >
> > >
> > >
>
>|||> Can i use my existing forms authentication
> ticket or do I need to create a new one.
No, you cannot use your app Forms Authentication ticket and you don't have
to have another logon form. Instead, your application needs to call the RS
LogonUser SOAP API once it authenticates the user. You will end up with two
authentication tickets (cookies) but this shouldn't be too much of an issue.
The MS article should be good enough to address you scenario. You just need
to understand how RS Forms Authentication works by debugging the extension.
I have a two-part article in the works for a magazine about Forms
Authentication. Unfortunately, judging by the editors speed, it won't make
it before the end of the year. Meanwhile, you can check the other threads
on this topic. It's been discussed many times.
--
Hope this helps.
----
Teo Lachev, MCSD, MCT
Author: "Microsoft Reporting Services in Action"
Publisher website: http://www.manning.com/lachev
Buy it from Amazon.com: http://shrinkster.com/eq
Home page and blog: http://www.prologika.com/
----
"jbmeeh" <jbmeeh@.discussions.microsoft.com> wrote in message
news:3F687097-1790-4FF9-B8CB-0A163BF3074C@.microsoft.com...
> I have seen this article and it is good if I wanted to build a standalone
> application to allow access to the report server. However, i have an
existing
> application with forms authentication in which I want to embed url access
to
> the report server. I was hoping that there would be code samples or an
> article for this particular issue. I don't need to present another form to
> the user to capture credentials. Can i use my existing forms
authentication
> ticket or do I need to create a new one. Do I call the LogonUser
webservice
> to create a cookie for a user that has been created on the report manager.
It
> seems like there are a lot of people trying to solve the same problem, but
> not too many examples.
> "Teo Lachev" wrote:
> > Start here
> >
http://msdn.microsoft.com/library/?url=/library/en-us/dnsql2k/html/ufairs.asp?frame=true#ufairs_topic3
> >
> > --
> > Hope this helps.
> >
> > ----
> > Teo Lachev, MCSD, MCT
> > Author: "Microsoft Reporting Services in Action"
> > Publisher website: http://www.manning.com/lachev
> > Buy it from Amazon.com: http://shrinkster.com/eq
> > Home page and blog: http://www.prologika.com/
> > ----
> >
> > "jbmeeh" <jbmeeh@.discussions.microsoft.com> wrote in message
> > news:3A2F7D63-C267-4CED-A5CC-4B42186B98B6@.microsoft.com...
> > > Is there any sample code for writing a custom security extension? I
have
> > > already validated the user and I want to provide url access to the
report
> > > server.
> > >
> > > "Teo" wrote:
> > >
> > > > Craig,
> > > >
> > > > You are right. You get prompted because the drilldown and
drillthough
> > > > interactive features require URL acccess and request goes out on the
> > client
> > > > side of the application.
> > > >
> > > > In a nutshell, if your reports have interactive features you need to
go
> > for
> > > > URL access. For Internet-oriented apps this means writing a custom
> > security
> > > > extension. It is not that involved to write and I have deployed an
> > > > application that uses a custom security extension in a production
> > > > environment. There are some gotchas to avoid but in general my
> > experience
> > > > writing custom security extensions have been positive and you will
learn
> > a
> > > > lot about how RS handles authentication and authorization.
> > > >
> > > > --
> > > > Hope this helps.
> > > >
> > > > ---
> > > > Teo Lachev, MCSD, MCT
> > > > Author: "Microsoft Reporting Services in Action"
> > > > http://www.prologika.com
> > > >
> > > >
> > > > "Gash" <Gash@.discussions.microsoft.com> wrote in message
> > > > news:FFF038F5-4A21-4DFA-846C-6A3A84683D2D@.microsoft.com...
> > > > > Just a thought: Have you tried to setup a individual Application
pool
> > that
> > > > works with your RSUser Account?
> > > > >
> > > > > "Craig HB" wrote:
> > > > >
> > > > > > I am building an asp.net app that will use reporting services to
> > show
> > > > reports within the application. Users login to the application and
when
> > they
> > > > need to see a report I use web services to render the report. The
> > asp.net
> > > > app and reporting services are on the same windows 2003 server (not
> > using
> > > > active directory).
> > > > > >
> > > > > > Because reporting services uses Windows authentication and does
not
> > > > allow anonymous access, I have created a windows account (called
> > "RSUser")
> > > > that has access to my reports. When the user runs a report, I pass
in
> > the
> > > > credentials for this windows account like this...
> > > > > >
> > > > > > rs.Credentials = New System.Net.NetworkCredential("RSUser",
> > "password",
> > > > "domain")
> > > > > >
> > > > > > This all works, and the report renders using the permissions
from
> > > > RSUser. The problem is that all the reports use treeviews for
drill-down
> > > > (and some use drill-through). When you expand a drill down you are
> > prompted
> > > > for a windows login. I think this is because this postback is now
coming
> > > > from the client PC, instead if from the asp.net app (i.e. on the
> > server),
> > > > and so reporting services needs to anthenticate this new user.
> > > > > >
> > > > > > The only solution that I have found for this is developing a
> > security
> > > > extension for reporting services...
> > > > > >
> > > > > >
> > > >
> >
http://msdn.microsoft.com/library/?url=/library/en-us/dnsql2k/html/ufairs.asp?frame=true#ufairs_topic3
> > > > > >
> > > > > > ... but this seems like overkill and a very complicated process,
and
> > > > Microsoft says in the article that this is not fully tested and
should
> > not
> > > > be used in a production environment (but that where I need it for).
> > > > > >
> > > > > > Does anyone have a solution ?
> > > > > >
> > > > > > Craig HB
> > > >
> > > >
> > > >
> >
> >
> >|||Is there any sample code for writing a custom security extension? I have
already validated the user and I want to provide url access to the report
server.
"Teo" wrote:
> Craig,
> You are right. You get prompted because the drilldown and drillthough
> interactive features require URL acccess and request goes out on the client
> side of the application.
> In a nutshell, if your reports have interactive features you need to go for
> URL access. For Internet-oriented apps this means writing a custom security
> extension. It is not that involved to write and I have deployed an
> application that uses a custom security extension in a production
> environment. There are some gotchas to avoid but in general my experience
> writing custom security extensions have been positive and you will learn a
> lot about how RS handles authentication and authorization.
> --
> Hope this helps.
> ---
> Teo Lachev, MCSD, MCT
> Author: "Microsoft Reporting Services in Action"
> http://www.prologika.com
>
> "Gash" <Gash@.discussions.microsoft.com> wrote in message
> news:FFF038F5-4A21-4DFA-846C-6A3A84683D2D@.microsoft.com...
> > Just a thought: Have you tried to setup a individual Application pool that
> works with your RSUser Account?
> >
> > "Craig HB" wrote:
> >
> > > I am building an asp.net app that will use reporting services to show
> reports within the application. Users login to the application and when they
> need to see a report I use web services to render the report. The asp.net
> app and reporting services are on the same windows 2003 server (not using
> active directory).
> > >
> > > Because reporting services uses Windows authentication and does not
> allow anonymous access, I have created a windows account (called "RSUser")
> that has access to my reports. When the user runs a report, I pass in the
> credentials for this windows account like this...
> > >
> > > rs.Credentials = New System.Net.NetworkCredential("RSUser", "password",
> "domain")
> > >
> > > This all works, and the report renders using the permissions from
> RSUser. The problem is that all the reports use treeviews for drill-down
> (and some use drill-through). When you expand a drill down you are prompted
> for a windows login. I think this is because this postback is now coming
> from the client PC, instead if from the asp.net app (i.e. on the server),
> and so reporting services needs to anthenticate this new user.
> > >
> > > The only solution that I have found for this is developing a security
> extension for reporting services...
> > >
> > >
> http://msdn.microsoft.com/library/?url=/library/en-us/dnsql2k/html/ufairs.asp?frame=true#ufairs_topic3
> > >
> > > ... but this seems like overkill and a very complicated process, and
> Microsoft says in the article that this is not fully tested and should not
> be used in a production environment (but that where I need it for).
> > >
> > > Does anyone have a solution ?
> > >
> > > Craig HB
>
>|||Teo. Is it possible to use web forms authentication with the standard
edition of RS?
If not, I'm guessing there is no other way to use the viewer over the
Internet..
Thanks, AHH
BTW: I bought your book - best one out there..|||Thanks. No, extending RS requires Enterprise Edition. Sorry.
How about generating reports on the server side of the app and sacrificing
the interactive features and the toolbar?
--
Hope this helps.
----
Teo Lachev, MCSD, MCT
Author: "Microsoft Reporting Services in Action"
Publisher website: http://www.manning.com/lachev
Buy it from Amazon.com: http://shrinkster.com/eq
Home page and blog: http://www.prologika.com/
----
"AHH" <AHH@.discussions.microsoft.com> wrote in message
news:13CACEA1-BD84-4D6A-BB25-63D43E0F56A8@.microsoft.com...
> Teo. Is it possible to use web forms authentication with the standard
> edition of RS?
> If not, I'm guessing there is no other way to use the viewer over the
> Internet..
> Thanks, AHH
> BTW: I bought your book - best one out there..
Because reporting services uses Windows authentication and does not allow anonymous access, I have created a windows account (called "RSUser") that has access to my reports. When the user runs a report, I pass in the credentials for this windows account like this...
rs.Credentials = New System.Net.NetworkCredential("RSUser", "password", "domain")
This all works, and the report renders using the permissions from RSUser. The problem is that all the reports use treeviews for drill-down (and some use drill-through). When you expand a drill down you are prompted for a windows login. I think this is because this postback is now coming from the client PC, instead if from the asp.net app (i.e. on the server), and so reporting services needs to anthenticate this new user.
The only solution that I have found for this is developing a security extension for reporting services...
http://msdn.microsoft.com/library/?url=/library/en-us/dnsql2k/html/ufairs.asp?frame=true#ufairs_topic3
... but this seems like overkill and a very complicated process, and Microsoft says in the article that this is not fully tested and should not be used in a production environment (but that where I need it for).
Does anyone have a solution ?
Craig HBJust a thought: Have you tried to setup a individual Application pool that works with your RSUser Account?
"Craig HB" wrote:
> I am building an asp.net app that will use reporting services to show reports within the application. Users login to the application and when they need to see a report I use web services to render the report. The asp.net app and reporting services are on the same windows 2003 server (not using active directory).
> Because reporting services uses Windows authentication and does not allow anonymous access, I have created a windows account (called "RSUser") that has access to my reports. When the user runs a report, I pass in the credentials for this windows account like this...
> rs.Credentials = New System.Net.NetworkCredential("RSUser", "password", "domain")
> This all works, and the report renders using the permissions from RSUser. The problem is that all the reports use treeviews for drill-down (and some use drill-through). When you expand a drill down you are prompted for a windows login. I think this is because this postback is now coming from the client PC, instead if from the asp.net app (i.e. on the server), and so reporting services needs to anthenticate this new user.
> The only solution that I have found for this is developing a security extension for reporting services...
> http://msdn.microsoft.com/library/?url=/library/en-us/dnsql2k/html/ufairs.asp?frame=true#ufairs_topic3
> ... but this seems like overkill and a very complicated process, and Microsoft says in the article that this is not fully tested and should not be used in a production environment (but that where I need it for).
> Does anyone have a solution ?
> Craig HB|||Craig,
You are right. You get prompted because the drilldown and drillthough
interactive features require URL acccess and request goes out on the client
side of the application.
In a nutshell, if your reports have interactive features you need to go for
URL access. For Internet-oriented apps this means writing a custom security
extension. It is not that involved to write and I have deployed an
application that uses a custom security extension in a production
environment. There are some gotchas to avoid but in general my experience
writing custom security extensions have been positive and you will learn a
lot about how RS handles authentication and authorization.
--
Hope this helps.
---
Teo Lachev, MCSD, MCT
Author: "Microsoft Reporting Services in Action"
http://www.prologika.com
"Gash" <Gash@.discussions.microsoft.com> wrote in message
news:FFF038F5-4A21-4DFA-846C-6A3A84683D2D@.microsoft.com...
> Just a thought: Have you tried to setup a individual Application pool that
works with your RSUser Account?
> "Craig HB" wrote:
> > I am building an asp.net app that will use reporting services to show
reports within the application. Users login to the application and when they
need to see a report I use web services to render the report. The asp.net
app and reporting services are on the same windows 2003 server (not using
active directory).
> >
> > Because reporting services uses Windows authentication and does not
allow anonymous access, I have created a windows account (called "RSUser")
that has access to my reports. When the user runs a report, I pass in the
credentials for this windows account like this...
> >
> > rs.Credentials = New System.Net.NetworkCredential("RSUser", "password",
"domain")
> >
> > This all works, and the report renders using the permissions from
RSUser. The problem is that all the reports use treeviews for drill-down
(and some use drill-through). When you expand a drill down you are prompted
for a windows login. I think this is because this postback is now coming
from the client PC, instead if from the asp.net app (i.e. on the server),
and so reporting services needs to anthenticate this new user.
> >
> > The only solution that I have found for this is developing a security
extension for reporting services...
> >
> >
http://msdn.microsoft.com/library/?url=/library/en-us/dnsql2k/html/ufairs.asp?frame=true#ufairs_topic3
> >
> > ... but this seems like overkill and a very complicated process, and
Microsoft says in the article that this is not fully tested and should not
be used in a production environment (but that where I need it for).
> >
> > Does anyone have a solution ?
> >
> > Craig HB|||Start here
http://msdn.microsoft.com/library/?url=/library/en-us/dnsql2k/html/ufairs.asp?frame=true#ufairs_topic3
--
Hope this helps.
----
Teo Lachev, MCSD, MCT
Author: "Microsoft Reporting Services in Action"
Publisher website: http://www.manning.com/lachev
Buy it from Amazon.com: http://shrinkster.com/eq
Home page and blog: http://www.prologika.com/
----
"jbmeeh" <jbmeeh@.discussions.microsoft.com> wrote in message
news:3A2F7D63-C267-4CED-A5CC-4B42186B98B6@.microsoft.com...
> Is there any sample code for writing a custom security extension? I have
> already validated the user and I want to provide url access to the report
> server.
> "Teo" wrote:
> > Craig,
> >
> > You are right. You get prompted because the drilldown and drillthough
> > interactive features require URL acccess and request goes out on the
client
> > side of the application.
> >
> > In a nutshell, if your reports have interactive features you need to go
for
> > URL access. For Internet-oriented apps this means writing a custom
security
> > extension. It is not that involved to write and I have deployed an
> > application that uses a custom security extension in a production
> > environment. There are some gotchas to avoid but in general my
experience
> > writing custom security extensions have been positive and you will learn
a
> > lot about how RS handles authentication and authorization.
> >
> > --
> > Hope this helps.
> >
> > ---
> > Teo Lachev, MCSD, MCT
> > Author: "Microsoft Reporting Services in Action"
> > http://www.prologika.com
> >
> >
> > "Gash" <Gash@.discussions.microsoft.com> wrote in message
> > news:FFF038F5-4A21-4DFA-846C-6A3A84683D2D@.microsoft.com...
> > > Just a thought: Have you tried to setup a individual Application pool
that
> > works with your RSUser Account?
> > >
> > > "Craig HB" wrote:
> > >
> > > > I am building an asp.net app that will use reporting services to
show
> > reports within the application. Users login to the application and when
they
> > need to see a report I use web services to render the report. The
asp.net
> > app and reporting services are on the same windows 2003 server (not
using
> > active directory).
> > > >
> > > > Because reporting services uses Windows authentication and does not
> > allow anonymous access, I have created a windows account (called
"RSUser")
> > that has access to my reports. When the user runs a report, I pass in
the
> > credentials for this windows account like this...
> > > >
> > > > rs.Credentials = New System.Net.NetworkCredential("RSUser",
"password",
> > "domain")
> > > >
> > > > This all works, and the report renders using the permissions from
> > RSUser. The problem is that all the reports use treeviews for drill-down
> > (and some use drill-through). When you expand a drill down you are
prompted
> > for a windows login. I think this is because this postback is now coming
> > from the client PC, instead if from the asp.net app (i.e. on the
server),
> > and so reporting services needs to anthenticate this new user.
> > > >
> > > > The only solution that I have found for this is developing a
security
> > extension for reporting services...
> > > >
> > > >
> >
http://msdn.microsoft.com/library/?url=/library/en-us/dnsql2k/html/ufairs.asp?frame=true#ufairs_topic3
> > > >
> > > > ... but this seems like overkill and a very complicated process, and
> > Microsoft says in the article that this is not fully tested and should
not
> > be used in a production environment (but that where I need it for).
> > > >
> > > > Does anyone have a solution ?
> > > >
> > > > Craig HB
> >
> >
> >|||I have seen this article and it is good if I wanted to build a standalone
application to allow access to the report server. However, i have an existing
application with forms authentication in which I want to embed url access to
the report server. I was hoping that there would be code samples or an
article for this particular issue. I don't need to present another form to
the user to capture credentials. Can i use my existing forms authentication
ticket or do I need to create a new one. Do I call the LogonUser webservice
to create a cookie for a user that has been created on the report manager. It
seems like there are a lot of people trying to solve the same problem, but
not too many examples.
"Teo Lachev" wrote:
> Start here
> http://msdn.microsoft.com/library/?url=/library/en-us/dnsql2k/html/ufairs.asp?frame=true#ufairs_topic3
> --
> Hope this helps.
> ----
> Teo Lachev, MCSD, MCT
> Author: "Microsoft Reporting Services in Action"
> Publisher website: http://www.manning.com/lachev
> Buy it from Amazon.com: http://shrinkster.com/eq
> Home page and blog: http://www.prologika.com/
> ----
> "jbmeeh" <jbmeeh@.discussions.microsoft.com> wrote in message
> news:3A2F7D63-C267-4CED-A5CC-4B42186B98B6@.microsoft.com...
> > Is there any sample code for writing a custom security extension? I have
> > already validated the user and I want to provide url access to the report
> > server.
> >
> > "Teo" wrote:
> >
> > > Craig,
> > >
> > > You are right. You get prompted because the drilldown and drillthough
> > > interactive features require URL acccess and request goes out on the
> client
> > > side of the application.
> > >
> > > In a nutshell, if your reports have interactive features you need to go
> for
> > > URL access. For Internet-oriented apps this means writing a custom
> security
> > > extension. It is not that involved to write and I have deployed an
> > > application that uses a custom security extension in a production
> > > environment. There are some gotchas to avoid but in general my
> experience
> > > writing custom security extensions have been positive and you will learn
> a
> > > lot about how RS handles authentication and authorization.
> > >
> > > --
> > > Hope this helps.
> > >
> > > ---
> > > Teo Lachev, MCSD, MCT
> > > Author: "Microsoft Reporting Services in Action"
> > > http://www.prologika.com
> > >
> > >
> > > "Gash" <Gash@.discussions.microsoft.com> wrote in message
> > > news:FFF038F5-4A21-4DFA-846C-6A3A84683D2D@.microsoft.com...
> > > > Just a thought: Have you tried to setup a individual Application pool
> that
> > > works with your RSUser Account?
> > > >
> > > > "Craig HB" wrote:
> > > >
> > > > > I am building an asp.net app that will use reporting services to
> show
> > > reports within the application. Users login to the application and when
> they
> > > need to see a report I use web services to render the report. The
> asp.net
> > > app and reporting services are on the same windows 2003 server (not
> using
> > > active directory).
> > > > >
> > > > > Because reporting services uses Windows authentication and does not
> > > allow anonymous access, I have created a windows account (called
> "RSUser")
> > > that has access to my reports. When the user runs a report, I pass in
> the
> > > credentials for this windows account like this...
> > > > >
> > > > > rs.Credentials = New System.Net.NetworkCredential("RSUser",
> "password",
> > > "domain")
> > > > >
> > > > > This all works, and the report renders using the permissions from
> > > RSUser. The problem is that all the reports use treeviews for drill-down
> > > (and some use drill-through). When you expand a drill down you are
> prompted
> > > for a windows login. I think this is because this postback is now coming
> > > from the client PC, instead if from the asp.net app (i.e. on the
> server),
> > > and so reporting services needs to anthenticate this new user.
> > > > >
> > > > > The only solution that I have found for this is developing a
> security
> > > extension for reporting services...
> > > > >
> > > > >
> > >
> http://msdn.microsoft.com/library/?url=/library/en-us/dnsql2k/html/ufairs.asp?frame=true#ufairs_topic3
> > > > >
> > > > > ... but this seems like overkill and a very complicated process, and
> > > Microsoft says in the article that this is not fully tested and should
> not
> > > be used in a production environment (but that where I need it for).
> > > > >
> > > > > Does anyone have a solution ?
> > > > >
> > > > > Craig HB
> > >
> > >
> > >
>
>|||> Can i use my existing forms authentication
> ticket or do I need to create a new one.
No, you cannot use your app Forms Authentication ticket and you don't have
to have another logon form. Instead, your application needs to call the RS
LogonUser SOAP API once it authenticates the user. You will end up with two
authentication tickets (cookies) but this shouldn't be too much of an issue.
The MS article should be good enough to address you scenario. You just need
to understand how RS Forms Authentication works by debugging the extension.
I have a two-part article in the works for a magazine about Forms
Authentication. Unfortunately, judging by the editors speed, it won't make
it before the end of the year. Meanwhile, you can check the other threads
on this topic. It's been discussed many times.
--
Hope this helps.
----
Teo Lachev, MCSD, MCT
Author: "Microsoft Reporting Services in Action"
Publisher website: http://www.manning.com/lachev
Buy it from Amazon.com: http://shrinkster.com/eq
Home page and blog: http://www.prologika.com/
----
"jbmeeh" <jbmeeh@.discussions.microsoft.com> wrote in message
news:3F687097-1790-4FF9-B8CB-0A163BF3074C@.microsoft.com...
> I have seen this article and it is good if I wanted to build a standalone
> application to allow access to the report server. However, i have an
existing
> application with forms authentication in which I want to embed url access
to
> the report server. I was hoping that there would be code samples or an
> article for this particular issue. I don't need to present another form to
> the user to capture credentials. Can i use my existing forms
authentication
> ticket or do I need to create a new one. Do I call the LogonUser
webservice
> to create a cookie for a user that has been created on the report manager.
It
> seems like there are a lot of people trying to solve the same problem, but
> not too many examples.
> "Teo Lachev" wrote:
> > Start here
> >
http://msdn.microsoft.com/library/?url=/library/en-us/dnsql2k/html/ufairs.asp?frame=true#ufairs_topic3
> >
> > --
> > Hope this helps.
> >
> > ----
> > Teo Lachev, MCSD, MCT
> > Author: "Microsoft Reporting Services in Action"
> > Publisher website: http://www.manning.com/lachev
> > Buy it from Amazon.com: http://shrinkster.com/eq
> > Home page and blog: http://www.prologika.com/
> > ----
> >
> > "jbmeeh" <jbmeeh@.discussions.microsoft.com> wrote in message
> > news:3A2F7D63-C267-4CED-A5CC-4B42186B98B6@.microsoft.com...
> > > Is there any sample code for writing a custom security extension? I
have
> > > already validated the user and I want to provide url access to the
report
> > > server.
> > >
> > > "Teo" wrote:
> > >
> > > > Craig,
> > > >
> > > > You are right. You get prompted because the drilldown and
drillthough
> > > > interactive features require URL acccess and request goes out on the
> > client
> > > > side of the application.
> > > >
> > > > In a nutshell, if your reports have interactive features you need to
go
> > for
> > > > URL access. For Internet-oriented apps this means writing a custom
> > security
> > > > extension. It is not that involved to write and I have deployed an
> > > > application that uses a custom security extension in a production
> > > > environment. There are some gotchas to avoid but in general my
> > experience
> > > > writing custom security extensions have been positive and you will
learn
> > a
> > > > lot about how RS handles authentication and authorization.
> > > >
> > > > --
> > > > Hope this helps.
> > > >
> > > > ---
> > > > Teo Lachev, MCSD, MCT
> > > > Author: "Microsoft Reporting Services in Action"
> > > > http://www.prologika.com
> > > >
> > > >
> > > > "Gash" <Gash@.discussions.microsoft.com> wrote in message
> > > > news:FFF038F5-4A21-4DFA-846C-6A3A84683D2D@.microsoft.com...
> > > > > Just a thought: Have you tried to setup a individual Application
pool
> > that
> > > > works with your RSUser Account?
> > > > >
> > > > > "Craig HB" wrote:
> > > > >
> > > > > > I am building an asp.net app that will use reporting services to
> > show
> > > > reports within the application. Users login to the application and
when
> > they
> > > > need to see a report I use web services to render the report. The
> > asp.net
> > > > app and reporting services are on the same windows 2003 server (not
> > using
> > > > active directory).
> > > > > >
> > > > > > Because reporting services uses Windows authentication and does
not
> > > > allow anonymous access, I have created a windows account (called
> > "RSUser")
> > > > that has access to my reports. When the user runs a report, I pass
in
> > the
> > > > credentials for this windows account like this...
> > > > > >
> > > > > > rs.Credentials = New System.Net.NetworkCredential("RSUser",
> > "password",
> > > > "domain")
> > > > > >
> > > > > > This all works, and the report renders using the permissions
from
> > > > RSUser. The problem is that all the reports use treeviews for
drill-down
> > > > (and some use drill-through). When you expand a drill down you are
> > prompted
> > > > for a windows login. I think this is because this postback is now
coming
> > > > from the client PC, instead if from the asp.net app (i.e. on the
> > server),
> > > > and so reporting services needs to anthenticate this new user.
> > > > > >
> > > > > > The only solution that I have found for this is developing a
> > security
> > > > extension for reporting services...
> > > > > >
> > > > > >
> > > >
> >
http://msdn.microsoft.com/library/?url=/library/en-us/dnsql2k/html/ufairs.asp?frame=true#ufairs_topic3
> > > > > >
> > > > > > ... but this seems like overkill and a very complicated process,
and
> > > > Microsoft says in the article that this is not fully tested and
should
> > not
> > > > be used in a production environment (but that where I need it for).
> > > > > >
> > > > > > Does anyone have a solution ?
> > > > > >
> > > > > > Craig HB
> > > >
> > > >
> > > >
> >
> >
> >|||Is there any sample code for writing a custom security extension? I have
already validated the user and I want to provide url access to the report
server.
"Teo" wrote:
> Craig,
> You are right. You get prompted because the drilldown and drillthough
> interactive features require URL acccess and request goes out on the client
> side of the application.
> In a nutshell, if your reports have interactive features you need to go for
> URL access. For Internet-oriented apps this means writing a custom security
> extension. It is not that involved to write and I have deployed an
> application that uses a custom security extension in a production
> environment. There are some gotchas to avoid but in general my experience
> writing custom security extensions have been positive and you will learn a
> lot about how RS handles authentication and authorization.
> --
> Hope this helps.
> ---
> Teo Lachev, MCSD, MCT
> Author: "Microsoft Reporting Services in Action"
> http://www.prologika.com
>
> "Gash" <Gash@.discussions.microsoft.com> wrote in message
> news:FFF038F5-4A21-4DFA-846C-6A3A84683D2D@.microsoft.com...
> > Just a thought: Have you tried to setup a individual Application pool that
> works with your RSUser Account?
> >
> > "Craig HB" wrote:
> >
> > > I am building an asp.net app that will use reporting services to show
> reports within the application. Users login to the application and when they
> need to see a report I use web services to render the report. The asp.net
> app and reporting services are on the same windows 2003 server (not using
> active directory).
> > >
> > > Because reporting services uses Windows authentication and does not
> allow anonymous access, I have created a windows account (called "RSUser")
> that has access to my reports. When the user runs a report, I pass in the
> credentials for this windows account like this...
> > >
> > > rs.Credentials = New System.Net.NetworkCredential("RSUser", "password",
> "domain")
> > >
> > > This all works, and the report renders using the permissions from
> RSUser. The problem is that all the reports use treeviews for drill-down
> (and some use drill-through). When you expand a drill down you are prompted
> for a windows login. I think this is because this postback is now coming
> from the client PC, instead if from the asp.net app (i.e. on the server),
> and so reporting services needs to anthenticate this new user.
> > >
> > > The only solution that I have found for this is developing a security
> extension for reporting services...
> > >
> > >
> http://msdn.microsoft.com/library/?url=/library/en-us/dnsql2k/html/ufairs.asp?frame=true#ufairs_topic3
> > >
> > > ... but this seems like overkill and a very complicated process, and
> Microsoft says in the article that this is not fully tested and should not
> be used in a production environment (but that where I need it for).
> > >
> > > Does anyone have a solution ?
> > >
> > > Craig HB
>
>|||Teo. Is it possible to use web forms authentication with the standard
edition of RS?
If not, I'm guessing there is no other way to use the viewer over the
Internet..
Thanks, AHH
BTW: I bought your book - best one out there..|||Thanks. No, extending RS requires Enterprise Edition. Sorry.
How about generating reports on the server side of the app and sacrificing
the interactive features and the toolbar?
--
Hope this helps.
----
Teo Lachev, MCSD, MCT
Author: "Microsoft Reporting Services in Action"
Publisher website: http://www.manning.com/lachev
Buy it from Amazon.com: http://shrinkster.com/eq
Home page and blog: http://www.prologika.com/
----
"AHH" <AHH@.discussions.microsoft.com> wrote in message
news:13CACEA1-BD84-4D6A-BB25-63D43E0F56A8@.microsoft.com...
> Teo. Is it possible to use web forms authentication with the standard
> edition of RS?
> If not, I'm guessing there is no other way to use the viewer over the
> Internet..
> Thanks, AHH
> BTW: I bought your book - best one out there..
Authentication mode selection
There are two different tasks I would like to serve with SSEE, both case the users are changing seats. I think SQL Server Authentication would be better for lightweight user change but I have read everywhere that Windows Authentication Mode is the preferred way to go.
Is there any significant weakness in SQL Server authentication mode - security, work with stored procedures (CLR) or anything?
With SQL Server 2005, there has been a significant increase in the robustness of SQL Security. Especially if you 'enforce password policy' -including enforcing expiration policies on the SQL Accounts. (And your domain/AD has password policies defined and enforced.)
However, it the situation of users 'changing seats', Windows authentication 'should' still work fine.
|||Before choosing Authentication mode there are few things to be considered. From the security point of view , Windows authentication is better. You can have all the security policy as in the OS level and user no need to remember multiple user name and password. In this case the main disadvantage is that it can not support multi OS platform. ie from UNIX machine you can not access this database. and many legacy software runs from multiplatform. This is the main reason we go for Mixed mode.
Madhu
|||
Hello.....
Best practice is to choose windows Authentication for SQL Server 2005 domain environment. If your user are using legacy application then better to go for Mixed Authentication.
No, there is nothing weak to choose mixed mode authentication. This type of authentication is needed for legacy applications. Application which are running on other platform(except Windows platform) and needs to connect to SQL Server.
Authentication methode
Is it possble to change the way users are authenticated within a SQL Server
2005 installation? And if so ho can it be done? I want to go from a Windows
Authentication to Windows Authentication/SQL Server Athentication..
TIA,
Arjan.Hi ,
i think you want to change the suthentication of server from windows to
windows and SQL
you can change by accessing server property from SQL Server management studio
change the security mode as per required.
Amol Lembhe
"Arjan" wrote:
> Is it possble to change the way users are authenticated within a SQL Server
> 2005 installation? And if so ho can it be done? I want to go from a Windows
> Authentication to Windows Authentication/SQL Server Athentication..
> TIA,
> Arjan.
>
>sql
2005 installation? And if so ho can it be done? I want to go from a Windows
Authentication to Windows Authentication/SQL Server Athentication..
TIA,
Arjan.Hi ,
i think you want to change the suthentication of server from windows to
windows and SQL
you can change by accessing server property from SQL Server management studio
change the security mode as per required.
Amol Lembhe
"Arjan" wrote:
> Is it possble to change the way users are authenticated within a SQL Server
> 2005 installation? And if so ho can it be done? I want to go from a Windows
> Authentication to Windows Authentication/SQL Server Athentication..
> TIA,
> Arjan.
>
>sql
Authentication methode
Is it possble to change the way users are authenticated within a SQL Server
2005 installation? And if so ho can it be done? I want to go from a Windows
Authentication to Windows Authentication/SQL Server Athentication..
TIA,
Arjan.Hi ,
i think you want to change the suthentication of server from windows to
windows and SQL
you can change by accessing server property from SQL Server management studi
o
change the security mode as per required.
Amol Lembhe
"Arjan" wrote:
> Is it possble to change the way users are authenticated within a SQL Serve
r
> 2005 installation? And if so ho can it be done? I want to go from a Window
s
> Authentication to Windows Authentication/SQL Server Athentication..
> TIA,
> Arjan.
>
>
2005 installation? And if so ho can it be done? I want to go from a Windows
Authentication to Windows Authentication/SQL Server Athentication..
TIA,
Arjan.Hi ,
i think you want to change the suthentication of server from windows to
windows and SQL
you can change by accessing server property from SQL Server management studi
o
change the security mode as per required.
Amol Lembhe
"Arjan" wrote:
> Is it possble to change the way users are authenticated within a SQL Serve
r
> 2005 installation? And if so ho can it be done? I want to go from a Window
s
> Authentication to Windows Authentication/SQL Server Athentication..
> TIA,
> Arjan.
>
>
Monday, March 19, 2012
Authenticating users with Active Directory and SQL Server 2000
I've set up a web page on our network that links to an SQL Server database c
ontaining records of staff members. At the moment the web page extracts all
the rows from the table and shows all the staff records.
I want to be able to authenticate staff members using Active Directory, so w
hen they log onto their PC and access the webpage on our intranet they can O
NLY view their record from the database.
I'm just starting out with SQL Server and Active Directory, so any help woul
d be appreciated. From what I have read I think that I may need to use LDAP
to retrieve the Active Directory information.
Thanks in advance for your help.Use Windows Authentication for your web site, which will authorize the user
through AD. Then use integrated security/impersonation to pass the user
credentials to SQL for authorization and connection. Then, you can use the
USER_NAME (or similar technique) to filter the rows returned by any SQL
statement.
Hope this helps you get started...
"Enterprise Andy" <EnterpriseAndy@.discussions.microsoft.com> wrote in
message news:CBD3FEF9-ACF1-4979-9A90-4B4AF44B23C9@.microsoft.com...
> I've set up a web page on our network that links to an SQL Server database
containing records of staff members. At the moment the web page extracts all
the rows from the table and shows all the staff records.
> I want to be able to authenticate staff members using Active Directory, so
when they log onto their PC and access the webpage on our intranet they can
ONLY view their record from the database.
> I'm just starting out with SQL Server and Active Directory, so any help
would be appreciated. From what I have read I think that I may need to use
LDAP to retrieve the Active Directory information.
> Thanks in advance for your help.
ontaining records of staff members. At the moment the web page extracts all
the rows from the table and shows all the staff records.
I want to be able to authenticate staff members using Active Directory, so w
hen they log onto their PC and access the webpage on our intranet they can O
NLY view their record from the database.
I'm just starting out with SQL Server and Active Directory, so any help woul
d be appreciated. From what I have read I think that I may need to use LDAP
to retrieve the Active Directory information.
Thanks in advance for your help.Use Windows Authentication for your web site, which will authorize the user
through AD. Then use integrated security/impersonation to pass the user
credentials to SQL for authorization and connection. Then, you can use the
USER_NAME (or similar technique) to filter the rows returned by any SQL
statement.
Hope this helps you get started...
"Enterprise Andy" <EnterpriseAndy@.discussions.microsoft.com> wrote in
message news:CBD3FEF9-ACF1-4979-9A90-4B4AF44B23C9@.microsoft.com...
> I've set up a web page on our network that links to an SQL Server database
containing records of staff members. At the moment the web page extracts all
the rows from the table and shows all the staff records.
> I want to be able to authenticate staff members using Active Directory, so
when they log onto their PC and access the webpage on our intranet they can
ONLY view their record from the database.
> I'm just starting out with SQL Server and Active Directory, so any help
would be appreciated. From what I have read I think that I may need to use
LDAP to retrieve the Active Directory information.
> Thanks in advance for your help.
Authenticating a report render from a browser
I am copying the question from another member as it is exactly my problem:
We have an extranet application (internet users) written in ASP using
VB COM. All the security of what reports users can see is handled
through this application. Is there anyway we can link RS reports using
a URL? In otherwords, users will login like they currently do now and
our application will provide a report list for them. When they run a
report, they will basically click on a link that points to the RS
report. Ideally, when the user logs in initially, they will be
validated by the current application and then be validated against RS
(background). We need this to be as transparent as possible.
I have seen this posted in several different ways, but without any
resolution. Is there no way to accomplish this?
Thanks.we have the same situation. One way to do it is to create a custom
security extension for RS and call it through web services SOAP. You
can either redirect to an aspx page that calls it or maybe call the
webservice in your asp page directly. You should read this article as
it explains it all http://www.devx.com/dotnet/Article/26759|||Marv,
I appreciate the reply and have checked out the web site you referenced. I
hate to be a wimp, but I'm kind of a one-man band and don't have a lot of
time (or a lot of the requisite experience) to undertake a project for what I
was hoping to be a simple solution.
I take it there is just no simple way to tell the Report Server to run the
report on request without additional authentication. It seems like there
should be some setting either in the manager or on the command line that
could accomplish this. I have tried various role assignments, but they seem
to be limited to the server on which the RS resides and all our user
authenication comes from a different domain (and we don't use active
directory).
Anyway, thanks for the response.
Dave
"Marv" wrote:
> we have the same situation. One way to do it is to create a custom
> security extension for RS and call it through web services SOAP. You
> can either redirect to an aspx page that calls it or maybe call the
> webservice in your asp page directly. You should read this article as
> it explains it all http://www.devx.com/dotnet/Article/26759
>|||"Dave" wrote:
> I take it there is just no simple way to tell the Report Server to run the
> report on request without additional authentication.
Without getting into the benfits of ADS, the security model and the
vulnerabilities, etc., if you supply (or remove) the necessary credentials to
the data source and can render the report; you could display the report in an
iframe. It would appear as though it was part of your existing application.
src=http://someserver/reportserver?/FolderName/Report&rs:Command=Render&rc:toolbar=false
Caveat emptor. Someone will find the links.
Just a thought.
We have an extranet application (internet users) written in ASP using
VB COM. All the security of what reports users can see is handled
through this application. Is there anyway we can link RS reports using
a URL? In otherwords, users will login like they currently do now and
our application will provide a report list for them. When they run a
report, they will basically click on a link that points to the RS
report. Ideally, when the user logs in initially, they will be
validated by the current application and then be validated against RS
(background). We need this to be as transparent as possible.
I have seen this posted in several different ways, but without any
resolution. Is there no way to accomplish this?
Thanks.we have the same situation. One way to do it is to create a custom
security extension for RS and call it through web services SOAP. You
can either redirect to an aspx page that calls it or maybe call the
webservice in your asp page directly. You should read this article as
it explains it all http://www.devx.com/dotnet/Article/26759|||Marv,
I appreciate the reply and have checked out the web site you referenced. I
hate to be a wimp, but I'm kind of a one-man band and don't have a lot of
time (or a lot of the requisite experience) to undertake a project for what I
was hoping to be a simple solution.
I take it there is just no simple way to tell the Report Server to run the
report on request without additional authentication. It seems like there
should be some setting either in the manager or on the command line that
could accomplish this. I have tried various role assignments, but they seem
to be limited to the server on which the RS resides and all our user
authenication comes from a different domain (and we don't use active
directory).
Anyway, thanks for the response.
Dave
"Marv" wrote:
> we have the same situation. One way to do it is to create a custom
> security extension for RS and call it through web services SOAP. You
> can either redirect to an aspx page that calls it or maybe call the
> webservice in your asp page directly. You should read this article as
> it explains it all http://www.devx.com/dotnet/Article/26759
>|||"Dave" wrote:
> I take it there is just no simple way to tell the Report Server to run the
> report on request without additional authentication.
Without getting into the benfits of ADS, the security model and the
vulnerabilities, etc., if you supply (or remove) the necessary credentials to
the data source and can render the report; you could display the report in an
iframe. It would appear as though it was part of your existing application.
src=http://someserver/reportserver?/FolderName/Report&rs:Command=Render&rc:toolbar=false
Caveat emptor. Someone will find the links.
Just a thought.
Authenticate users, while making Web Service(SOAP) Requests
How can I authorize users to retrieve their own data while making SOAP
Requests?
I don't want to pass usernames as paramaters. I could pass them in
cookies in some encrypted format.
Is there an interface to implement for authentication/authorization
before processing results, in SQLXML 3.0 SP2?
Regards,
Mert SakaryaUnfortunatly no. You could use Integrated Authentication in ISAPI and then
set up the database security to check the user, though I don't think that
would give you row-level security. You'd have to add some logic for that.
Irwin
"Mert Sakarya" <msakarya@.(nospam)e-kolay.com> wrote in message
news:uIA2XPmEFHA.960@.TK2MSFTNGP09.phx.gbl...
> How can I authorize users to retrieve their own data while making SOAP
> Requests?
> I don't want to pass usernames as paramaters. I could pass them in
> cookies in some encrypted format.
> Is there an interface to implement for authentication/authorization
> before processing results, in SQLXML 3.0 SP2?
> Regards,
> Mert Sakarya
>
Requests?
I don't want to pass usernames as paramaters. I could pass them in
cookies in some encrypted format.
Is there an interface to implement for authentication/authorization
before processing results, in SQLXML 3.0 SP2?
Regards,
Mert SakaryaUnfortunatly no. You could use Integrated Authentication in ISAPI and then
set up the database security to check the user, though I don't think that
would give you row-level security. You'd have to add some logic for that.
Irwin
"Mert Sakarya" <msakarya@.(nospam)e-kolay.com> wrote in message
news:uIA2XPmEFHA.960@.TK2MSFTNGP09.phx.gbl...
> How can I authorize users to retrieve their own data while making SOAP
> Requests?
> I don't want to pass usernames as paramaters. I could pass them in
> cookies in some encrypted format.
> Is there an interface to implement for authentication/authorization
> before processing results, in SQLXML 3.0 SP2?
> Regards,
> Mert Sakarya
>
Authenticate users, while making Web Service(SOAP) Requests
How can I authorize users to retrieve their own data while making SOAP
Requests?
I don't want to pass usernames as paramaters. I could pass them in
cookies in some encrypted format.
Is there an interface to implement for authentication/authorization
before processing results, in SQLXML 3.0 SP2?
Regards,
Mert Sakarya
Unfortunatly no. You could use Integrated Authentication in ISAPI and then
set up the database security to check the user, though I don't think that
would give you row-level security. You'd have to add some logic for that.
Irwin
"Mert Sakarya" <msakarya@.(nospam)e-kolay.com> wrote in message
news:uIA2XPmEFHA.960@.TK2MSFTNGP09.phx.gbl...
> How can I authorize users to retrieve their own data while making SOAP
> Requests?
> I don't want to pass usernames as paramaters. I could pass them in
> cookies in some encrypted format.
> Is there an interface to implement for authentication/authorization
> before processing results, in SQLXML 3.0 SP2?
> Regards,
> Mert Sakarya
>
Requests?
I don't want to pass usernames as paramaters. I could pass them in
cookies in some encrypted format.
Is there an interface to implement for authentication/authorization
before processing results, in SQLXML 3.0 SP2?
Regards,
Mert Sakarya
Unfortunatly no. You could use Integrated Authentication in ISAPI and then
set up the database security to check the user, though I don't think that
would give you row-level security. You'd have to add some logic for that.
Irwin
"Mert Sakarya" <msakarya@.(nospam)e-kolay.com> wrote in message
news:uIA2XPmEFHA.960@.TK2MSFTNGP09.phx.gbl...
> How can I authorize users to retrieve their own data while making SOAP
> Requests?
> I don't want to pass usernames as paramaters. I could pass them in
> cookies in some encrypted format.
> Is there an interface to implement for authentication/authorization
> before processing results, in SQLXML 3.0 SP2?
> Regards,
> Mert Sakarya
>
Auditing without having to use SQL Profiler
I want to audit users logging on/off, creating/dropping/modifying
objects, etc, etc.
I know this can all be done using SQL Profiler, however this requires
SQL Profiler to be running all the time.
Are there any database system tables which hold this sort of
information, i.e. modified date of objects, etc, so that I can
schedule jobs to monitor user activity, as and when I want? (This
sort of thing can be done in Oracle)
I have looked at sysobjects and there is only create date in there.
You could trace using trace stored procedures. No need to use Profiler. More
info and code at:
http://vyaskn.tripod.com/server_side...sql_server.htm
HTH,
Vyas, MVP (SQL Server)
http://vyaskn.tripod.com/
Is .NET important for a database professional?
http://vyaskn.tripod.com/poll.htm
"Dipak Patel" <dipak99@.hotmail.com> wrote in message
news:30bbec2c.0406040636.3ae9786f@.posting.google.c om...
I want to audit users logging on/off, creating/dropping/modifying
objects, etc, etc.
I know this can all be done using SQL Profiler, however this requires
SQL Profiler to be running all the time.
Are there any database system tables which hold this sort of
information, i.e. modified date of objects, etc, so that I can
schedule jobs to monitor user activity, as and when I want? (This
sort of thing can be done in Oracle)
I have looked at sysobjects and there is only create date in there.
|||OK thanks for that. i will try it out at some point.
"Narayana Vyas Kondreddi" <answer_me@.hotmail.com> wrote in message news:<#I62DHkSEHA.3812@.TK2MSFTNGP11.phx.gbl>...
> You could trace using trace stored procedures. No need to use Profiler. More
> info and code at:
> http://vyaskn.tripod.com/server_side...sql_server.htm
> --
> HTH,
> Vyas, MVP (SQL Server)
> http://vyaskn.tripod.com/
> Is .NET important for a database professional?
> http://vyaskn.tripod.com/poll.htm
>
> "Dipak Patel" <dipak99@.hotmail.com> wrote in message
> news:30bbec2c.0406040636.3ae9786f@.posting.google.c om...
> I want to audit users logging on/off, creating/dropping/modifying
> objects, etc, etc.
> I know this can all be done using SQL Profiler, however this requires
> SQL Profiler to be running all the time.
> Are there any database system tables which hold this sort of
> information, i.e. modified date of objects, etc, so that I can
> schedule jobs to monitor user activity, as and when I want? (This
> sort of thing can be done in Oracle)
> I have looked at sysobjects and there is only create date in there.
objects, etc, etc.
I know this can all be done using SQL Profiler, however this requires
SQL Profiler to be running all the time.
Are there any database system tables which hold this sort of
information, i.e. modified date of objects, etc, so that I can
schedule jobs to monitor user activity, as and when I want? (This
sort of thing can be done in Oracle)
I have looked at sysobjects and there is only create date in there.
You could trace using trace stored procedures. No need to use Profiler. More
info and code at:
http://vyaskn.tripod.com/server_side...sql_server.htm
HTH,
Vyas, MVP (SQL Server)
http://vyaskn.tripod.com/
Is .NET important for a database professional?
http://vyaskn.tripod.com/poll.htm
"Dipak Patel" <dipak99@.hotmail.com> wrote in message
news:30bbec2c.0406040636.3ae9786f@.posting.google.c om...
I want to audit users logging on/off, creating/dropping/modifying
objects, etc, etc.
I know this can all be done using SQL Profiler, however this requires
SQL Profiler to be running all the time.
Are there any database system tables which hold this sort of
information, i.e. modified date of objects, etc, so that I can
schedule jobs to monitor user activity, as and when I want? (This
sort of thing can be done in Oracle)
I have looked at sysobjects and there is only create date in there.
|||OK thanks for that. i will try it out at some point.
"Narayana Vyas Kondreddi" <answer_me@.hotmail.com> wrote in message news:<#I62DHkSEHA.3812@.TK2MSFTNGP11.phx.gbl>...
> You could trace using trace stored procedures. No need to use Profiler. More
> info and code at:
> http://vyaskn.tripod.com/server_side...sql_server.htm
> --
> HTH,
> Vyas, MVP (SQL Server)
> http://vyaskn.tripod.com/
> Is .NET important for a database professional?
> http://vyaskn.tripod.com/poll.htm
>
> "Dipak Patel" <dipak99@.hotmail.com> wrote in message
> news:30bbec2c.0406040636.3ae9786f@.posting.google.c om...
> I want to audit users logging on/off, creating/dropping/modifying
> objects, etc, etc.
> I know this can all be done using SQL Profiler, however this requires
> SQL Profiler to be running all the time.
> Are there any database system tables which hold this sort of
> information, i.e. modified date of objects, etc, so that I can
> schedule jobs to monitor user activity, as and when I want? (This
> sort of thing can be done in Oracle)
> I have looked at sysobjects and there is only create date in there.
Auditing without having to use SQL Profiler
I want to audit users logging on/off, creating/dropping/modifying
objects, etc, etc.
I know this can all be done using SQL Profiler, however this requires
SQL Profiler to be running all the time.
Are there any database system tables which hold this sort of
information, i.e. modified date of objects, etc, so that I can
schedule jobs to monitor user activity, as and when I want? (This
sort of thing can be done in Oracle)
I have looked at sysobjects and there is only create date in there.You could trace using trace stored procedures. No need to use Profiler. More
info and code at:
http://vyaskn.tripod.com/server_side_tracing_in_sql_server.htm
--
HTH,
Vyas, MVP (SQL Server)
http://vyaskn.tripod.com/
Is .NET important for a database professional?
http://vyaskn.tripod.com/poll.htm
"Dipak Patel" <dipak99@.hotmail.com> wrote in message
news:30bbec2c.0406040636.3ae9786f@.posting.google.com...
I want to audit users logging on/off, creating/dropping/modifying
objects, etc, etc.
I know this can all be done using SQL Profiler, however this requires
SQL Profiler to be running all the time.
Are there any database system tables which hold this sort of
information, i.e. modified date of objects, etc, so that I can
schedule jobs to monitor user activity, as and when I want? (This
sort of thing can be done in Oracle)
I have looked at sysobjects and there is only create date in there.|||OK thanks for that. i will try it out at some point.
"Narayana Vyas Kondreddi" <answer_me@.hotmail.com> wrote in message news:<#I62DHkSEHA.3812@.TK2MSFTNGP11.phx.gbl>...
> You could trace using trace stored procedures. No need to use Profiler. More
> info and code at:
> http://vyaskn.tripod.com/server_side_tracing_in_sql_server.htm
> --
> HTH,
> Vyas, MVP (SQL Server)
> http://vyaskn.tripod.com/
> Is .NET important for a database professional?
> http://vyaskn.tripod.com/poll.htm
>
> "Dipak Patel" <dipak99@.hotmail.com> wrote in message
> news:30bbec2c.0406040636.3ae9786f@.posting.google.com...
> I want to audit users logging on/off, creating/dropping/modifying
> objects, etc, etc.
> I know this can all be done using SQL Profiler, however this requires
> SQL Profiler to be running all the time.
> Are there any database system tables which hold this sort of
> information, i.e. modified date of objects, etc, so that I can
> schedule jobs to monitor user activity, as and when I want? (This
> sort of thing can be done in Oracle)
> I have looked at sysobjects and there is only create date in there.
objects, etc, etc.
I know this can all be done using SQL Profiler, however this requires
SQL Profiler to be running all the time.
Are there any database system tables which hold this sort of
information, i.e. modified date of objects, etc, so that I can
schedule jobs to monitor user activity, as and when I want? (This
sort of thing can be done in Oracle)
I have looked at sysobjects and there is only create date in there.You could trace using trace stored procedures. No need to use Profiler. More
info and code at:
http://vyaskn.tripod.com/server_side_tracing_in_sql_server.htm
--
HTH,
Vyas, MVP (SQL Server)
http://vyaskn.tripod.com/
Is .NET important for a database professional?
http://vyaskn.tripod.com/poll.htm
"Dipak Patel" <dipak99@.hotmail.com> wrote in message
news:30bbec2c.0406040636.3ae9786f@.posting.google.com...
I want to audit users logging on/off, creating/dropping/modifying
objects, etc, etc.
I know this can all be done using SQL Profiler, however this requires
SQL Profiler to be running all the time.
Are there any database system tables which hold this sort of
information, i.e. modified date of objects, etc, so that I can
schedule jobs to monitor user activity, as and when I want? (This
sort of thing can be done in Oracle)
I have looked at sysobjects and there is only create date in there.|||OK thanks for that. i will try it out at some point.
"Narayana Vyas Kondreddi" <answer_me@.hotmail.com> wrote in message news:<#I62DHkSEHA.3812@.TK2MSFTNGP11.phx.gbl>...
> You could trace using trace stored procedures. No need to use Profiler. More
> info and code at:
> http://vyaskn.tripod.com/server_side_tracing_in_sql_server.htm
> --
> HTH,
> Vyas, MVP (SQL Server)
> http://vyaskn.tripod.com/
> Is .NET important for a database professional?
> http://vyaskn.tripod.com/poll.htm
>
> "Dipak Patel" <dipak99@.hotmail.com> wrote in message
> news:30bbec2c.0406040636.3ae9786f@.posting.google.com...
> I want to audit users logging on/off, creating/dropping/modifying
> objects, etc, etc.
> I know this can all be done using SQL Profiler, however this requires
> SQL Profiler to be running all the time.
> Are there any database system tables which hold this sort of
> information, i.e. modified date of objects, etc, so that I can
> schedule jobs to monitor user activity, as and when I want? (This
> sort of thing can be done in Oracle)
> I have looked at sysobjects and there is only create date in there.
Auditing without having to use SQL Profiler
I want to audit users logging on/off, creating/dropping/modifying
objects, etc, etc.
I know this can all be done using SQL Profiler, however this requires
SQL Profiler to be running all the time.
Are there any database system tables which hold this sort of
information, i.e. modified date of objects, etc, so that I can
schedule jobs to monitor user activity, as and when I want? (This
sort of thing can be done in Oracle)
I have looked at sysobjects and there is only create date in there.You could trace using trace stored procedures. No need to use Profiler. More
info and code at:
http://vyaskn.tripod.com/server_sid..._sql_server.htm
--
HTH,
Vyas, MVP (SQL Server)
http://vyaskn.tripod.com/
Is .NET important for a database professional?
http://vyaskn.tripod.com/poll.htm
"Dipak Patel" <dipak99@.hotmail.com> wrote in message
news:30bbec2c.0406040636.3ae9786f@.posting.google.com...
I want to audit users logging on/off, creating/dropping/modifying
objects, etc, etc.
I know this can all be done using SQL Profiler, however this requires
SQL Profiler to be running all the time.
Are there any database system tables which hold this sort of
information, i.e. modified date of objects, etc, so that I can
schedule jobs to monitor user activity, as and when I want? (This
sort of thing can be done in Oracle)
I have looked at sysobjects and there is only create date in there.|||OK thanks for that. i will try it out at some point.
"Narayana Vyas Kondreddi" <answer_me@.hotmail.com> wrote in message news:<#I62DHkSEHA.3812@.TK
2MSFTNGP11.phx.gbl>...
> You could trace using trace stored procedures. No need to use Profiler. Mo
re
> info and code at:
> http://vyaskn.tripod.com/server_sid..._sql_server.htm
> --
> HTH,
> Vyas, MVP (SQL Server)
> http://vyaskn.tripod.com/
> Is .NET important for a database professional?
> http://vyaskn.tripod.com/poll.htm
>
> "Dipak Patel" <dipak99@.hotmail.com> wrote in message
> news:30bbec2c.0406040636.3ae9786f@.posting.google.com...
> I want to audit users logging on/off, creating/dropping/modifying
> objects, etc, etc.
> I know this can all be done using SQL Profiler, however this requires
> SQL Profiler to be running all the time.
> Are there any database system tables which hold this sort of
> information, i.e. modified date of objects, etc, so that I can
> schedule jobs to monitor user activity, as and when I want? (This
> sort of thing can be done in Oracle)
> I have looked at sysobjects and there is only create date in there.
objects, etc, etc.
I know this can all be done using SQL Profiler, however this requires
SQL Profiler to be running all the time.
Are there any database system tables which hold this sort of
information, i.e. modified date of objects, etc, so that I can
schedule jobs to monitor user activity, as and when I want? (This
sort of thing can be done in Oracle)
I have looked at sysobjects and there is only create date in there.You could trace using trace stored procedures. No need to use Profiler. More
info and code at:
http://vyaskn.tripod.com/server_sid..._sql_server.htm
--
HTH,
Vyas, MVP (SQL Server)
http://vyaskn.tripod.com/
Is .NET important for a database professional?
http://vyaskn.tripod.com/poll.htm
"Dipak Patel" <dipak99@.hotmail.com> wrote in message
news:30bbec2c.0406040636.3ae9786f@.posting.google.com...
I want to audit users logging on/off, creating/dropping/modifying
objects, etc, etc.
I know this can all be done using SQL Profiler, however this requires
SQL Profiler to be running all the time.
Are there any database system tables which hold this sort of
information, i.e. modified date of objects, etc, so that I can
schedule jobs to monitor user activity, as and when I want? (This
sort of thing can be done in Oracle)
I have looked at sysobjects and there is only create date in there.|||OK thanks for that. i will try it out at some point.
"Narayana Vyas Kondreddi" <answer_me@.hotmail.com> wrote in message news:<#I62DHkSEHA.3812@.TK
2MSFTNGP11.phx.gbl>...
> You could trace using trace stored procedures. No need to use Profiler. Mo
re
> info and code at:
> http://vyaskn.tripod.com/server_sid..._sql_server.htm
> --
> HTH,
> Vyas, MVP (SQL Server)
> http://vyaskn.tripod.com/
> Is .NET important for a database professional?
> http://vyaskn.tripod.com/poll.htm
>
> "Dipak Patel" <dipak99@.hotmail.com> wrote in message
> news:30bbec2c.0406040636.3ae9786f@.posting.google.com...
> I want to audit users logging on/off, creating/dropping/modifying
> objects, etc, etc.
> I know this can all be done using SQL Profiler, however this requires
> SQL Profiler to be running all the time.
> Are there any database system tables which hold this sort of
> information, i.e. modified date of objects, etc, so that I can
> schedule jobs to monitor user activity, as and when I want? (This
> sort of thing can be done in Oracle)
> I have looked at sysobjects and there is only create date in there.
Auditing Users on various SQL Servers
We have about 50 SQL Servers (most 2000 but some 2005) in different domains and behind firewalls and we implementing the PCI rules for the use of credit card data. One thing we need to do is to audit users and their rights. I have a stored proc that can run each night and record users and permissions.
My main problem is trying to bring all that data together on a central box and then parse through it to see if I have any offenders. The parsing is not the issue, but the polling is. I could use the SA account or create a audit account with SA rights but both of those solutions go against the PCI mantra.
Can someone who has done this give me some guidance as to what you did. I know that there are some third party tools that would probably do this, but my department is on a shallow budget and my overtime is free.
Any suggestions would be greatly appreciated. Thank you!
Jim Youmans
St. Louis
An ideea is to write an event log in operating system ( you can view it with EventViewer) when the user use credit card data then collect that data from all 50 SQL Servers in a SQL database and analyze it (see).|||Bets thing would be the other way around. Start an application / job on the server themselves and push the data to a collecting server. Rather than providing your application with password of each server you can just provide the application with the password of the collecting server assuming you run the application in a trusted context on the remote servers.
Jens K. Suessmeyer
http://www.sqlserver2005.de
|||You may be best served to explore some of the third party auditing products. They are robust and well vetted. Some may be PCI 'approved'.
My experience with Luminigents and ApexSQL's products leads me to belief that they are very cost-effective.
Audit Tools
ApexSQL Audit http://www.apexsql.com/sql_tools_audit.asp
AuditDatabase (Free Web based trigger generation) http://www.auditdatabase.com/
Lumigent Audit DB http://www.lumigent.com/products/auditdb.html
OmniAudit http://www.krell-software.com/omniaudit/index.asp
SQLLog http://www.rlpsoftware.com/mainframe.asp?contents=SQLLog.asp&mainmenu=SQLLog&submenu=Info
Upscene SQL Log Manager http://www.upscene.com/index.htm?./products/audit/mssqllm_main.htm
DB Audit Expert http://www.softtreetech.com/dbaudit/
Subscribe to:
Posts (Atom)