Accessing Report Services Using Form Authentication Against Active Directory
Nov 21, 2007
I hope someone can help.
I'm working on a web project that will display the reports in an iframe to the user. When I was using windows security It worked perfectly.
Now my boss wants me to use form based authentication instead that can authenticate against our current Active Directory. This is working perfectly and does authenticate correctly. The only problem is that when I load a report in the iframe http://myserver/reportserver/myreport-blah reporting services prompts the user to enter in windows credentials. Is there anyway to pass my form credentials to the report server so that the user doesn't have to log in again.
Both the report server and the web app are on the same server BUT in different virtual directories.
PS: I tried using the reportviewer control but it does not display things correctly. For example, I have use a multi select dropdown on the reports and it messes up the drop down when the user only has 1 selection (hiding the selection). If the user has more than one selection the drop down uses scroll bars. I would use the reportviewer control if it displayed exactly like it does when using alternate URL method.
I have a request to build some reports that are specific to each user. Only the autheticated user should be able to see their report data and no one elses etc. How do I get data for the current autheticated user (via AD)? If this is via parameter, how do I hide the username/password in the url?
I am sure this has been done, but I couldn't find any good examples.
We currently have Active Directory within our domain all Server 2003 based. We also have a SQL2005 database stand alone server (not currently joined to the domain). What we would like to do is utilize single sign on. Currently our users have to log into windows, then open an "in-house" program which asks for a different set of credentials for the SQL2005 database. How do we intergrate Active Directory login to also authenticate to the SQL database? Can we just join the stand alone SQL server to the domain, then from there add the Active Directory "security groups" into the database? Could someone point me in the right direction, thanks!
Hello All,I have a linked ADSI Server to our company Active Directory andeverything is fine. I'm running queries and such using LDAP. BUT howcan I aquire a list of attributes for the classes and categories. Suchas if i wanted to see a user's telephone number and email address foruse in a corporate database? Is this possible?Thanks
Has anyone used this successfully from an OLEDB source component, or even from the Execute SQL Task? I've seen some examples of using a script component, but nothing that uses it through a connection manager.
I'm trying to extract all the users and their membership to groups, and the membership of groups to groups from active directory though a link to server.
I can get the users. I can get the groups.... individually.
I can't get the info of what user is a member of or who are members of a group.
Anyone know how to do this or am I going to have to right a vb app? (Anyone already got the code...)
I want to load this data into tables for reporting in my Data Warehouse.
Is there a way that we can tell what active directory group the person belongs to that is running the report? I know that you can detect a user id, but I need to access the Active Directory Group that they belong to.
When we assign security in SRS, in the user name field we have to type the domainusername manually. We cannot see the drop down of all the users in Active directory. Is it possible to configure SRS to get the names from Active directory. If we add any new users to our AD, it automatically refreshes at certain set intervals. I am talking to a similar function in Sharepoint. I browsed through a bit on this and think it is not possible. But I want to make sure that I am on the right path.
Can you please correct me if my understanding is right?
I appreciate your help and thank you for your time,
I need to add one of our servers to active directory. I found some documents on SQL 2000 but no good document on SQL 2005. Can you please guide me to the documentation for this? Thanks
The code is this: Public Sub Main() Dim directory As DirectoryServices.DirectorySearcher Dim result As DirectoryServices.SearchResult Dim email As String email = Dts.Variables("email").Value.ToString Try directory = New _ DirectoryServices.DirectorySearcher("(mail=" & email & ")") result = directory.FindOne Dts.Variables("name").Value = _ result.Properties("name").ToString() Dts.TaskResult = Dts.Results.Success Catch ex As Exception Dts.Events.FireError(0, _ "Script Task Example", _ ex.Message & ControlChars.CrLf & ex.StackTrace, _ String.Empty, 0) Dts.TaskResult = Dts.Results.Failure End Try Dts.TaskResult = Dts.Results.Success End Sub End Class
My problem is I'm not getting a value for 'Name' instead when I display in a dataflow task (using dataviewer)following the script task the value of Name = 'System.DirectoryServices.ResultPropertyValueCollection'
It's seems like it is telling me its property not the value. I'm not a VB/.Net developer so I'm just guessing as to what the value means.
The permissions granted to user 'xxxxyyy' are insufficient for performing this operation. When a user is deleted and then readded to active directory. Reporting services returns the insufficient permissions granted error. In dbo.users in the sql database there are 2 entries for the deleted user one with UserType 0 and another with UserType 1. How do you clean up reporting services or sql to allow the reciently re-added user to re-connect to reporting services. We use the MY-Reports option of reporting services but cannot delete the home directory for this user either in report Mgr. The same error is returned for this action.
I am working on the security model for an application that will be used by 100s of users with a dedicated SQL 2005 database for this application and access via SQL XML Web Services.
The client has asked to make it "open" during alpha testing such that anyone can access the web services without having to set them up first. Is there a way to do this? The best I can figure is to use mixed mode security and hard code a login and password. Any method using Windows authentication would require that I add every user at a minimum to the database.
In production, all users will have an active directory role specified that determines if they should have access to the web services or not. However, it is my understanding that to use Windows authentication, I would still need to add each individual user at a minimum as a Login to the SQL Server, and under best practices also as database users with permissions granted to the endpoint.
Am I correct in the above, or is there a more efficient way to achieve these results?
Hi, I would like to know how to call a report from a report viewer control in a web application. The reporting services is forms authenticated. I've done this authentication using the sample solution given by microsoft (adding custom security extension). Now am able to view the reports from Report manager and Report server URL. But i dont know how to authenticate the user from my web application and pass the credentials to the report server to view the report in report viewer control. Can somebody help in this? its bit urgent. Thanks in advance
I am running into a weird issue with a new SQL Reporting Services 2014 server I built. I installed SQL Reporting 2014 on Windows Server 2012 R2 and configured Kerberos, but the site is extremely slow. After some reconfiguration and log captures I have determined the issue has to do with the Kerberos setup, however I am running a similar configuration with SQL Reporting Services 2008 on Windows Server 2008 R2 and do not run into the same errors.
The error I see while using Wireshark is KRB Error: KRB5KDC_ERR_BADOPTION NT Status: STATUS_NO_MATCH. When I drill down the into the error I can see the kerberos string is testprjmnmtreports14.company.com, which is the URL we are using to access the site. I made sure to add that name as an SPN for the service account that is running SQL Reporting Services, however I still receive the error.
Then I tried configuring the site to run without a hostheader, so I accessed the site with the server name, ECTSTSQLRS5, and the site works perfectly fine, no errors are reported either. So it seems I have isolated the issue down to Kerberos but I am not sure how to resolve it. Here is some more information about my environment:
DNS/URL used: testprjmnmtreports14.company.com Server Name (FQDN): ECTSTSQLRS5.company.int AD Domain Name: company.int Server Version: Windows Server 2012 R2 AD Functional Level: 2008 R2
As you can see I am trying to use a .com address but my AD domain is .int which I think is the issue, but I do not have the same problem on my other server that is running Windows Server 2008 R2. What do I need to do to allow my new site on 2012 R2 to work with this DNS Alias?
Hello. I am trying to write a report that pulls information in from Active Directory. I have a view created that gets a listing of users and a view that creates a listing of user groups, but I can't seem to figure out how to get all user groups that are associated with the users. This is what I have.
SELECT TOP 100 PERCENT * FROM OPENQUERY(ADSI, 'SELECT cn, groupMembershipSAM FROM ''LDAP://wmdomain.local'' WHERE objectcategory=''group''') Rowset_1
SELECT * FROM OPENQUERY(ADSI, 'SELECT title, displayName, sAMAccountName, givenName, telephoneNumber, facsimileTelephoneNumber, sn FROM ''LDAP://wmdomain.local'' WHERE objectCategory = ''Person'' AND objectClass = ''user''') Rowset_1
I am working on reports in SSRS 2008 (not R2)... There are some reports with parameters that are hidden when the report is accessed through normal URL using ReportViewer.asx..The thing is that these hidden parameters need to be visible when the report is accessed using SSRS Report Manager.
I was able to log in to SSRS report manager. But i was unable to run a report i designed on report builder.
It prompts for login when i wanted to run the report and i used the same windows authentication to sign in
It will show me the parameters but when i click on view report it gives this error
"Data source 'DataSource1': An error has occurred.
Details: Microsoft.ReportingServices.ReportProcessing.ReportProcessingException: Cannot create a connection to data source 'DataSource1'. ---> System.Data.SqlClient.SqlException: Login failed for user 'Acc-11Admin'."
I wonder if it is possible to set forms authentication for report manager but leave report server "as it is". I need to authenticate users from external LDAP and can't use windows authentication for report manager, but I would also like to leave report server open for anonymous users. In that way authenticated administrators could create reports which anonymous users could read.
I tested the Security Extension Sample and got it working when I rewrote the authentication part with my own LDAP authentication.
If I have understood correctly, the report manager is just application inside report server so is it possible to use forms authentication with one application but still leave the report server with Windows authentication?
I have recently upgraded my the server that runs SQL Server to an Active Directory Domain Controler. Now I can't connect to the SQL Server from ASP.NET Applications when the application is not located on the local machine. The error message I get is SQL Server does not exist or access is denied. I have no problems connecting with QueryAnalyer and Enterprise Manager from my workstation. I have added the Sql Server to the directory via the "Active Directory"-tab in the Property window for my Sql Server Registration i Enterprise Manager. If I copy a directory from the wwwroot on my workstation to the server the application has no problem to connect so the connectionstring seams to work fine.
we have recently completed an upgrade to 2000 server and now have AD on our network.
How do i go about querying this from any of my SQL 2000 servers?
I have found a few websites that mention adding a linked server. I have never done this and am not sure how to query a linked server, if that is the way to go.
A little background, We have a DEV Server running SQL Server 2000. This is the first of many to be migrated from out NT Domain to our new AD (active directory Domain). All Domain user accounts have already been migrated.
When they migrated this first Server running SQL Server, I am getting the following error when I try to make the owner of a job (any job) run by the SQL Server Agent a domain account in the new AD - when I switch the ownership back to our old NT Domain, it works fine.
I am getting this error: The job failed. Unable to determine if the owner (domainusername) of job testjob has server access (reason: Could not obtain information about Windows NT group/user 'domainusername'. [SQLSTATE 42000] (Error 8198)).
note that this is happening to all windows authenticated sql server accounts on this Server. All of these account are in the local Admin group on the Server.
Does anyone know what needs to be done in SQL Server to make the AD migration seemless???? I need to try and find this out before we begin migrating Production Servers. Thank you!!
Hi! I want to write a trigger that add a new computer account in my active directory when I do an Insert in my MSSQL table.
I know how to use SELECTstatements using LDAP but I want to do a INSERT statement. Is that even possible? Can you write vb code directly in SP i mssql 2000?
What I think I have to do is to have a vbscript that does the adding then call the script using exetended SP cmd execute passing the name to the script.
If someone has a another solutions please let me know!
Is it possible to, somehow, get a specific users password from active directory? The reason I ask is that I am writing a new system and really don't want the users having to remember yet another password, but rather be able to use there network password? I would like to write the logon section myself and not use any built in functions that anything may have.
Please can someone advise. I don't think it is possible but have been asked to persue the issue.
HiI've created a stored procedure (see below) which accesses the ActiveDirectory and SQL server to get "real names" back. When I run thestored procedure in Query Analyzer it returns the expected results,however when I try to create a Web Assistant job based upon theprocedure I get the SQL-DMO message:Error 7410 Remote Access not allowed for Windows NT Useractivated bySETUSER.The procedure is being run (and the job created) as the account whichowns the SQL Server installation, and this account has AD adminpermissions.Any suggestions?CREATE VIEW dbo.vw_account_adASSELECT a.Name AS ad_name, dbo.Accounts.*FROM dbo.Accounts INNER JOINOPENQUERY(ADSI,'select SamAccountName, Name FROM''LDAP://w2k-bspad1/ ou=users,ou=bsp,DC=ad,DC=bl,DC=uk'' whereobjectcategory=''person'' ') a ONSUBSTRING(dbo.Accounts.Account_Name,CHARINDEX('', dbo.Accounts.Account_Name) + 1,LEN(dbo.Accounts.Account_Name) - CHARINDEX('',dbo.Accounts.Account_Name)) = a.SamAccountNameCREATE PROCEDURE [dbo].[usp_event_report] ASSET ANSI_NULLS ONSET ANSI_WARNINGS ONSELECT Code_Name, Account_Name + ' ('+ad_Name+')' as 'Account Name',Date_Occured, ResultFROM Usage_Codes, Usage, vw_account_adWHERE Usage.Code_ID = Usage_Codes.Code_IDAND Usage.Account_ID = vw_account_ad.Account_IDAND datepart(month,Date_Occured) = datepart(month,getdate())ORDER BY Code_Name, Account_Name, Date_OccuredGOChloe CrowderThe British Library
Can someone please tell me or provide a link explaining how I can query the active directory for usernames from sql server 2005. I'm actually creating usernames on the fly and I need to check if they already exist in the active directory. Thanks.