Custom Security For Reportserver With Some ISAPI Filter In Progress
May 25, 2007
hi,
I am new to report server custom security.
I face the following problem and want to ask if there is a simple way to solve.
we have already running an IS API Filter which handles the authentication for all websites. The fiter is built to secure all websites. It verfies access to URLs and authrize users against an LDAP Directory. Affer the user has authenticated he can connect to the website. The ISAPI Filter sets the LOGONUSER Severvariable so the website can do userspecific filtering.
With the same ISAPI Filter we want to secure report server.
We want to setup roles with usernames to allow or deny specific reports. (this usernames should be validated against the servervariable LOGONUser - by String Comparison).
We do not have any windows authenitcation - and do not need.
The ReportServer User Variable should return this LOGON User to allow report secific data filtering
Is this possible - and explanation how?
Best Regards,
HANNES
View 3 Replies
ADVERTISEMENT
Jul 31, 2007
Hi,
I have posted this issue for a week, haven't got any reply yet, I posted it again and desperately need your help.
The article http://msdn2.microsoft.com/en-us/library/ms365343.aspx says:
Model Item Security can be set for differnt security filters, but when I use SQL Server Management Studio to set Model Item Security, it seems "Permissions" property surpass "Model Item Security" property. -- My report server is using Custom Authentication.
For example, in "Permissions" property of the model, if I checked "Use these roles for each group or user account" without setting any user or group, no matter what users I added to "Model Item Security" with "Secure individual model items independently for this model" checked, NO one user can see the model on report manager and report builder;
in above situation, if I added "user1" and gave role such as "Browser" role to "user1" in "Permissions" property, if I checked "Secure individual model items independently for this model" in "Model Item Security" property, even I did NOT grant "user1" to root model and any entities under the model, the "user1" is able to access the model and all entities in report builder.
My question is on the same report model, how to set "AdminFilter" (empty security filter) for administrator permissions and set "GeneralFilter" (filtered on UserID) for general user based on their UserID?
The article also says:
"Security filters are always applied, even for users who have Content Manager or Administrator permissions to the model. To allow administrators or other users to see all rows of an entity on which row-level security is defined, you can create an empty security filter (which always returns True) and then use the filter to grant those users access to all the rows."
So I defined 2 filters "GeneralFilter" and "AdminFilter" for "Staff" entity for my report model "SSRSModel", I expect after I deployed the report model, the administrator users use report builder to build reports with all rows available, and the non-admin users can only see rows based on their UserID.
I can only get one result at a time but not both:
either the rows are filtered or not filtered at all, no matter how I set the "SecurityFilter" for the entity: I tried setting both "AdminFilter" and "GeneralFilter" for SecurityFilter at the same time, combination of "DefaultSecurityFilter" and "SecurityFilter", or one at a time.
Your help is highly appreciated!
Desperate developer
View 1 Replies
View Related
Jan 29, 2008
How do you prevent others from viewing the ReportServer and ReportManager in a browser? I know you can assign roles to individuals but as far as I know of that is only referring to the actual report. But I would like to have just certain individuals be able to view the ReportServer and ReportManager in a browser. Also does creating these security limitations affect being able to link and display a report in a pdf format?
Any information is helpful.
Thanks!
View 20 Replies
View Related
Jun 8, 2007
Dear Helpers,
I can not setup SQL server 2005 express and the full trial version as well.
The setup progress stops at "setting file security", and nothing happens. I dont even get an error message.
This is very annoying. I have local administrator access, so it should work. Op system: Windows XP professional.
Machine: Hp Compaq dc7700p, 1 GB RAM, 80 GB HDD
Thanks for your help in advance.
View 5 Replies
View Related
Dec 2, 2006
Please help everytime i call http://servername/reportserver it is presenting the login screen, if i enter the username and password then i can access the reportserver screen, same with reportmanager tool.
under iis manager for the reportserver virtual directory i have given anonymous login access.
do i have to set any other extra permissions other than anonymous login(iusr_machinenname)
thank you all for the information.
View 6 Replies
View Related
Jun 25, 2007
Still working on custom security
Since I can't get a name of file (path) from within CheckAccess method it becomes somewhat useless. Is there a way to maybe overload GetPermissions or Policies methods? Or maybe CreateReport method so that I can include some custom code there? Is there an example of something like that?
I wish the catalog tree was transparent to Authentication extension, I don't see a point in acl for a custom extension, all I want is names and I can build on top of that. Something along the lines -
Code Snippet
public bool CheckAccess(...file...)
{
string[] permissions ;
permissions = server.GetPermissions(file);
...
Maybe I am missing something simple and I can tie everything to a security descriptor but I don't see how I can if there is no information such as name, date, modified by name and so on. All we get is principal name which is not very useful since I don't use built-in security names.
Thanks
View 2 Replies
View Related
Oct 3, 2007
Hello Everyone,
When I run my report from report manager, I get the following error message
Failed to load expression host assembly. Details: Request for the permission of type 'System.Security.Permissions.FileIOPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.
My report uses a custom assembly. I have already done the following
1. copied the assembly in the "reportserver�in" and the "common 7privateassemblies" area
2. Made the following entry in the rssrvpolicy.config
<CodeGroup
class="UnionCodeGroup"
version="1"
PermissionSetName="FullTrust"
Name="RSUtil.TranslationHelper"
Description="Translation Helper Utility">
<IMembershipCondition
class="UrlMembershipCondition"
version="1"
Url="C:Program FilesMicrosoft SQL ServerMSSQL.5Reporting ServicesReportServer�inAMOTest.dll"
/>
</CodeGroup>
3. Added the following line to my assemblyinfo.cs file
[assembly: AllowPartiallyTrustedCallers]
regards,
Abhishek.
View 9 Replies
View Related
Mar 7, 2006
I Configured WebSync through SQL Server 2005 on a Windows 2003 Standard Server. IIS,CA and Application Pool are also configured.
When I try to browse https://Localhost/SalesOrders/Replisapi.dll it gives me a message "The page cannot be displayed".
Any help would be greatly appreciated.
John
View 5 Replies
View Related
Mar 25, 2006
An internal error occurred on the report server. See the error log for more details. (rsInternalError) Get Online Help
Object reference not set to an instance of an object.
And my ReportServer log:
<Header>
<Product>Microsoft SQL Server Reporting Services Version 9.00.1399.00</Product>
<Locale>en-US</Locale>
<TimeZone>Pacific Standard Time</TimeZone>
<Path>C:Program FilesMicrosoft SQL ServerMSSQL.3Reporting ServicesLogFilesReportServer__03_24_2006_16_45_06.log</Path>
<SystemName>USPROFILING</SystemName>
<OSName>Microsoft Windows NT 5.2.3790 Service Pack 1</OSName>
<OSVersion>5.2.3790.65536</OSVersion>
</Header>
w3wp!webserver!1!3/24/2006-16:45:06:: i INFO: Reporting Web Server started
w3wp!library!1!3/24/2006-16:45:06:: i INFO: Initializing ConnectionType to '1' as specified in Configuration file.
w3wp!library!1!3/24/2006-16:45:06:: i INFO: Initializing IsSchedulingService to 'True' as specified in Configuration file.
w3wp!library!1!3/24/2006-16:45:06:: i INFO: Initializing IsNotificationService to 'True' as specified in Configuration file.
w3wp!library!1!3/24/2006-16:45:06:: i INFO: Initializing IsEventService to 'True' as specified in Configuration file.
w3wp!library!1!3/24/2006-16:45:06:: i INFO: Initializing PollingInterval to '10' second(s) as specified in Configuration file.
w3wp!library!1!3/24/2006-16:45:06:: i INFO: Initializing WindowsServiceUseFileShareStorage to 'False' as specified in Configuration file.
w3wp!library!1!3/24/2006-16:45:06:: i INFO: Initializing MemoryLimit to '60' percent as specified in Configuration file.
w3wp!library!1!3/24/2006-16:45:06:: i INFO: Initializing RecycleTime to '720' minute(s) as specified in Configuration file.
w3wp!library!1!3/24/2006-16:45:06:: i INFO: Initializing MaximumMemoryLimit to '80' percent as specified in Configuration file.
w3wp!library!1!3/24/2006-16:45:06:: i INFO: Initializing MaxAppDomainUnloadTime to '30' minute(s) as specified in Configuration file.
w3wp!library!1!3/24/2006-16:45:06:: i INFO: Initializing MaxQueueThreads to '0' thread(s) as specified in Configuration file.
w3wp!library!1!3/24/2006-16:45:06:: i INFO: Initializing IsWebServiceEnabled to 'True' as specified in Configuration file.
w3wp!library!1!3/24/2006-16:45:06:: i INFO: Initializing MaxActiveReqForOneUser to '20' requests(s) as specified in Configuration file.
w3wp!library!1!3/24/2006-16:45:06:: i INFO: Initializing MaxScheduleWait to '5' second(s) as specified in Configuration file.
w3wp!library!1!3/24/2006-16:45:06:: i INFO: Initializing DatabaseQueryTimeout to '120' second(s) as specified in Configuration file.
w3wp!library!1!3/24/2006-16:45:06:: i INFO: Initializing ProcessRecycleOptions to '0' as specified in Configuration file.
w3wp!library!1!3/24/2006-16:45:06:: i INFO: Initializing RunningRequestsScavengerCycle to '60' second(s) as specified in Configuration file.
w3wp!library!1!3/24/2006-16:45:06:: i INFO: Initializing RunningRequestsDbCycle to '60' second(s) as specified in Configuration file.
w3wp!library!1!3/24/2006-16:45:06:: i INFO: Initializing RunningRequestsAge to '30' second(s) as specified in Configuration file.
w3wp!library!1!3/24/2006-16:45:06:: i INFO: Initializing CleanupCycleMinutes to '10' minute(s) as specified in Configuration file.
w3wp!library!1!3/24/2006-16:45:06:: i INFO: Initializing DailyCleanupMinuteOfDay to default value of '120' minutes since midnight because it was not specified in Configuration file.
w3wp!library!1!3/24/2006-16:45:06:: i INFO: Initializing WatsonFlags to '1064' as specified in Configuration file.
w3wp!library!1!3/24/2006-16:45:06:: i INFO: Initializing WatsonDumpOnExceptions to 'Microsoft.ReportingServices.Diagnostics.Utilities.InternalCatalogException,Microsoft.ReportingServices.Modeling.InternalModelingException' as specified in Configuration file.
w3wp!library!1!3/24/2006-16:45:06:: i INFO: Initializing WatsonDumpExcludeIfContainsExceptions to 'System.Data.SqlClient.SqlException,System.Threading.ThreadAbortException' as specified in Configuration file.
w3wp!library!1!3/24/2006-16:45:06:: i INFO: Initializing SecureConnectionLevel to '0' as specified in Configuration file.
w3wp!library!1!3/24/2006-16:45:06:: i INFO: Initializing DisplayErrorLink to 'True' as specified in Configuration file.
w3wp!library!1!3/24/2006-16:45:06:: i INFO: Initializing WebServiceUseFileShareStorage to 'False' as specified in Configuration file.
w3wp!resourceutilities!1!3/24/2006-16:45:06:: i INFO: Reporting Services starting SKU: Enterprise
w3wp!resourceutilities!1!3/24/2006-16:45:06:: i INFO: Evaluation copy: 0 days left
w3wp!runningjobs!1!3/24/2006-16:45:06:: i INFO: Database Cleanup (Web Service) timer enabled: Next Event: 600 seconds. Cycle: 600 seconds
w3wp!runningjobs!1!3/24/2006-16:45:06:: i INFO: Running Requests Scavenger timer enabled: Next Event: 60 seconds. Cycle: 60 seconds
w3wp!runningjobs!1!3/24/2006-16:45:06:: i INFO: Running Requests DB timer enabled: Next Event: 60 seconds. Cycle: 60 seconds
w3wp!runningjobs!1!3/24/2006-16:45:06:: i INFO: Memory stats update timer enabled: Next Event: 60 seconds. Cycle: 60 seconds
w3wp!library!1!03/24/2006-16:45:06:: e ERROR: Throwing Microsoft.ReportingServices.Diagnostics.Utilities.InternalCatalogException: An internal error occurred on the report server. See the error log for more details., ;
Info: Microsoft.ReportingServices.Diagnostics.Utilities.InternalCatalogException: An internal error occurred on the report server. See the error log for more details. ---> System.NullReferenceException: Object reference not set to an instance of an object.
at Microsoft.ReportingServices.Diagnostics.WebConfigUtil.GetWebConfigAuthenticationAttribute(String attrName)
at Microsoft.ReportingServices.Diagnostics.WebConfigUtil.GetAuthenticationType()
at Microsoft.ReportingServices.Diagnostics.WebConfigUtil.get_UsingWindowsAuth()
at Microsoft.ReportingServices.WebServer.Global.EnableAntiDos()
at Microsoft.ReportingServices.WebServer.Global.ShouldRejectAntiDos()
at Microsoft.ReportingServices.WebServer.Global.Application_AuthenticateRequest(Object sender, EventArgs e)
--- End of inner exception stack trace ---
w3wp!library!1!03/24/2006-16:45:09:: i INFO: Exception dumped to: C:Program FilesMicrosoft SQL ServerMSSQL.3Reporting ServicesLogFiles flags= ReferencedMemory, AllThreads, SendToWatson
w3wp!library!1!03/24/2006-16:45:11:: i INFO: Catalog SQL Server Edition = Enterprise
w3wp!library!1!03/24/2006-16:45:11:: e ERROR: Throwing Microsoft.ReportingServices.Diagnostics.Utilities.InternalCatalogException: An internal error occurred on the report server. See the error log for more details., ;
Info: Microsoft.ReportingServices.Diagnostics.Utilities.InternalCatalogException: An internal error occurred on the report server. See the error log for more details. ---> System.NullReferenceException: Object reference not set to an instance of an object.
at Microsoft.ReportingServices.Diagnostics.WebConfigUtil.GetWebConfigAuthenticationAttribute(String attrName)
at Microsoft.ReportingServices.Diagnostics.WebConfigUtil.GetAuthenticationType()
at Microsoft.ReportingServices.Diagnostics.WebConfigUtil.get_UsingWindowsAuth()
at Microsoft.ReportingServices.WebServer.Global.EnableAntiDos()
at Microsoft.ReportingServices.WebServer.Global.Application_EndRequest(Object sender, EventArgs e)
--- End of inner exception stack trace ---
w3wp!library!1!03/24/2006-16:45:14:: i INFO: Exception dumped to: C:Program FilesMicrosoft SQL ServerMSSQL.3Reporting ServicesLogFiles flags= ReferencedMemory, AllThreads, SendToWatson
Any help would be appreciated:
System 2003 Server IIS6 and Sql2005 enterprise all housed on Virtual Server. all housed locally.
View 12 Replies
View Related
Aug 22, 2006
Hi,
The custom security extension generates the following error, when try to access Report Manager. The specifications are as follows.
1. Its 64-bit SQL Server (Reporting Services) and installed as default instance.
2. The Report Server is accessible programmatically. I can publish, view reports without problems, but Report Manager gives an error.
3. Another instance (named instance) of Reporting Services with the same custom security extension on same server is working fine. Report Manager opens up without problems.
4. Both the instances working fine since 3 installation and configuration (3 months back). Now, only the Report Manager of the default instance is not openeing up.
ReportServerWebApp__08_22_2006_08_52_20.log
-------------------------------------------------------------------------
w3wp!ui!1!8/22/2006-08:52:56:: i INFO: Overwriting existing cookie
w3wp!ui!1!8/22/2006-08:52:57:: e ERROR: The report server is not responding. Verify that the report server is running and can be accessed from this computer.
w3wp!ui!1!8/22/2006-08:52:57:: e ERROR: HTTP status code --> 500
-------Details--------
Microsoft.ReportingServices.UI.Global+RSWebServiceWrapper+CantCommunicateWithReportServerException: The report server is not responding. Verify that the report server is running and can be accessed from this computer.
at Microsoft.ReportingServices.UI.Global.RSWebServiceWrapper.GetSecureMethods()
at Microsoft.SqlServer.ReportingServices2005.RSConnection.IsSecureMethod(String methodname)
at Microsoft.SqlServer.ReportingServices2005.RSConnection.ValidateConnection()
at Microsoft.ReportingServices.UI.Global.SecureAllAPI()
at Microsoft.ReportingServices.UI.ReportingPage.EnsureHttpsLevel(HttpsLevel level)
at Microsoft.ReportingServices.UI.ReportingPage.ReportingPage_Init(Object sender, EventArgs args)
at System.EventHandler.Invoke(Object sender, EventArgs e)
at System.Web.UI.Control.OnInit(EventArgs e)
at System.Web.UI.Page.OnInit(EventArgs e)
at System.Web.UI.Control.InitRecursive(Control namingContainer)
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
w3wp!ui!1!8/22/2006-08:52:57:: i INFO: Overwriting existing cookie
w3wp!ui!1!8/22/2006-08:52:58:: e ERROR: Exception in ShowErrorPage: System.Threading.ThreadAbortException: Thread was being aborted.
at System.Threading.Thread.AbortInternal()
at System.Threading.Thread.Abort(Object stateInfo)
at System.Web.HttpResponse.End()
at Microsoft.ReportingServices.UI.ReportingPage.ShowErrorPage(String errMsg) at at System.Threading.Thread.AbortInternal()
at System.Threading.Thread.Abort(Object stateInfo)
at System.Web.HttpResponse.End()
at Microsoft.ReportingServices.UI.ReportingPage.ShowErrorPage(String errMsg)
The service is running fine. Any suggestions/pointers would be greatly appreciated.
THanks in advance
View 4 Replies
View Related
Apr 12, 2007
Hi,
I'm having a lot of trouble trying to set up a custom security extension with Reporting Services 2005. Following the VB example from McGraw Hill Osborne (http://www.mhprofessional.com/product.php?cat=112&isbn=0072262397&cat=112), I've compiled the .dll for the extension and made the changes to the ReportManager and ReportServer .config files. After I reset IIS and return to the RS website, it displays "The report server has encountered a configuration error..." and I get a message in my System Event log:
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{BA126AD1-2166-11D1-B1D0-00805FC1270E}
to the user MYMACHINEASPNET SID (S-1-5-21-1708537768-839522115-1343024091-1005). This security permission can be modified using the Component Services administrative tool.
Wondering if anyone else has had similar trouble and how did they get around it?
View 2 Replies
View Related
Dec 28, 2006
Hello...
I am trying to verify that the ability to use the security extension to use Forms based authentication is available (or not) with SQL 2005 Standard. I have read a few books and articles that state that only the Enterprise edition will allow us to use the security extensions to customize authentication and authorization. But a few recently have told me otherwise.
Does anyone know for sure? We use Standard edition...and would like to customize our security.
thanks
- will
View 3 Replies
View Related
Jul 31, 2006
I have recently enabled a custom Forms Security on my Windows 2003 Server w/ SQL Server 2005 Reporting Services. All the functionality I would expect is working properly, except for the ability to deploy to the reports server from inside my Visual Studio 2005 Reports Project.
The 'Reporting Services Login' window opens, prompting me for a username and password. Regardless of what is supplied, the window keeps reappearing, and I am unable to deploy. I am able to upload the files from within the Report Manager, but that is time consuming and inelegant.
Any help would be greatly appreciated!
View 6 Replies
View Related
Dec 28, 2007
I follow the instructions here to deploy the sample security extension: http://www.codeplex.com/MSFTRSProdSamples/Wiki/View.aspx?title=SS2005!Security%20Extension%20Sample&referringTitle=Home
After I have configure the config files and created the "UserAccounts" database I restart the IIS and tried to connect to Report Manager at http://localhost/Reports
This is the error i got: The report server is not responding. Verify that the report server is running and can be accessed from this computer.
I went to Services and saw my Reporting Services is stopped. Tried to start Reporting Services and it timed out.
View 3 Replies
View Related
May 29, 2007
Hi All,
My application is currently integration with reporting services using custom security extension. I have my own USER and ROLE database to determine who/which role can access certain reports.
My question is how to give access a report to be viewable by everyone? I dont want to assign all users or all roles to achieve this.
The other thing that I found out is, let say I change the name one of the user/role. Because of this, the authorization will fail because the old name/role is not in the DB anymore. Is this expected? or is there a workaround it?
Your help is appreciated.
Thanks!
View 2 Replies
View Related
Oct 10, 2006
Hi everyone, I have some code that we need to migrate to SQL Server2005 from 2000, and I have a webpage that upon viewing, fires a queryto the SQL server using ISS and ISAPI. The result set is formatted fordisplay using XSLT. But since ISAPI is deprecated in SQL 2005, I waswondering how to migrate this.Thanks,
View 5 Replies
View Related
Apr 24, 2007
Hi,
Have compiled and set up a custom security extension for SQL Reporting Services on my local machine and got it working. However, I'm trying to copy the extension across to a different server. So far, I've tried copying the updated dlls straight from my machine to the server and making the relevant changes in Reporting Services .config files (rsWebApplication.config, rssvrpolicy.config, etc)
Initially, the Forms authentication redirects to a login page as expected. However, when we try to submit a login name and password from this login page, it throws this error message:
"Invalid URI: The format of the URI could not be determined."
Is copying the dlls straight across a bad idea?
If anyone has encountered a similar issue, do you know if there are there certain things I should be checking for, or have missed, when trying to replicate a custom security extension on a different machine?
(FYI, the original server where it worked was Windows XP SP2, new server is Windows Server 2003 SP1)
View 1 Replies
View Related
Mar 13, 2008
Ok, I need to test my webservice with the 'use custom server' option on so that I can specify a base URL that I can reference from apps on a remote machine. I have a connection string I am using to access a sql server db that has Integrated Security=true and windows login has a login for it created in the db.
However, whenever I try to call a webmethod I get this error:
System.Data.SqlClient.SqlException: Login failed for user ''. The user is not associated with a trusted SQL Server connection.
But when I call the same webmethod specifiying a sql login / pw, and not integrated security, my webmethod works.
I want to use integrated security though, please help!
View 2 Replies
View Related
May 21, 2008
Hi,
I've created a custom dll using ADOMD.net that takes in a few parameters (Username being one of them) and returns a set of Allowed Members to apply dynamic dimension security. Example:
Code Snippet
Security.GetSetList(UserName,1,"SQL Server")
This works fine for users with less than, say, 100 tuples/members in their set....however for users with more an error:
Error ocurred retreiving child nodes: The 'S' attribute in the 'S' dimension has a generated dimension security expression that is not valid. ...
However, if I take the same set and explicitly (ie
Code Snippet
{[S].[1],[S].[2],.......[S].[50000]}) put it in the Allowed set there's no issue!
I noticed that it takes the UDF a couple of seconds longer to return for users with a large security context. Is there a time-out parameter that controls this? Is there a limitation in the amount of members I can add via custom dll (UDF)? (Some users can have up to 70,000 members)
I should also mention that the UDF uses the StrtoSet function to convert the security context string to a set. The string can be as large as 210,000 characters. Is there a limitation on the string size that can be passed in this function?
Any assistance would be greatly appreciated.
Thanks!!
View 7 Replies
View Related
Nov 13, 2006
Hello,
When I run my report from within visual studio 2005 it generates just fine.
However, when I run the report from the reporting services local web site I get the following error. What do I need to do to fix this (temporarily turning off .net security uusing caspol didn't work).
An error occurred while executing OnInit: Request for the permission of type 'System.Security.Permissions.EnvironmentPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed
View 9 Replies
View Related
Jan 6, 2007
Hi,
I'm using WinXP SP 2, IIS 5.1, SQL Server 2005 Standard, and Visual Studio 2005 Professional.
When I create a virtual directory with IIS Virtual Directory Management for SQLXML 3.0, I get a Microsoft SQL isapi extension error when going to the default page.
If I delete the virtual directory, and then add it directly in the IIS snap-in, with executable permissions, all goes well.
My website is from the Wrox book, Beginning ASP.NET 2.0. An appendix in the book says to add the virtual directory with the SQLXML 3.0 tool, and not to use IIS. I'm very new to this, so I'm not sure if I'll lose functionality down the road or not, by using IIS.
Has anyone run into this before or have any ideas how to get sqlxml 3.0 virt. dir's to work?
View 1 Replies
View Related
Jan 21, 2008
Roles Table:
RoleID, RoleName
<RoleID1>, Allow_ClientFolder
<RoleID2>, Allow_ClientReportA
<RoleID3>, Allow_ClientReportB
<RoleID4>, Allow_CompanyFolder
<RoleID5>, Allow_CompanyReportA
<RoleID6>, Allow_CompanyReportB
UsersInRoles Table:
UserID, RoleID
<UserID1>, <RoleID1>
<UserID1>, <RoleID2>
<UserID2>, <RoleID4>
<UserID2>, <RoleID5>
<UserID2>, <RoleID6>
<UserID2>, <RoleID1>
<UserID2>, <RoleID3>
e.g.
when the <UserID1> clicks on the "home" link show only "Client" folder and when <UserID1> clicks on the "Client" folder only "ClientReportA" will show.
Here is the accessable map for each user:
<UserID1>
Client
ClientReportA
<UserID2>
Client
ClientReportB
Company
CompanyReportA
CompanyReportB
Question:
What is the best way to implement CheckAccess? At first I thought I can access the item names and I can test authorization through that, but AceCollection contains operation permission of the accessing object.
View 4 Replies
View Related
Nov 9, 2007
Greetings. I have developed our own custom security extension, implemented forms based authentication, and can authenticate from report manager, report server and sql studio. So far so good.
However, when it comes to Authorization, i'm unclear in a few areas and would appreciate if someone could help me out with the following questions. It should be noted that in the code I have granted an administrator user full access to all operations and permissions, and then tested against both an administrator user and a normal user.
IAuthorizationExtension.GetPermissions summary says
"Returns the set of permissions granted a specific user for an item in the report server database."
Inparticular, the secDesc parameter is supposed to contain the security descriptor associated with the item.
However, with our extension this parameter is always null, even if I have already granted access for a user, which is confirmed through logging in CreateSecurityDescriptor.
Through the report manager or sql studio I can see that the permissions have been created, so I can't understand why I never see them in the GetPermissions method? This then (seems to) flow through to the various CheckAccess methods, where the users are authenticated, but are not authorized to perform any operations. i.e. in report manager a user has no folders or reports available.
Is RS authorization designed around the concept that the details will always be stored in it's own database?
Ideally, we'd like to have the various roles, users and function authorizations defined in our own security framework. This is working great for the authentication aspect of the extension, but unless there is a mechanism which exposes the details of the particular authorization process (e.g. the name of the folder being viewed or report being run), then I can't see a way we can implement it. Unless i'm missing something fundamental of course!
Using Report Builder as the Administrator user (or any other user), I can see no data models available, even though I have created them via Report Manager, and I get the following exception trying to open up the list of reports:
System.Web.Services.Protocols.SoapException: The permissions granted to user '' are insufficient for performing this operation. ---> Microsoft.ReportingServices.Diagnostics.Utilities.AccessDeniedException: The permissions granted to user '' are insufficient for performing this operation. at Microsoft.ReportingServices.Library.ListChildrenAction.PerformActionNow() at Microsoft.ReportingServices.Library.RSSoapAction.Execute() at Microsoft.ReportingServices.WebServer.ReportingService2005.ListChildren(String Item, Boolean Recursive, CatalogItem[]& CatalogItems)
I have implemented a report server proxy (inherited from ReportService2005) as per the example, to pass through the authorization cookie. Any clues as to what could be wrong?
Finally, I suspect part of my problem may be in assignment of users to System Roles ("System Administrator" and "System User"), I'm not sure if these are meant only for Windows Authentication? I can see no way of assigning these roles to any of my users using Forms Authentication.
Thanks for any help or advice you can give!
View 25 Replies
View Related
Mar 10, 2006
Hi,
I am trying the get the custom security extension samples to work on my machine. I have installed everything according the sameple help file. However, i am getting a "Authentication Ticket is not issued by LogonUser." error after I attempted to log on to the report manager thru UILogon.aspx page. I already created an admin user. Upon a closer inspection, I realized that the authentication went thru okay, however, the authentication Ticket Name contained in the "RSAuthenticationHeader" has a duplicate value of "sqlauthticket, sqlauthticket". So apparently, the report server added this value twice to the response header. Has anyone seen this error before? How would you fix it? Also to bypass this error, I parsed out the header and take the correct auth ticket name, now report manager just redisplays the logon page and not letting me thru. Has anyone have seen that before? I am running in Win 2003 server, IIS 6, .NET 2.0 and SQL server 2005 enterprise version.
Thanks for the help,
Eric
View 1 Replies
View Related
Mar 21, 2007
I have written CDE to retrieve and process data before generating the report. It works very well inside VS.Net. However, when deployed to the report server I get the following error
An error has occurred during report processing. Cannot create a connection to data source 'CallsTaken'. Request for the permission of type 'System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.
I have added appropriate CAS entry in rssrvpolicy.config file as following
<CodeGroup
class="UnionCodeGroup"
version="1"
Name="CustomDataExtensionCodeGroup"
Description="Code group for the Custom Data Extension"
PermissionSetName="FullTrust">
<IMembershipCondition
class="UrlMembershipCondition"
version="1"
Url="C:Program FilesMicrosoft SQL ServerMSSQL.2Reporting ServicesReportServer�inCSS.CustomDataExtension.dll"/>
</CodeGroup>
I have added appropriate entry into rsreportserver.config for data extension as
<Extension Name="Dataset Extension" Type="CSS.RS.Extensibility.CustomDataExtension.DsConnectionWrapper, CSS.CustomDataExtension"/>
Even then I continue to get this error. Any help? Is there anything else I am missing? I am using VS .Net 2005, SRSS 2005 on W23 machine.
I have been stuck here for a while now. Help is appreciated.
Thanks
View 2 Replies
View Related
Aug 1, 2007
Hi All,
I have setup SSRS 2000 and gotten it to work but I am having trouble with SSRS 2005. I can't access to reportserver anywhere on the network. The only way to get to reportserver is termserv into the server and hit it with http://localhost/reportserver The server is Windows 2003 server Standard Ed. running SQL 2005 SP2 and Sharepoint Portal Server 2007. Can somebody please help? Thank you.
View 11 Replies
View Related
Sep 19, 2007
Hi,
I'm trying to deploy Reporting Services on an Internet-facing web server using a custom security extension (forms authentication). We will be putting Report Manager on the Web Server outside of the firewall, and Report Server on another machine inside the firewall. When testing the solution in a development environment with Report Manager and Report Server on the same box, the solution works fine.
When testing it using the Internet-facing environment described above, it almost works but there seems to be an issue with the authentication cookie that is generated. Here's what happens:
1. User enters credentials on UILogon.aspx and submits form.
2. In the code-behind, LogonUser() is called through a web service proxy and the authentication cookie is returned successfully. The code used here to set the cookie is the same code used in the Forms Authentication sample that ships with RS2005.
3. The user is redirected to Folder.aspx, and the request hangs for a while, and eventually kicks you back out to UILogon.aspx, as if it lost the authentication cookie. When doing a trace on the HTTP header, the cookie is still there.
Is there anything special I need to do to make the Report Server "see" the cookie when I have Report Manager and Report Server on different machines?
Any help would be much appreciated!
Mike
View 2 Replies
View Related
Mar 8, 2007
Hi,
I am creating a custom transformation component, and a custom user interface for that component.
In
my custom UI, I want to show the custom properties, and allow users to
edit these properties similar to how the advanced editor shows the
properties.
I know in my UI I need to create a "Property Grid".
In
the properties of this grid, I can select the object I want to display
data for, however, the only objects that appear are the objects that I
have already created within this UI, and not the actual component
object with the custom properties.
How do I go about getting the properties for my transformation component listed in this property grid?
I am writing in C#.
View 5 Replies
View Related
Apr 15, 2008
Hello,
Here is my problem:
I use SQL Server 2005. I have approx. 50 tables in my database and 30 of them have a filed named "CompanyID". Example:
create table A (ID int identity, NAME varchar(100), COMPANYID int)create table A (ID int identity, REF_ID int, FIELD1 varchar(100), FIELD2 varchar(100), COMPANYID int)
Also there are nearly 200 stored procedures that read data from these tables. Example:
create procedure ABCasbegin /* some checks and expressions here ... */ select ... from A inner join B on (A.ID = B.REF_ID) where ... /* ... */end;
All my queries in the Stored procedure does not filter the tables by CompanyID, so they process the entire data.
However, now we have a requirement to separate the data for each company. That means that we have to put a filter by CompanyID to each of those 20 tables in each query where the tables appear.
Firstly, I put the CompanyID in the context so now its value is accessible through the context_info() function. Thus I do not need now to pass it as a parameter to the stored procedures.
However, I don't know what is the easiest and fastest way to filter the tables. Example:
I modified the above mentioned procedure in the following way:
create procedure ABCasbegin /* some checks and expressions here ... */
-- gets the CompanyID from the context: DECLARE @CompanyID int; SELECT @CompanyID = CONVERT(float, CONVERT(varchar(128), context_info()))
select ... from A inner join B on (A.ID = B.REF_ID) where ...
and A.COMPANYID = @CompanyID and B.COMPANYID = @CompanyID /* ... */end;
Now I have the desired filter by CompanyID. However, modifying over 200 stored procedures is rather tedious work and I don't think that this is the best approach. Is there any functionality in SQL Server that can provide the possibility to put an automatic filter to the tables.
For example: when I wrote "SELECT * FROM A", the actual statements to be executed would be "SELECT * FROM A WHERE CompanyID = CONVERT(float, CONVERT(varchar(128), context_info()))".
I was looking for something like "INSTEAD OF SELECT" triggers but I didn't manage to find any answer.
I would very grateful is someone suggests a solution for something like "global table filter" (that will help me make an easy refactoring)?
Thanks in advance.
Best regards,
Beroetz
View 5 Replies
View Related
Jan 26, 2006
Howdy,
I have a table that has a group. In this group, I want to filter by 2 different expressions, concatenated with an OR. BUT I can't change the "And/Or" column value for the first entry because it is grayed out. The column will automatically change to an OR value if both my expression column fields are the same (which I don€™t want) but if I put any other value in to the expression field of the second row, the "And/Or" field of the first row automatically changes to an AND.
PLEASE! How do I get the And/Or field "ungrayed" so I can change it to what I want?
The 2 filters I and using check the UserID = to the user, and the other is checking a count to get the Top N 1. (So just showing the current user and the top producer)
View 14 Replies
View Related
Aug 14, 2007
Hi,
I've created a Custom Data Flow Component and added some Custom Properties.
I want the user to set the contents using an expression. I did some research and come up with the folowing:
Code Snippet
IDTSCustomProperty90 SourceTableProperty = ComponentMetaData.CustomPropertyCollection.New();
SourceTableProperty.ExpressionType = DTSCustomPropertyExpressionType.CPET_NOTIFY;
SourceTableProperty.Name = "SourceTable";
But it doesn't work, if I enter @[System:ackageName] in the field. It comes out "@[System:ackageName]" instead of the actual package name.
I'm also unable to find how I can tell the designer to show the Expression editor. I would like to see the elipses (...) next to my field.
Any help would be greatly appreciated!
Thank you
View 6 Replies
View Related
Apr 2, 2007
Hi,
I'm trying to enable Expression for a custom property in my custom data flow component.
Here is the code I wrote to declare the custom property:
public override void ProvideComponentProperties()
{
ComponentMetaData.RuntimeConnectionCollection.RemoveAll();
RemoveAllInputsOutputsAndCustomProperties();
IDTSCustomProperty90 prop = ComponentMetaData.CustomPropertyCollection.New();
prop.Name = "MyProperty";
prop.Description = "My property description";
prop.Value = string.Empty;
prop.ExpressionType = DTSCustomPropertyExpressionType.CPET_NOTIFY;
...
}
In design mode, I can assign an expression to my custom property, but it get evaluated in design mode and not in runtime
Here is my expression (a file name based on a date contained in a user variable):
"DB" + (DT_WSTR, 4)YEAR( @[User::varCurrentDate] ) + RIGHT( "0" + (DT_WSTR, 2)MONTH( @[User::varCurrentDate] ), 2 ) + "\" + (DT_WSTR, 4)YEAR( @[User::varCurrentDate] ) + RIGHT( "0" + (DT_WSTR, 2)MONTH( @[User::varCurrentDate] ), 2 ) + ".VER"
@[User::varCurrentDate] is a DateTime variable and is assign to 0 at design time
So the expression is evaluated as: "DB189912189912.VER".
My package contains 2 data flow.
At runtime,
The first one is responsible to set a valid date in @[User::varCurrentDate] variable. (the date is 2007-01-15)
The second one contains my custom data flow component with my custom property that was set to an expression at design time
When my component get executed, my custom property value is still "DB189912189912.VER" and I expected "DB200701200701.VER"
Any idea ?
View 5 Replies
View Related
May 25, 2006
I have some SP's I run once a month and each SP takes a few mins to run and when I batch em together in one shot, I hate sitting there waiting for them to finish
whats the easiest way to report back the status of the exec?
Ex:
Set NoCount ON
EXEC StatesUpdateZipTableUpdate 'AE'
EXEC StatesUpdateZipTableUpdate 'AK'
EXEC StatesUpdateZipTableUpdate 'AL'
EXEC StatesUpdateZipTableUpdate 'AP'
EXEC StatesUpdateZipTableUpdate 'AR'
EXEC StatesUpdateZipTableUpdate 'AZ'
How would I get it to report the results after each Exec?
In otherwords Id like to create a progress bar......
Just for Query Analyzer..... no bells and whistles
View 5 Replies
View Related
