Digest Authorization On HTTP Endpoint
Jan 16, 2007
I need to enable digest authorization on an HTTP endpoint, because the integration tools for some java code that needs to connect to it does not support NTLM or kerberos - only digest and basic. I setup a test endpoint in order to test only digest authorization (as opposed to the final endpoint which needs both digest and integrated), but I can't even get that to work - when I point my browser to it to see the wsdl it pops up with the login box, but the login always fails.
I have the feeling I'm missing some very minor piece that will just make the whole thing work. Below are some log entries as well as the script to create the test endpoint I'm hitting. Any ideas are very welcome, I've banged my head on this one for far too long.
SQL Server error logs shows a "Error: 26026, Severity: 14, State: 1" entry followed by a "HTTP authentication failed" entry.
Event Log Security entry on the server:
Logon Failure:
Reason: An error occurred during logon
User Name: MyUserName
Domain: mydomain
Logon Type: 3
Logon Process: WDIGEST
Authentication Package: WDigest
Workstation Name: -
Status code: 0xC000006D
Substatus code: 0xC00000FE
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: -
Source Port: -
Test endpoint script:
CREATE ENDPOINT [DigestTest]
STATE=STARTED
AS HTTP (PATH=N'/DigestTest', PORTS = (CLEAR), AUTHENTICATION = (DIGEST), SITE=N'SRV001',
CLEAR_PORT = 80, AUTH_REALM=N'mydomain', COMPRESSION=DISABLED)
FOR SOAP (
WEBMETHOD 'SimpleTest'( NAME=N'[TestDB].[dbo].[spSimpleTest]'
, SCHEMA=DEFAULT
, FORMAT=ALL_RESULTS),
BATCHES=DISABLED, WSDL=N'[master].[sys].[sp_http_generate_wsdl_defaultcomplexorsimple]',
SESSIONS=DISABLED, SESSION_TIMEOUT=60, DATABASE=N'TestDB', NAMESPACE=N'http://mydomain.com/',
SCHEMA=STANDARD, CHARACTER_SET=XML)
View 6 Replies
ADVERTISEMENT
Jan 31, 2007
I am just about ready to tear my hair out on this one, at this point you guys are my last resort! Wouldn't it be nice if I could go to bed and have an answer for me in the morning....
I've had a working HTTP endpoint using Basic Authentication over SSL for months in our development environment, but now I'm moving our application to a production server and I'd like to be able to use Digest Authentication in the clear instead so the processor doesn't waste cycles on the SSL decryption. I've spent hours fiddling with my endpoint to no avail.
This is the closest message relating to what I'm doing that I've been able to find: http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=1131251&SiteID=1
In my case, the SQL Server is joined to a domain that is entirely Windows Server 2003 - no Windows 2000, so support for Digest Authentication is a non-issue. I'm also explicitly doing a GRANT CONNECT on my endpoint to the domain user I'm using. Here is the top of my CREATE ENDPOINT DDL:
CREATE ENDPOINT [Kudos]
STATE=STARTED
AS HTTP (PATH=N'/Kudos',
PORTS = (CLEAR),
AUTHENTICATION = (DIGEST,NTLM),
SITE=N'echobase.kudosnow.com'
DEFAULT_LOGON_DOMAIN = N'kudosnow',
AUTH_REALM = N'kudosnow'',
CLEAR_PORT = 80,
COMPRESSION=DISABLED)
FOR SOAP (
I am debugging using wfetch 1.3... I can get this to work using NTLM Authentication; sending a GET to my endpoint with the ?wsdlsimple querystring parameter returns my WSDL just fine.
But Digest just doesn't want to work! If I remove NTLM from my AUTHENTICATION directive and try using Digest with wfetch or from my (PHP) web service consumer I get an HTTP 401 no matter what I do. I've tried fiddling with the DEFAULT_LOGON_DOMAIN, AUTH_REALM, and anything else I can think of.
The errors I am sporadically finding in the SQL Server error log are:
HTTP authentication failed. [CLIENT: 192.168.245.238] from source Logon
Followed by:
Error: 26026, Severity: 14, State: 1. from source Logon
I can't find any detail about the second error.
........
Just occurred to me that I've also been trying to view my WSDL directly in IE, and this is what's causing the SQL error to be logged, not wfetch - that's why it appeared sporadically.
So, wfetch isn't causing an 'HTTP authentication failed' error, but Internet Explorer is... maybe Digest Authentication isn't implemented correctly in wfetch?
Regardless... I'm still not able to authenticate from IE or from my client, but this may shed some more light on the issue.
Does anyone have any ideas?
View 4 Replies
View Related
Oct 23, 2007
I have the need to have a client application connect to a remote database server for retrieval of large datasets (~13000 rows at time) and am trying to leverage existing technologies to build my solution.
To test the difference in retrieval times I created 2 test apps - testA and testB. I created an HTTP endpoint in SQL Server (2005) that exposes one web method corresponding to a sproc that executes one select query and configured testA to execute query and bind the results to a data grid. I exposed my SQL Server so that I could connect directly to the SQL Server using a connection string and configured testB to execute the same SQL statement in an ad-hoc fashion, binding the results to a data grid.
On average, the HTTP endpoint would take ~ 34 seconds to return the 13,000 row data set whereas the direct connection returned that same result set in 4 seconds or less.
I have a bunch of questions:
* Why would I be seeing such a dramatic difference in the retrieval times?
* How is SQL Server communicating when there is a direct connection?
* What are the immediate disadvantages to connecting directly to the remote SQL Server?
* If I were to consider allowing my client application to communicate directly with the SQL Server, is there any way to secure the communication without VPN?
* In addition, is it even possible to create a SQL login that has all of these requirements?
** select and update only
** cannot view schema (cannot connect to the SQL Server using SQL Server Management Studio)
** cannot view any system tables
** cannot retrieve any information about the schema of the database whatsoever
I guess I'm wondering if there is a way to overcome the obvious serialization overhead that comes with the HTTP endpoint to get the speed of the direct connection while being secure at the same time. Is that being greedy? :P
Anyhow, what are your opinions? I'm very interested to hear experiences and/or advice.
Thanks,
Paul
View 1 Replies
View Related
May 31, 2007
Hi,
I'd like to know how can I setup the SSL so I can secure my HTTP Endpoint.
I saw in the documentation that some settings such as SSL_PORT and PORTS should be set to SSL port number and SSL but I did not find out anywhere where they explain how to enable SSL.
Do we enable SSL the same way we enable it or SQL Server 2005 or does that have to be done through the MMC - Certificates.
I don't have any IIS server running on this server, so I was wondering if IIS is a requirement to generate and import the certificate.
I appreciate your help and comments.
Bruce.
View 3 Replies
View Related
Jun 27, 2006
Hi All,
I met some problems when I walk through a example for Native Http SOAP in SQL Server 2005 for Developers. after I create the HTTP EndPoint in the Management Studio using following code:
USE AdventureWorks
GO
CREATE PROCEDURE EmployeePhoneList
AS
SELECT C.LastName, C.FirstName, C.Phone
FROM Person.Contact AS C
INNER JOIN HumanResources.Employee AS E
ON C.ContactID = E.ContactID
ORDER BY C.LastName, C.FirstName
GO
DROP ENDPOINT HRService;
GO
CREATE ENDPOINT HRService
STATE = STARTED
AS HTTP
(
PATH='/HumanResources',
AUTHENTICATION=(INTEGRATED),
PORTS=(CLEAR)
)
FOR SOAP
(
WEBMETHOD 'EmployeePhoneList'(name='AdventureWorks.dbo.EmployeePhoneList'),
DATABASE='AdventureWorks',
WSDL=DEFAULT
)
then I can see the web service is indeed created by using following cmnd,
SELECT *
FROM sys.endpoints
SELECT *
FROM sys.soap_endpoints;
SELECT *
FROM sys.endpoint_webmethods;
but when I want to use the web service in the VS2005, I can't find it and add the web reference. Any help will be greatly appreciated. and could you please tell me how to check web services in the local computer? Thanks.
Chris
View 8 Replies
View Related
Mar 19, 2006
Hello, I have problems consuming webservice, I was following this page.
http://codebetter.com/blogs/raymond.lewallen/archive/2005/06/23/65089.aspx
but in the intelisense the method returns an array of objects[], So I have a problem with this line.
localhost.GetEmployees sd = new localhost.GetEmployees();
sd.Credentials = System.Net.CredentialCache.DefaultCredentials;
DataSet ds = (DataSet)(sd.EmployeeList());------> IT CANT CONVERT.
GridView1.DataSource = ds.Tables[0];
GridView1.DataBind();
Error 1 Cannot convert type 'object[]' to 'System.Data.DataSet' c:inetpubwwwrootatlas1Default.aspx.cs 18 22 http://localhost/atlas1/
View 10 Replies
View Related
Feb 1, 2007
Dear all,
I appologise that incarnations of this topic have been posted several times on this forum, however I cannot find a scenario that is the same as my own so I've resorted to starting a new thread.
I can successfully create and connect remotely to an HTTP EndPoint on my Windows 2003 machine using Integrated security, the administrator username and password via my static IP address.
I have read that Windows XP SP2 supports HTTP EndPoints, and it would be much more convenient for me to be able to create EndPoints in XP, and connect remotely.
I have created the endpoint like so...
CREATE ENDPOINT sql_tvr10
STATE = STARTED
AS HTTP(
PATH = '/sql/tvr10', AUTHENTICATION = (INTEGRATED),
PORTS = (CLEAR))
FOR SOAP (
WEBMETHOD 'StoredProcedure1'
(name='master.dbo.StoredProcedure1'),
WSDL = DEFAULT,
BATCHES = ENABLED,
DATABASE = 'master',
NAMESPACE = 'http://194.106.11.11/' )
In visual studio I can retrive a list of services running at http://localhost/sql/tvr10?WSDL absolutely fine. However, in Visual Studio on the remote machine, I cannot connect to http://194.106.11.11/sql/tvr10?WSDL - it prompts me for a username and password, however I cannot select the username - it is set to "Athlon64Guest" (Athlon64 is my server computer name). I have no passwords on any of my windows accounts (except administrator), and I have no database passwords set.
Could someone please tell me how I should go about accessing the HTTP EndPoint?
Just so it is clear, I am running a small LAN with no domain, just a workgroup. I need the client application to be able to connect via http regardless of which network it is on. I am using VS2005 and SQL Server 2005 Dev Ed.
Many thanks in advance,
Simon
View 12 Replies
View Related
Jan 21, 2008
Hi
I am testing using Web Services from SQL Server 2005 and am having problems with IE Authentication when I try to retreive the WSDL.
The basic scenario is:
I create the Web Service and initially can view the WSDL using Http:ServernamePath?wsdl and also can consume the Web Service in a DotNet app. However after a period of 2 hours or more the the WSDl starts asking for authentication but I cannot determine what authentication or rights are required
In an earlier post http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=1175161&SiteID=1 Jimmy Wu mentions
"IE prompted me for my user credentials and after entering the information I was able to retrieve the WSDL doc".
What are the user credentials required and how do you set permissions to avoid these. This forum post is the only place I have seen where any mention is made of some additional credentials being needed.
Regards
nadreck
View 2 Replies
View Related
May 23, 2005
I am having trouble getting access to HTTP Endpoints working correctly.
View 1 Replies
View Related
Apr 24, 2008
Hello,
I created a HTTP-Endpoint on SQL Server 2005. Now I try to call this web service from a c# client but using SQL-Server authentication (i.e. my user is a sql server user but not a windows user). But it doesn't work.
I can connect to the service using a windows user and NTLM authentication. But for some reasons Iwould much prefer if I could use SQL-Server authentication. Is it possible?
Here is how I created the endpoint:
Code Snippet
CREATE ENDPOINT myService
STATE = STARTED
AS HTTP(
PATH = '/services',
AUTHENTICATION = (INTEGRATED ),
PORTS = ( SSL ),
SITE = '*'
)
FOR SOAP (
WEBMETHOD 'GetStuff'
(name='MyDB.dbo.FKT_getStuff',
SCHEMA=STANDARD ),
WSDL = DEFAULT,
LOGIN_TYPE = MIXED,
SCHEMA = STANDARD,
DATABASE = 'MyDB',
NAMESPACE = 'Services'
);
GO
Thanks!
Jerma
View 5 Replies
View Related
Jul 19, 2007
Hi,
I've created the following endpoint on a local database as follows,
CREATE ENDPOINT Wrox_EndPoint
STATE = STARTED
AS HTTP
(
SITE = 'localhost',
PATH = '/Wrox',
AUTHENTICATION = (INTEGRATED),
PORTS = ( CLEAR ),
CLEAR_PORT = 81
)
FOR SOAP
(
WebMethod 'GetProductCountByProductModelID'
(
NAME = 'adventureworks.dbo.ProductByProductModelID',
SCHEMA = STANDARD
),
WebMethod 'GetProductModels'
(
NAME = 'adventureworks.dbo.GetProductModels',
SCHEMA = STANDARD
),
WSDL = DEFAULT,
BATCHES = ENABLED,
DATABASE = 'AdventureWorks'
)
When I try to add a web reference in visualstudio to http://localhost/wrox?WSDL I get a 404 error.
I checked the web service is created in sys.http_endpoints
I've also run the following to grant permissions
USE MASTER
GO
GRANT CONNECT ON ENDPOINT::Wrox_EndPoint TO [myDomainpaulm]
GO
Any ideas where I'm going wrong?
Many thanks Paul
View 3 Replies
View Related
Feb 12, 2007
I created a HelloWorld like example using InforPath 2007 and endpoint with SQL Server 2005. Very simple example.
I created a stored procedure that took in one parameter, a datetime field. This parameter is then inserted into a db table that has two columns, an id column and a datetime column.
I took the store procedure just discribed to create an endpoint. Cool. The WSDL is showing, I'm feeling good.
I go to InfoPath and make it so that submit a datetime to the webmethod associated with the endpoint. The data table shows one more row has been added and it is the datetime I sent from InfoPath. YEA!! I go to the Event View and see that I have an error message. The message is HTTP authenticaiton failed. [CLIENT: 10.8.2.26]. Bummer!!
This does not make sense to me. I am able to update the targeted database table but I get an exception. I do not like exceptions nor warnings without an explanation. Does anyone have an idea why this is happening?
The endpoint code looks like: <code snippet>
CREATE ENDPOINT [GeraldTesting_endpoint]
AUTHORIZATION
STATE=STARTED
AS HTTP (PATH=N'/testEndPoint',
PORTS = (CLEAR),
AUTHENTICATION = (INTEGRATED),
SITE=N'*',
CLEAR_PORT = 8080,
COMPRESSION=DISABLED)
FOR SOAP (
WEBMETHOD 'testEndPoint'
( NAME=N'[geraldstest].[dbo].[Gerald_Test_Proc]'
, SCHEMA=STANDARD,
FORMAT=ALL_RESULTS),
BATCHES=ENABLED, WSDL=N'[master].[sys].[sp_http_generate_wsdl_defaultcomplexorsimple]',
SESSIONS=DISABLED, SESSION_TIMEOUT=60,
DATABASE=N'geraldstest', NAMESPACE=N'http://tempuri.org', SCHEMA=STANDARD, CHARACTER_SET=XML)
</code snippet>
I had to give up for the project I am currently working because of time constraints. But in the future, for out-of-the-box functionality for proof-of-concept/prototyping, I would like to use endpoints.
View 3 Replies
View Related
Jul 31, 2007
I looked online and couldn't find anything to help me make this change. I want to change the default URL for reporting services to another url. Is this possible? Any assistance would be greatly appreciated.
View 3 Replies
View Related
Aug 1, 2007
Hi All,
I have setup SSRS 2000 and gotten it to work but I am having trouble with SSRS 2005. I can't access to reportserver anywhere on the network. The only way to get to reportserver is termserv into the server and hit it with http://localhost/reportserver The server is Windows 2003 server Standard Ed. running SQL 2005 SP2 and Sharepoint Portal Server 2007. Can somebody please help? Thank you.
View 11 Replies
View Related
May 18, 2007
i know the basics about how to manipulate SQL server database, i mean the code itself, but there are few other things which i don't understand.
first, databases which i have created by my own, i can use only when
i have the website itself open (i get an icon at the taskbar)
but database such as 'master' which came with the sqlserver, i can acess always even without running the page with visual studio first. i have no idea why.
also, when i try to connect my website using my ip, i can only do it with
the master database.. those i created by my own i can only connect when i enter the URL page as localhost.
I don't understand what's USER INSTANCE for and how do i really set
a database username and password
can someone exaplin a little? thanks, because i am very confused .
View 3 Replies
View Related
May 2, 2006
Hi:
I'm trying to connect to a data base of "sql server 2005 enterprise" named BCR.The server name is "server1"I'm using Windows Authentication to connect to serverThe operating system is Windows Server 2003 Enterprise Edition Service Pack 1
When I run the aspx I get this error at line 21
System.Data.OleDb.OleDbException: Invalid authorization specification Invalid connection string attribute at System.Data.OleDb.OleDbConnection.ProcessResults(Int32 hr) at System.Data.OleDb.OleDbConnection.InitializeProvider() at System.Data.OleDb.OleDbConnection.Open() at ASP.pruebaLeeSqlServer_aspx.__Render__control1(HtmlTextWriter __output, Control parameterContainer) in Z:DigitalpruebaLeeSqlServer.aspx:line 21
This is my code:
Dim str2 As String = "Provider=SQLNCLI; Server = server1; Database = BCR"Dim cnn2 As OleDbConnection = New OleDbConnection(str2)Dim cmd2 As New OleDbCommand()Dim drd2 As OleDbDataReaderTry cnn2.Open() cmd2.Connection = cnn2''''''''''''''''''''''''''''''''''''''''''''''''''''line 21 cmd2.CommandText ="SELECT LastName FROM Employees" drd2 = cmd2.ExecuteReader Do While drd2.Read %> <%=drd2.GetString(0)%><br> <% Loop drd2.Close()Catch exc1 As Exception %> <%=exc1.ToString()%> <%Finally cnn2.Close() End Try
What could be wrong?Do I need enable permission for asp.net in sql server?how I can do it?
Thanks!!
View 2 Replies
View Related
Jun 9, 2004
Hello,
I have a web application (ISAPI) that accesses a SQL Server 2000 (sp3) database in the same machine as the Web Server (IIS 6). Windows 2003 Standard Edition is the operating System. So, when users access the aplication through the web it runs ok until display the error message "Invalid authorization specification" or, sometimes, another message about failure to inform ODBC DSN, although I dont use ODBC.
When the error occurs, the user press F5 in the browser and the operation goes ok. It's an intermitent and curious error.
Can somebody help me?
Thanks in advance.
Adão.
View 1 Replies
View Related
Sep 16, 2015
I am trying to develope a authorization matrix for cpmpany of 75 employees, with different roles and permissions for roles to some applications like CRM , diiffrent folders,databases etc. I tried to find some informaton about this auhtorizaion matrix.
View 0 Replies
View Related
Jun 16, 2008
I need to write a sp (for my web app) that checks user authorization. Here is the scenario:
User Authorization Table (AuthTable)
UserIDFrom Cost CenterTo Cost Center
(UserId)(FromCC)(ToCC)
User130003600
User148005120
User152005250
User230003400
User237603840
Production Table (ProdTable) data:
Job NumberCost CenterQuantity
(JobId)(JobCC)JobQty
51002860250
51003120525
51004801262
52003001155
52005251276
I need to check the user security for each record that I read from the ProdTable against all entries in the AuthTable for the current user.
When I read the ProdTable and User ID = User1 then selected records should be:
5100/3120, 5100/4801, 5200/3001,
When I read the ProdTable and UserID = User2, then the selected records should be:
5200/3120
I’m not sure how to construct my sql statement. Can somebody give me a hand? Thank you.
View 1 Replies
View Related
May 2, 2006
Hi:
I'm trying to connect to a data base of "sql server 2005 enterprise" named BCR.
The server name is "server1"
I'm using Windows Authentication to connect to server
The operating system is Windows Server 2003 Enterprise Edition Service Pack 1
When I run the aspx I get this error at line 21
---------------------------------------------------------------
System.Data.OleDb.OleDbException: Invalid authorization specification Invalid connection string attribute at System.Data.OleDb.OleDbConnection.ProcessResults(Int32 hr) at System.Data.OleDb.OleDbConnection.InitializeProvider() at System.Data.OleDb.OleDbConnection.Open() at ASP.pruebaLeeSqlServer_aspx.__Render__control1(HtmlTextWriter __output, Control parameterContainer) in Z:DigitalpruebaLeeSqlServer.aspx:line 21
---------------------------------------------------------------
This is my code:
------------------------------------------------------------------
Dim str2 As String = "Provider=SQLNCLI; Server = server1; Database = BCR"
Dim cnn2 As OleDbConnection = New OleDbConnection(str2)
Dim cmd2 As New OleDbCommand()
Dim drd2 As OleDbDataReader
Try
cnn2.Open()
cmd2.Connection = cnn2''''''''''''''''''''''''''''''''''''''''''''''''''''line 21
cmd2.CommandText ="SELECT LastName FROM Employees"
drd2 = cmd2.ExecuteReader
Do While drd2.Read
%>
<%=drd2.GetString(0)%><br>
<%
Loop
drd2.Close()
Catch exc1 As Exception
%>
<%=exc1.ToString()%>
<%
Finally
cnn2.Close()
End Try
------------------------------------------------------------------
What could be wrong?
Do I need enable permission for asp.net in sql server?
how I can do it?
Thanks!!
View 2 Replies
View Related
Jul 23, 2005
i want to implement authorization with windows authentication and don'thave the slightest clue of how to do this implementation. the basicwindows authentication for this .NET application is already setup. myproblem lies within my inability to manipulate the username captured inthe authentication process and my knowledge of how IIS is involved.specifically, i have the following questions:1) what object(s) can be used so that the user's username can bemanipulated for the authorization process?2) in order to apply roles, do the users need to be placed in groups inIIS? if so, how does this work?3) is all the code that the application uses for roles in web.config?or does global.asax play a role in this matter?4) does the web.config file know to communicate with IIS because theauthorization type is set to windows?5) once authorization is in place, can a section of an .aspx file bevisible to a group or can only entire files be secured for a group?as you can see, i'm trying to figure out the relationship betweenauthorization and windows authentication so any help would beappreciated.thanks,johne: Join Bytes!
View 1 Replies
View Related
Apr 23, 2007
Hi,
We are testing our product on Windows Vista with SQL Server 2005 SP2 and are encountering an "invalid authorization specification". We make the connection through a Windows service using a standard ADO connection. I have tried changing the provider in the connection string to SQLNCLI without any success. The application is written in Delphi 5 and has worked on previous versions of Windows running SQL Server 2005.
Thanks.
Steven
View 5 Replies
View Related
Sep 28, 2007
I know I'm missing something obvious and most likely just need some sleep to figure it out,but I'm trying to finish a block of auditing code off to hit a deadline. I can't figure out why I get an error when I try to do the following:
CREATE USER audituser WITHOUT LOGIN
GO
CREATE SCHEMA audit AUTHORIZATION audituser
GO
EXECUTE AS USER = 'audituser'
GO
--Create new, flexible audit structure
CREATE TABLE audit.AuditTable
(AuditID int identity(1,1),
TableName sysname NOT NULL,
AuditAction char(2) NOT NULL,
RowData xml NOT NULL,
AuditDate datetime NOT NULL CONSTRAINT df_table1_audit_editdate DEFAULT (getdate()),
AuditUser varchar(30) NOT NULL CONSTRAINT df_table1_audit_edituser DEFAULT (suser_sname()),
CONSTRAINT pk_table1_audit PRIMARY KEY CLUSTERED (AuditID))
GO
The user and schema are created properly. audituser is the owner of the schema and therefore should have the authority to do anything at all within the schema. However, the create table statement is failing and saying CREATE TABLE permission denied. Why?
View 1 Replies
View Related
Aug 1, 2007
Hi Guys
Hoping that someone out there is able to give me some help on this one
I am trying to install SQL Server 2005 developer Edition on to a new laptop that is running Windows vista home premium edition
However after running the install and then trying to run the Service Pack 2 it producing an error saying that the windows authorisation is not valid and not using named pipes protocol. After some searching and googling I have checked all the option that I can see like that my login to the windows environment is the administrator which its is but from there I still am unable to log
Any Ideas people, or is this a known problem that I am just not seen
View 10 Replies
View Related
Jan 8, 2007
Hello,I have an SQL Server 2005 database that I'm trying to create using script.Everything works fine, but when I click on "Database Diagrams" I get anerror message that there is no database owner, and of course when I show theDatabase Properties, the database was created without one. Is there any wayto ALTER AUTHORIZATION to a default owner or system administrator, somethingvalid?Any direction would be appreciated.Thanks!Rick
View 1 Replies
View Related
Nov 28, 2007
I am in the planning phase of building a Form Authenication Report Server project. The database contains the Role information for each report and for each user. The objective is to authenicate and authorize user so that only the authorized reports are available for the current user to view.
Base on my research these are my plans.
1. Deploy Reports onto the Report Server
2. Put Reports in folders to group different types of report (I am not sure is it possible to only the display authorized reports for the current user)
3. Design the custom Security extension to authenicate and authorize using the database
1. Is it possible to only display authorized reports for the current user to view by doing custom security extension?
View 5 Replies
View Related
Dec 4, 2006
For custom authorization, I am overwriting the CheckAccess method.
But how do I know what I am trying to access in CheckAccess method? I need to know what report the check access method is trying to execute for our requirements.
How do I get that?
View 1 Replies
View Related
May 15, 2007
Hi,
I have an MS Access front end that links to an sql server 2005 database. The access front end uses NT Integrated security which should authenticate and authorize users.
Unfortunately it is not working this way. I have domain users (Active Directory) which I have given permissions to on my database and have given them, say db reader or db writer previliges.
Not only do these previliges NOT work, any user that is on the network can access the database and can read/write onto it as long as he has the MS Access front end.
I'm pulling my hair (and I dont have much left) trying to figure out what I am missing.. or if I even have the whole NT integration logic right.
One point worth mentioning is that if I change the connection type to 'SQL password authentication', the MS access front end prompts for a username and password and user permissions are set just they way i have set them in sql server 2005. But the only problem with this is that any person can just go and change the connection property in the MS Access front end back to NT integration and he/she can access the database with no restrictions whatsoever.
Where am I going wrong. HELP!
View 5 Replies
View Related
Oct 3, 2007
I need to implement custom security in reporting services. I have followed the standard example here:
http://technet.microsoft.com/en-us/library/ms160724.aspx
I got authentication to work without too many problems, and it authenticates by querying my custom table. I want to also maintain my authorizations in the same manner. I want to be able to define in my own tables that user test1 has permission to view reports 1, 3, 5, and 8. User test2 can view reports 1,3,5,8, and 9. User test3 can view 1, 2, and 4. Etc.
The authorization extension, contained in my version of Authorization.cs is where I expected to be able to do this. I wanted to be able to write code that queries my own tables and says, "does this user have permission to view this item?" Getting the this user portion is easy as is obvious in the many checkAccess methods. But being able to tell what item I am currently dealing with has proved impossible from the context of Authorization.cs, which implements IAuthorizationExtension. Knowing what type of item I am dealing with is obvious, but I need to know something that uniquely identifies the exact item I am dealing with.
How can I determine in checkAccess or any of the other available methods what "thing" they are looking at? What can I examine to determine that for instance this particular authorization request is against "Report 1"? It seems that if I was allowed to completely override Authentication to use my tables, I should be able to override Authorization to do the same. Is this possible or am I missing something?
Can anyone help? Thanks.
View 2 Replies
View Related
Mar 20, 2007
Does anyone have a good starter's tutorial on authorization advice & configuration for SQL Server 2005?I need to know what is adviced what web users can specifically do and dont in my db, and how to configure that...Thanks!
View 1 Replies
View Related
Mar 9, 2006
a customer is getting on mS SQL 2000ERROR ODBC 28000 Invalid authorization specificationI dont understand because all the rigth are OKASP NET USER, IISS user and so on !i am trying to connect the to SQL from ASPX pages (it works for me and a few customers but not that one)what can be the problem ?thank you
View 6 Replies
View Related
Jul 23, 2005
Hi,I have just reinstalled Reporting Services on win 2003 server that wasadded to a domain and has been renamed. Two strange things happen:1) In IE I am prompted for an ID and password with a basic securityprompt.2) After supplying the credentials I get some of the report manager webpage but it has a 401 error instead of the folder and options to manageprojects.The page looks like this:ErrorThe request failed with HTTP status 401: Unauthorized.HomeThe reporting services error log contains the following error:Unknown!ui!ed8!2/9/2005-20:44:32:: v VERBOSE: Usermap'<Users><User><Name>DOMAINAdministrator</Name><Paths><Path>/reports/Home.aspx</Path><NrReq>1</NrReq></Paths></User></Users>'Unknown!ui!a24!2/9/2005-20:44:33:: v VERBOSE: Usermap'<Users><User><Name>DOMAINAdministrator</Name><Paths><Path>/reports/Pages/Folder.aspx</Path><NrReq>1</NrReq></Paths></User></Users>'Unknown!ui!a24!2/9/2005-20:44:34:: e ERROR: The request failed withHTTP status 401: Unauthorized.Unknown!ui!a24!2/9/2005-20:44:35:: e ERROR: HTTP status code --> 500I have not changed any of the config files that are installed.Thanks for any help in advance,Eric
View 1 Replies
View Related
Nov 13, 2006
Hi
I've been trying to connect to my local SQL Server instance (SQL Server 2005) using the SQLNCLI interface from c++ without success. I consistently receive an 'Invalid authorization specification' error (SQL state 28000 and SQL error number 0) when I call IDBInitialize::Initialize to connect to the database. I was hoping someone here could shed some light on this and help me out.
The strange thing is that I get no error if I leave the user blank (L"" in vValue.bstrVal) and try to connect. Also, IDBProperties::SetProperties returns 0 when the user is blank but 40eda when the user is set. This seems to be a message from the pipeline facility but I haven't found the description of the code (0xeda).
The user in the database is configured with no password and I can successfully connect to the server and open the database using that user through Management Studio.
I've also tried using the SQLOLEDB provider with the same results.
Suspecting that I'm setting the properties wrong I include a code snippet below showing how I'm setting the properties:
for (int i = 0; i < sizeof(dbprop) / sizeof(dbprop[0]); i++)
VariantInit(&dbprop[ i ].vValue);
// Server name
dbprop[0].dwPropertyID = DBPROP_INIT_DATASOURCE;
dbprop[0].vValue.vt = VT_BSTR;
dbprop[0].vValue.bstrVal = SysAllocString(L"localhost");
dbprop[0].dwOptions = DBPROPOPTIONS_REQUIRED;
dbprop[0].colid = DB_NULLID;
// Database
dbprop[1].dwPropertyID = DBPROP_INIT_CATALOG;
dbprop[1].vValue.vt = VT_BSTR;
dbprop[1].vValue.bstrVal = SysAllocString(L"test");
dbprop[1].dwOptions = DBPROPOPTIONS_REQUIRED;
dbprop[1].colid = DB_NULLID;
// Username
dbprop[2].dwPropertyID = DBPROP_AUTH_INTEGRATED;
dbprop[2].vValue.vt = VT_BSTR;
dbprop[2].vValue.bstrVal = SysAllocString(L"jph");
dbprop[2].dwOptions = DBPROPOPTIONS_REQUIRED;
dbprop[2].colid = DB_NULLID;
Cheers,
JP
View 1 Replies
View Related
