Passing SAML Token From Security Token Service To Reporting Service
Mar 28, 2007
Hi,
I am using SQL Server 2005 Reporting Services. I want to make it secure. I am also using WCF services and made them secure using Claim based System.Identity Model.
I want to apply same claim based model to Reporting Services.
Hello all Trying to delete some data from a SSCE (2005) DB produces the exception: SqlCeException There was an error parsing the query. [ Token line number = 1,Token line offset = 43,Token in error = C] Here is the code I am using
I'm trying to insert some values into an SQL Compact database on a WM6 device but there is something apparently wrong with my SQL statement...
The program is going to allow users to schedule an SMS message to be sent at a certain date and time. I'm using a database to keep track of the scheduled SMS messages. The database has 3 rows: phone number, message, and the date/time to be sent.
I'm guessing it doesn't like how I am trying to get the data from the different text boxes and the DateTimePicker to go inside the SQL command. Does anyone have any ideas on how to fix my SQL command or how to get data from a textbox and DateTimePicker to be inserted into a database a different way?
We have a new Win 2008 Enterprise x64 server running SQL 2008When we try to connect to the server using Windows Authentication, from a user account which is a domain administrator, we get the following message:"Token-based server access validation failed with an infrastructure error"What needs to be configured here for this to work ?
I am new to reporting services and wanted to see if anyone had any experience trying to do this...that "this" is passing a parameter to a report, but having the user fill in some others. I can pass all of my parameters to the report or let the user fill all of them in, but it doesn't seem to let me fill in one and have the users fill in the others.
I am currently hardening our SQL 2012 (with AlwaysOn Availability Groups) environment. Both the SQL service and agent account are using service accounts (only domain user). SQL browser service is disabled. Permissions to all roles are handled by using domain groups.
Currently a lot of (default) NT Service accounts are listed (some with sysadmin privileges). Are there accounts that can be removed?
I am building a webapp that calls an SSRS instance to display a report based on another servers web service.I can make a call from the ssrs server using this in the RDL:
This works no problem. but.. I want to have the user parameter "Craig" be a parameter passed in from the web app. If it were a regular SQL data source you would put @user in the query. How do you do it with XML text queries?
i have a list report some values of this are blank or null i want to avoid that spacing if it is null like name:jjj lastname kkk firstname address uuuu
i want it should be name jjj lastname kkk address uuuu
I am trying the get the custom security extension samples to work on my machine. I have installed everything according the sameple help file. However, i am getting a "Authentication Ticket is not issued by LogonUser." error after I attempted to log on to the report manager thru UILogon.aspx page. I already created an admin user. Upon a closer inspection, I realized that the authentication went thru okay, however, the authentication Ticket Name contained in the "RSAuthenticationHeader" has a duplicate value of "sqlauthticket, sqlauthticket". So apparently, the report server added this value twice to the response header. Has anyone seen this error before? How would you fix it? Also to bypass this error, I parsed out the header and take the correct auth ticket name, now report manager just redisplays the logon page and not letting me thru. Has anyone have seen that before? I am running in Win 2003 server, IIS 6, .NET 2.0 and SQL server 2005 enterprise version.
I have a client using SQL 2k, SP2 (due application requirements, SP3 is notan option - the application vendor will not specify why). We are receiving:[Microsoft][ODBC SQL Server Driver]Unknown token received from SQL ServerConnection BrokenThere doesn't appear to be any rhyme or reason as to why this is happening.And...it shows it's ugly head at random places during execution. Has anyoneexperienced this also, or have any ideas on what to look for? I have seennumerous suggestions stating to upgrade from MDAC 2.6 to 2.7. At thispoint, I'm not sure if thats an option based on the vendors application(which by the way they no longer support!).Any ideas will be greatly appreciated.Greg
Now I have a string: "ab,cd,ef,", and I would like to use SQL to token this string to a string array like "ab" "cd" "ef". Then I want to do a loop to insert these values into a table like:
for( int i = 0; i<aStringArray.length i++) {
insert into aTable(aField) values(aStringArray); }
Here is the skinny. You can use this in a script from what I have done so far. If someone gives it a try in a stored procedure let me know. From what I have seen you can pass the token as uniqueidentifier. The problem is when you try to use it in a query you need to use Convert(char255, JOBID).
I searched all over the place and nowhere did I find something like the above. It seems simple but you can do a select in a table like sysjobhistory without converting the jobid first. Let me know if this helps anyone.
I have been struggling with this error for a while now. Not much when I put it in the search engines. I get the error as follows when I execute this CLR stored procedure:
Msg 10312, Level 16, State 49, Procedure SpPICK00, Line 0
.NET Framework execution was aborted. The UDP/UDF/UDT did not revert thread token.
The code for the stored procedure is as follows. If anybody could offer any advice on what this error means I would appreciate it. I know through debugging that it's erroring out on the ImpContext = ClientID.Impersonate() line.
Dim DbCon As New SqlConnection("context connection=true")
Dim DbSql As New SqlCommand("SELECT TOP 1 * FROM TblTransactions", DbCon)
Dim TransactionID As Int64
DbSql.Connection.Open()
Dim DbRs As SqlDataReader
DbRs = DbSql.ExecuteReader
While DbRs.Read
TransactionID = DbRs("TransactionID")
End While
DbRs.Close()
Dim MenuID As Int16
Dim MONumber As String
Dim LineNumber As String
Dim PTUse As String
Dim SEQN As String
Dim WorkCentre As String
Dim Stock As String
Dim Bin As String
Dim Qty As Double
DbSql = New SqlCommand("SELECT * FROM VwPickList WHERE TransactionID = @TransactionID", DbCon)
We have a test and production environment. After transfering some tables from test to prod and all stored procedures using those tables. We get an error when executing those stored procedures: " DB-library: Possible network error: Bad token from SQL Server: Datastream processing out of sync. Net-library error 0: DB-libray Process Dead - Connection Broken. " When we execute the stored procedure with 1 parameter less we get a parameter missing error. Then we execute the stored procedure again and everything is allright? Has anyone experienced this before? If so, please help. SQlServer 6.50.201
I am using SQL 2005 and I'm trying to find a T-SQL command that will allow me to retrieve a sub string based on the token. For instance, if I had a string like this:
abc^defgh^ij^klmnop^qrs
Let assume the token is the ^ and I want to get the string at the third token klmnop.
is there a simple one line command that I can use to retrieve this data?
Hallo All,I'm making in my DB some logs.I have a separate table containing:ID,Date,Source,Type,ErrorNo,DescriptionAcctualy the table struct is not immportand that's why I do not postthe script.I have one procedure, which I call in my other function procedures,triggers etc. with parameters.This procedure (WriteToLog) is called, if in other procedures, triggersis any validation, exception or only information which I would like tolog me separately, and it writes the record into this table.But sometimes, it is very hard, to follow much logs, and I figured out,if I could have something like transaction ID, task ID, it will be mucheasier.Firs idea was to, by going from procedures to other procedures, pass aself generated token (ie. date with any additional number). But then, Ineed to change everywhere where I call WriteToLog procedure the callsyntax.Let's say that we have following situation:Procedure1:Action1Select1CompareOfValues1exec WriteToLogAction2CompareOfValues2exec WriteToLogAction3exec Procedure2Procedure2:Action1exec WriteToLogSelect1Insert1Trigger1Started:Action1CompareOfValues1exec WriteToLogAction2Trigger1Exit:Procedure2Exit:Procedure1Exit:Now ... I could pass this my generated number, from SP to SP and so on.But I would like to now, does the MS SQL server has something whatidentifies transaction like descripted below.In this case, I do not need to pass any number, only I need to get thisnumber anyhow in SP WriteToLog, and insert it into my log table.Any sugestions?Thank's in advance.Mateusz
We are using the whole BI-package from Microsoft - from SQL, DTS-package,Raporting Service and Analyze Service.
It should be very helpful to be able to create a metadata databases where you could find all releations between different objects (tables,views,reports,cubes,DTS-package,Databases.
Just to get answer for: 'where is view xxx used', 'what are Report xxx depending upon'.
While everything exists in different SQL databases it should possible to do.
I have multiple sites trying to communicate with a SQL Server 2012 Express database at another remote site. At one site I am unable to connect to the remote server. If I try to use my program I get this message:
System.Data.SqlClient.SqlException (0x80131904): A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 - The token supplied to the function is invalid)
If I try to connect using SSMS I get the same error.I have been unable to find any reference to this message on the internet.
Subject says it all, really. I want to start using Token Replacement,but do I break anything by enabling it? Do jobs that don't use tokensrequire any changes? I saw somewhere that it can't be turned off, soI'm paranoid about enabling it. Anything that I should be aware of?Many thanks.
We are using SQL Server 2005 64 bit standard edition on both ends (subscriber distributor and publisher ) publisher is its own distributor. Now i want to investigate the replication performance and delayed in replication for this purpose i found that tracer tokens can be settedup but when i open replication monitor but unable to see tracer token tab.
Plz let me know something.why i am unable to see this tab, is there some problem of rights ? , permission, or installtion.
We have a sql server 2005 sp2 on w2k3 standard server. The servers started crashing every 4/5 days and have done this twice so far. checking the event viewer there are always events(2020) happening before the crash.
I have done some memory leak monitoring using performance monitor/poolmon/process explorer. and here is my findings:
sqlservr and lsass handles count keeps increasing linearly with time, i restarted the sql service yesterday and the count originally was at 900, this morning the count is at 29,000 for lsass and 28,000 for sqlservr.
using process explorer i can see that the majority of these handles are security context tokens.
we have a monitoring agent running on that server(altiris agent) which continousely logon/logoff to SQL to do some metric checks. so basically the access tokens created as a result of that never get released during the logoff.
also i noticed in poolmon that TOKE has the highest Bytes consumption of paged memory(50MBs) the token sizes are small (<1kb). so that kind correlates with the handles count problem mentioned above, since token are stored in kerenl paged memory.
Any ideas on how to troobleshoot this further is appreciated. right now i can only think of settings up a restart scheduel on sqlserver to aleviate the problem. but i need a long term solution which i am trying to work out.
I am trying to get details out of targetinstance from a WMI alert, using Token Replacement in the job step.
The alert fires properly.
The WQL query for the alert is:
select * from __InstanceModificationEvent within 300 where targetinstance ISA 'Win32_LogicalDisk' and TargetInstance.DriveType = 3 and TargetInstance.Freespace < 44832876928
However, I can't get the WMI info out from the alert - everything I've read says it's within TargetInstance, but I don't see how to use the WMI call for it. I'm specifically looking for DeviceID In the job step, I've tried multiple variations. Only the __CLASS has worked, and that's because it's not within TargetInstance.
set @mybody = '$(ESCAPE_SQUOTE(WMI(DeviceID)))' set @mybody = '$(ESCAPE_SQUOTE(WMI(TargetInstanceDeviceID)))' set @mybody = '$(ESCAPE_SQUOTE(WMI(__CLASS)))' set @mybody = '$(ESCAPE_SQUOTE(WMI(TargetInstance.DeviceID)))'
I'm a little bit lost on this one. I use a SQL 2000 datbase and have been running a stored procedure for several years that hits a DB2 database. The DB2 server is linked. I need to make a small modification to the procedure that will pull in an additional date value to a temp table. What I thought would be very simple has me lost. The procedure is as follows and I've highlighted the area I added.
set @from_sql = '' + 'FROM ' + 'MCDB.WCCASE_CW AS a ' + 'INNER JOIN MCDB.WCCONTT AS b ON ' + '(a.TWCCS_CASE_NBR = b.TWCON_CASE_NBR) ' + 'INNER JOIN MCDB.CONTYPT AS c ON ' + '(b.TWCON_CON_ID_PERS = c.TCTYP_CON_ID) ' + 'INNER JOIN MCDB.POLLOC_CW AS d ON ' + '(a.TWCCS_POLICY_NBR = d.TPLOC_POLICY_NBR) ' + 'INNER JOIN MCDB.POLICY_CW AS e ON ' + '(d.TPLOC_POLICY_NBR = e.TPOLI_POLICY_NBR) ' + 'Left Outer JOIN PRODSYS.CWPV001_PROV_MASTER as f ON ' + '(a.TWCCS_POR_NO = f.PROV_NO)'
/* SELECT * FROM #tCaseContact */ if (exists (SELECT CLAIM_NBR FROM #tCaseContact WHERE CON_TYPE = 'MCN' AND PRIMARY_IND = '1')) set @pri_con_type = cast('MCN' as char(4)) if (exists (SELECT CLAIM_NBR FROM #tCaseContact WHERE CON_TYPE = 'MCS' AND PRIMARY_IND = '2')) set @pri_con_type = cast('MCS' as char(4)) if (exists (SELECT CLAIM_NBR FROM #tCaseContact WHERE CON_TYPE = 'MCS' AND CAST(PRIMARY_IND AS VARCHAR(4)) = '') AND (exists (SELECT CLAIM_NBR FROM #tCaseContact WHERE CON_TYPE = 'RRS' AND PRIMARY_IND = '4')))
set @pri_con_type = cast('RRS' as char(4)) if @pri_con_type is null set @pri_con_type = cast('MCS' as char(4)) /*sets the MCS as the Primary Contact if the primary contact is returned as null*/
/* if (exists (Select POR FROM #tCaseContact set POR=f. where POR is not null)) if Por='' or Por is null Else set POR=null */
SELECT TOP 1 a.CLAIM_NBR , a.CASE_NBR , a.INJ_SSN , a.INJ_FNAME , a.INJ_MID_INIT , a.INJ_LNAME , a.INJ_NME_SUF , a.TPLOC_NAME , a.TPLOC_POLICY_NBR , convert(varchar(10),a.DT_OF_INJ, 101) as TWCCS_DT_OF_INJ, a.CASE_STS , a.TEAM_NBR , ( SELECT top 1 a1.USER_KEY FROM #tCaseContact AS a1 WHERE a1.CON_TYPE = @pri_con_type ) as USER_KEY , a.TPA_ID, a.EMP_TIER, a.NON_UM, a.POR, ( SELECT top 1 a1.Con_Type FROM #tCaseContact AS a1 WHERE a1.CON_TYPE = @pri_con_type ) as Cont_Type, convert(varchar(10),a. Thousand_Date,101) as twccs_1000_lmt_dt FROM #tCaseContact AS a GO
When I execute the stored procedure through my application (IIS application connecting to SQLServer 2005 through SQL Native Client - not .NET) I get the following
In our project, we would like to use the same data source for our analysis service database cubes and for our reporting service reports.
I created the analysis service project first, deployed successfully. When trying to setting up the data source in the report model project, I selected the "create a data source based on another object", and then selected the "create a data source based on an analysis service project". However, there is no analysis service project to select, and no browse button to see where the reporting service is looking for analysis service project either.
I have tried creating a new analysis service project with data source views, cubes, dimensions and all the stuff, but still cannot see the analysis service project in the drop down box to be selected for my reporting model project data source.
As I am fairly new to the reporting service, I'm sure I'm missing something, but couldn't find much information in the help or on the web. Any suggestion would be much appreciated.
I'm sure I am not undestanding some basic concept here but the following formula always produces an invalid token error at the '-' sign. In this example, I'm trying to subtract out a specific month from the total (this is a simplified example, my actual formula needs to compute a % change over time using lag...)
This produces the invalid token error (it always errors at the '-' in the equation)
with member [Measures].[MyCalcMeasure] as [Measures].[MyBaseMeasure]-([Date Submitted].[Date Submitted YQMD].[month].&[2008]&[1],[Measures].[MyBaseMeasure]) select [Measures].[MyCalcMeasure] on columns, [MyDim].[MyHierarchy].[Level1].members on rows from MyCube
But this works
with member [Measures].[MyCalcMeasure] as [Measures].[MyBaseMeasure] select [Measures].[MyCalcMeasure] on columns, [MyDim].[MyHierarchy].[Level1].members on rows from MyCube
As does this
with member [Measures].[MyCalcMeasure] as ([Date Submitted].[Date Submitted YQMD].[month].&[2008]&[1],[Measures].[MyBaseMeasure]) select [Measures].[MyCalcMeasure] on columns, [MyDim].[MyHierarchy].[Level1].members on rows from MyCube
Hello, I get the following error when I run my package interactively. From the logs written out by the driver, it appears that all is working well as far as connecting to the data source and pulling data. It seems as if this error occurs when the DataReader source tries to process the received data.
SSIS package "MyPackage.dtsx" starting. Information: 0x4004300A at Data Flow Task, DTS.Pipeline: Validation phase is beginning. Information: 0x40043006 at Data Flow Task, DTS.Pipeline: Prepare for Execute phase is beginning. Information: 0x40043007 at Data Flow Task, DTS.Pipeline: Pre-Execute phase is beginning. Error: 0xC0047062 at Data Flow Task, DataReader Source [1]: System.Data.Odbc.OdbcException: ERROR [42000] XML parse error at 162:1338: not well-formed (invalid token) at System.Data.Odbc.OdbcConnection.HandleError(OdbcHandle hrHandle, RetCode retcode) at System.Data.Odbc.OdbcCommand.ExecuteReaderObject(CommandBehavior behavior, String method, Boolean needReader, Object[] methodArguments, SQL_API odbcApiMethod) at System.Data.Odbc.OdbcCommand.ExecuteReaderObject(CommandBehavior behavior, String method, Boolean needReader) at System.Data.Odbc.OdbcCommand.ExecuteReader(CommandBehavior behavior) at System.Data.Odbc.OdbcCommand.ExecuteDbDataReader(CommandBehavior behavior) at System.Data.Common.DbCommand.System.Data.IDbCommand.ExecuteReader(CommandBehavior behavior) at Microsoft.SqlServer.Dts.Pipeline.DataReaderSourceAdapter.PreExecute() at Microsoft.SqlServer.Dts.Pipeline.ManagedComponentHost.HostPreExecute(IDTSManagedComponentWrapper90 wrapper) Error: 0xC004701A at Data Flow Task, DTS.Pipeline: component "DataReader Source" (1) failed the pre-execute phase and returned error code 0x80131937. Information: 0x40043009 at Data Flow Task, DTS.Pipeline: Cleanup phase is beginning. Information: 0x4004300B at Data Flow Task, DTS.Pipeline: "component "OLE DB Destination" (691)" wrote 0 rows. Task failed: Data Flow Task SSIS package "MyPackage.dtsx" finished: Success.
I am not sure where to look next. Any help is much appreciated.
Many a times see the below error in SQL Error log.
Login failed for user 'NT AUTHORITYANONYMOUS LOGON'. Reason: Token-based server access validation failed with an infrastructure error. Check for previous errors. [CLIENT: ]
Is this something to do here?
Note: If I run the below statement I know that the SQL Error log entry will go off, but wanted to know the real significance of this error?
CREATE LOGIN [NT AUTHORITYANONYMOUS LOGON] FROM WINDOWS
Microsoft says it is possible but I just do not see how. Here is the link to the help file where it said that variables could be pass as input to web methods...I do not see the check box they mention on my IDE.
By default does CLR code run under the SQL Service Server account or the SQL Agent Service Account? Does anybody have a link to BOL or MSDN???
My assumption is its under SQL Server Service Account.
I'm trying to satisfy the DBA's security concerns in regards to CLR Code. If the account it runs under (Agent or service) has zero privliges will a dba still be able to maintain the server? Wouldnt all their backups work under a privilaged account that isnt the SQL Server Service Account?
I need a little help here and appreciate any insight into this issue.
I am building an SSIS package that retrieves data from a database to use in a web service task. So let me give you a little more broad overview of the package so you can understand how this is supposed to roll. A database is queried and those values are dumped into a recordset. A foreach loop uses each row of variables to call the web service and dump the returned values to another database. The first database holds a bunch of fields, but the four fields of interest are: a StartDate (DateTime), a StartFormat (single char), an EndDate (DateTime) and an EndFormat (single char). The output from the query of the first database is the input in the signature of a web service's .Load method. Sounds easy, right? Sure, why not?
Well I dragged the Web Service Task on to the pane and took a look inside. Lo and behold, I can hardcode the variables in for the web service or I can assign the inputs to package variables. How fancy, thanks Microsoft!
But that's where the difficulty begins. The method call for the web service looks like this: service.Load(string, int, GTTimestamp1, GTTimestamp2). The web service is expecting a string, an int, and two objects of the type GTTimestamp, which is a very simple class defined as this:
In the input pane for the Web Service, when I click in the value of the two GTTimestamps like I'm going to hardcode them in, another window pops up saying "Enter the values for complex type -in4" and the pane looks exactly like the previous pane with one very important exception: There is not place to check to assign the value from a package variable!!! Dang you Microsoft!!! I don't really understand why they would leave us out to dry on this... Oh, well, maybe they'll take care of it later...Time to work around it.
SSIS does allow you to create a variable of type System.Object, so after playing with the Web Service for a few minutes and giving up on that, I decided to create a script task that is supposed to create two GTTimestamp objects and assign them to two object variables in the package for passing to the WebService Task. The first challenge was to get the web service to play nice with the script. For those who have never done this, use a command prompt and the wsdl.exe to generate a .vb or .cs file to add to your script file using the right click, add existing item...
Once the file was accessable to my scripts, I created two GTTimestamp objects and assigned them to the Package variables of type System.Object. Running the package, I got this error:
"Microsoft.SqlServer.Dts.Tasks.WebServiceTask.WebserviceTaskException: Could not execute the Web method. The error is: Type 'ScriptTask_8c868490237b4220b582bdc7c7a3ecae.GTTimestamp' in assembly 'VBAssembly, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null' is not marked as serializable.
Not marked as serializable, huh. Okay, so I made the GTTimestamp serializable by adding the <Serializable()> before the class declaration. Then the error changed to:
The error is: Type is not resolved for member 'ScriptTask_8c868490237b4220b582bdc7c7a3ecae.GTTimestamp,VBAssembly, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null'.
And here I am, at a loss for what to do from this point. I'm a little lost, so I thought I'd stop and ask for directions. I'm sure I'm not the first to want to use complex variable types.
Only two options at this point. One is to try and store the GTTimestamp in the database and see if SSIS can deal with that. I'm not sure how to store objects in a database or if that is even an option for me, but it came to mind so it made it into this post. The other is to get this to work through the script above that I have run into a wall.
Again, any help is appreciated. Thanks for your time.
We have vendor that is implementing an employee self serve application for current and potential employees (employment applications). There is a web server in our DMZ that has the application installed but also on the server is a SQL database that has names and social security numbers. This server will also query the backend accounting server for earnings statements and W2s. We have a Cisco ASA as the firewall and SSL to protect client authentication from the Internet. There is no SSL between the web server and the accounting server. The fact that the SQL database on the web server containing SSN associated with names concerns me. It seems that none of this information is masked or encrypted and can be seen if the server was to ever be compromised.
My idea of such a service involves a web server that queries the backend database over SSL and presents the information to the user over SSL. No personally identifiable information would be resident on the web server at all, just a facade. That is not the case and it is not what we described to them as to what we want.
It seems they have installed it the only way they know how which is not secure, or maybe it is, that's why I am here. They have installed this at numerous locations and they actually wanted any and all ports open between the web server and the backend accounting server. It took us a while to get them to follow the rule of least privilege but we essentially had to do it ourselves.
Also on our main webserver for our Internet site I found the test database they used almost 2 years ago to test this application along with names and SSN. This was before I arrived and there is no encryption or authentication for this server. Is this good secure practice? All my training says no but it is hard to believe a mutli-million dollar organization is this ignorant. I guess it shouldn't surprise me, TJX didn't pay attention either.
I saw this thread which provide some good information but I am not a database admin and I am not familiar with SQL services, etc.
My questions are: Is their implementation secure? Does anyone know where I can find more info regarding web services and HIPAA? I read where 2 firewalls are required but would like documentation to show. Any suggestions on how to implement this securely?