RS 2000, Forms Authentication, Argument Exception Adding Auth Cookie To The Web Request For Graph
Jan 16, 2007
Hello, I have run into a strange problem with RS 2000. I have a base class that will call a reporting server web service, render a report to pdf, then write the report output to the stream. This has worked fine for me for reports.
However, when I render a graph to pdf, I get the following exception:
I only get this exception in our staging environment, not locally.
Here is a code snippet from the ReportServerProxy class, but it is pretty textbook according to the MSDN samples..
public class ReportServerProxy : ReportingService {
protected override WebRequest GetWebRequest(Uri uri) {
HttpWebRequest request;
request = (HttpWebRequest)HttpWebRequest.Create(uri);
// Create a cookie jar to hold the request cookie
CookieContainer cookieJar = new CookieContainer();
request.CookieContainer = cookieJar;
Cookie authCookie = AuthCookie;
// if the client already has an auth cookie
// place it in the request's cookie container
if (authCookie != null){
request.CookieContainer.Add(authCookie);
}
...
}
As I said, I can run reports one after another without issue, graphs are causing me problems.
I have implemented the Forms Authentication in Reporting Services 2000. In addition, we have a reports web application that uses the authentication to access the reports in the Reports Server. I have implemented a similar code that is posted in http://msdn2.microsoft.com/en-us/library/aa902691(SQL.80).aspxhttp://msdn2.microsoft.com/en-us/library/aa902691(SQL.80).aspx for the Reports Server and Reports Manager. For the web application, I added reference to the custom security assembly, created a new ReportsServerProxy, and then called the LogonUser().
Now, one of the functionality we have in the applicaiton is to set the reporting services Timeout for reports that take too long to run. The weird thing is the Timeout (in milliseconds) is getting ignored by the ReportServerProxy using the custom security assembly. I verified that without the custom secuirty assembly, the Timeout property is getting set.
I did find the code for ReportServerProxy's GetWebRequest(Uri uri) is setting the request.Timeout to -1. I thought this was interfering with the rs.Timeout, but removing the code did not make any difference.
How do I set the Timeout property correctly? Do you know of any issues with setting the Timeout property for Reporting Services with Forms Authentication?
Can anybody help PLEASE? I need an answer ASAP. Thanks in advance for your help.
/**partial UILogon.aspx code for ReportServerProxy below**/
Hi,is it possible to build a SQL SELECT COMMAND with a Cookie Request in between a IF ELSE Loop?My idea is to change the SQL SELECT COMMAND depending to a cookie.Is there any help or tutorial that somebody can suggest? caspar.netcologne, germany, EU
Hi All: Need quick help guyz. I am implementing Forms Authentication on my website below is the code for the same... However I am getting the following error .... Line 1: Incorrect syntax near 'SQLSTR'. at System.Data.SqlClient.SqlCommand.ExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream) at System.Data.SqlClient.SqlCommand.ExecuteReader() at GreyHounds.Login.btnLogin_Click(Object sender, EventArgs e) in c:inetpubwwwrootGreyHoundsLogin.aspx.vb:line 49 Private Sub btnLogin_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnLogin.Click Dim con As New SqlConnection("server=localhost; initial catalog=Grey Hounds; integrated security=SSPI")Dim SQLSTR As String = "Select * from Emp_Login" Dim cmd As New SqlCommand("SQLSTR", con)Dim p1 As New SqlParameter("@EmpId", SqlDbType.VarChar)Dim p2 As New SqlParameter("@Password", SqlDbType.VarChar) p1.SqlDbType = SqlDbType.VarChar p1.Value = txtEmpID.Text p2.SqlDbType = SqlDbType.VarChar p2.Value = txtPass.Text cmd.CommandType = CommandType.Text cmd.Parameters.Add(p1) cmd.Parameters.Add(p2) Try con.Open()Dim dr As SqlDataReader = cmd.ExecuteReader() If Not txtEmpID.Text.Equals("") Or txtPass.Text.Equals("") Then If dr.Item("Emp_Login") = p1.Value And dr.Item("Password") = p2.Value ThenFormsAuthentication.RedirectFromLoginPage(txtEmpID.Text, True) Response.Redirect("http://localhost/greyhounds/Default.aspx") Session("Emp_ID") = p1.Value End If Else lblMessage.Text = "Invalid Credentials!Please try again" End If lblMessage.Text = "Cannot leave the boxes empty! Please enter the values"Catch ex As SqlException Response.Write("<b>" & ex.Message & ex.HelpLink & "</b>") Response.Write(ex.StackTrace)Catch ex1 As Exception Response.Write(ex1.Message & ex1.Source & ex1.HelpLink) Finally con.Close()End Try End Sub
Your quick help is highly appreciated... Thanks! Brandy
I seem to be having a strange problem with accessing the SQL Express database under the following configuration.
Install Longhorn Server Beta 2 Add WSS role, setup default site, everything seems to be working fine (using NTLM auth for the site). Content database clearly working fine to the embedded SQL Server Express. Want to switch to Forms Based Authentication with SQL Membership Provider. Follow insructions for it and discover the following issues accessing the database:
aspnet_regsql (running locally on same box) fails and says it can't connect to the database try using the surface area configuration tools to enable remote access/ protocols etc. aspnet_regsql still fails and says it can't connect to the database Install the SQL Management Studio Express - try connecting it to the databse to explore the tables etc. SQL Management Studio Express fails to connect to the database Try switching client config to connect via shared memory rather than over TCP/IP etc. Still fails to connect to database Try install a third party tool called MSSQL Maestro (does some similar things to SQL Management Express) Lo and behold - MSSQL Maestro connects to the database just fine, can explore the tables etc. No problems. Try aspnet_regsql again, try SQL management express again after doing lots of things (try restarts etc. restarts of services). No luck.
So I'm confused. WSS seems to connect to the SQL Express config database fine. MSSQL Maestro connects to the database fine and will allow me to explore it. Using the exact same host and database name (the WSS configured default) aspnet_regsql and SQL Management Studio express both fail with the exact same error.
EDIT: Some significant additional details:
- I have two databases .MICROSOFT#SSEE (which is the WSS default internal database) and .SQLEXPRESS (installed when I installed the rest of SQL Express to get the management tools etc.)
- I can connect to them both by command line with sqlcmd -S.MICROSOFT#SSEE and sqlcmd -S.SQLEXPRESS just fine. They're both running.
- I CAN connect to.SQLEXPRESS from SQL Management Express Studio, but I cannot connect to .MICROSOFT#SSEE
- A look at the error log, shows a line like the following about listening on the named pipe for SQLEXPRESS database, but I don't see a similar entry for the MICROSOFT#SSEE (even thought it's configured to do so in configuration manager...)
"Server local connection provider is ready to accept connection on [ \.pipeSQLLocalSQLEXPRESS ]."
- I've run SQL Management Express as administrator - no change
- The error I get is either error 26, or error 40 when using Shared Memory protocol
- I get the same error and error code from aspnet_regsql
I wonder if it is possible to set forms authentication for report manager but leave report server "as it is". I need to authenticate users from external LDAP and can't use windows authentication for report manager, but I would also like to leave report server open for anonymous users. In that way authenticated administrators could create reports which anonymous users could read.
I tested the Security Extension Sample and got it working when I rewrote the authentication part with my own LDAP authentication.
If I have understood correctly, the report manager is just application inside report server so is it possible to use forms authentication with one application but still leave the report server with Windows authentication?
I could really use help getting form authentication to work. I have a box with a web site and ReportingServices installed(which if I can get this working will be moved to the DMZ). The databases are on a different machine(which will on on our network).
I have been working with the sample provided with the install and this blog.
My problem is that I can logon and authenticate but when I call ListChildren() my System.Net.CredentialCache.DefaultCredentials is empty so I get nothing back from the call.
I know that I have a valid cookie because after I logon I can use the Reports and the ReportServer URL's and go directly to those pages.
Can someone tell me what I need to do to make ListChildren() work? Do I still call ListChildren()? Documentation is scarce and would appreciate any help provided.
I've implemented a membership provider and added it to Reporting Services. It works well from the user interface, but I am unclear on how to authenticate using rs.exe. When I run it with the trace option (-t), I get this back:
System.Exception: Could not connect to server: http://stsstg8642/reportserver/ReportService2005.asmx ---> System.Net.WebException: The request failed with the error message: -- <html><head><title>Object moved</title></head><body> <h2>Object moved to <a href="/ReportServer/logon.aspx?ReturnUrl=%2freportserver%2fReportService2005.asmx">here</a>.</h2> </body></html>
--. at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall) at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters) at Microsoft.SqlServer.ReportingServices2005.ReportingService2005.ListSecureMethods() at Microsoft.ReportingServices.ScriptHost.Management2005Endpoint.PingService(String url, String userName, String password, String domain, Int32 timeout) at Microsoft.ReportingServices.ScriptHost.ScriptHost.DetermineServerUrlSecurity() --- End of inner exception stack trace --- at Microsoft.ReportingServices.ScriptHost.ScriptHost.DetermineServerUrlSecurity() at Microsoft.ReportingServices.ScriptHost.ScriptHost.InstanceMain() at Microsoft.ReportingServices.BaseCmdLine.CommandLineMain(String[] args, BaseCmdLine instance)
We created a custom security extension for RS using Forms Authentication. The issue I am having is in ReportBuilder when the forms authentication ticket expires. Forms auth will attempt to redirect (send a HTTP 302) and the report builder will show the error message "Object moved to here" instead of prompt for credentials. I have been watching the IIS logs and I see the first time report builder start it attempt to connect using default windows credentials and after the FormsAuthenticationRequired exception it will prompt for credentials and invoke LogonUser method, but this only happens the first time or if change the server in the url. I was expecting ReportBuilder to consider the Forms Authentication expiration at any time.
I'm implementing Forms authentication, but I have users stored in two different databases. The "LogonUser" method in my AuthenticationExtension gets an "authority". In that way I can authenticate the user in the correct database.
But... the problem is the CheckAccess method of my AuthorizationExtension. Is it in any way possible to reach the "authority" information from inside it? I need to grant some access to users of the first database and some other access to the users of the second database.
I have successfully implemented forms authentication in RS. It works great to navigate to https://myserver/Reports. I get redirected to the login-page etc. It also works great to use the ReportViewer from within my WinForms app, using the
method. I'm also able to communicate with RS through it's web services by first calling the 'LogonUser' method. However, to get that to work I had to inherit the ReportExecutionService for the cookie-handling to work.
Now over to my problem (the only thing so far I haven't got working). I'm trying to use a ReportViewer on an ASP.net web page to access the reports. I have understood that 'SetFormsCredentials' is not avaliable here. Instead, as far as I have understood, I should implement my own IReportServerCredentials . The critical method there I guess is
GetFormsCredentials(out Cookie authCookie, out string formsUser, out string formsPassword, out string formsAuthority)
, am I right?
It's here my problem starts. The examples I have seen haven't implemented this method since they use other types of authentication. So, I would need an example of what to fill that method with...
I have some reports on a report server that needs to be reached in two ways. 1 - From a windows client application (over internet) 2 - From a web browser (over internet) Windows authentication could not be used here, since the users are not part of any domain etc, so I have implemented forms authentication for Reporting Services as described here: http://msdn2.microsoft.com/en-us/library/ms160724.aspx My first task was to access the reports from the windows forms application, and I managed to do that without too much trouble using a ReportViewer and setting the custom credentials in this way: myReportViewer.ServerReport.ReportServerCredentials.SetFormsCredentials(null, "loginname", "password", ""); Works great! However, now I'm dealing with the second problem... accessing the reports from the web. Sure, this works fine if i just type http://myserver/reports/. This brings up the custom loginpage and if I enter correct login information I get access to the reports... The problem is that I don't want to show everything 'around' (on top of) the report, I just want to show a report. Lets say I have a webpage with two frames. One on the left with a couple of links each representing a singel report. When clicking the link the report should be rendered in the right frame. What approach should I use here? When and where should the user authentication take place? I have done some testing with an ASP.NET application using a report viewer, but I seem to get the error: Client found response content type of 'text/html; charset=utf-8', but expected 'text/xml' I guess this is because Reporting services wants to bring up the login page? I can't find any way of setting the credentials for the reportViewer in my ASP.NET app, like I did in the WinForms app. I'm really not a web-developer so I might be missing some obvious points here, if I do, please point me in the right direction... I have also read about using the Report server web service to render the html-page without using the reportviewer, but when I try to make a call to a service like this: ReportingService _rs = new ReportingService(); _rs.Url = "http://myServer/ReportServer/ReportService.asmx"; CatalogItem[] items = _rs.ListChildren("/", true); I get an exception like the one above, telling: Client found response content type of 'text/html; charset=utf-8', but expected 'text/xml' Where should I go from here... any help would be much appriciated! Regards Andreas
produces the exception: "Timeout expired. The timeout period elapsed prior to completion of the operation or the server is not responding." on the ExecuteNonQuery() line.
It's not a problem with the CommandTimeout or the ConnectionTimeout (from within the connection string), they are both set to 300 (and even when set to 0, the problem is the same).
It's very strange, because only two stored procedures don't work, the others work without any problems and under SQL Server (using EXEC stored_procedure) all of them work fine. It seems like the stored procedure is executed, but no response is returned to the client (the WinForm app), thus the timeout exception.
After implementing custom security extension for forms authentication, the report server works fine with Report Manager and web application. However, there is a problem with Report Builder.
It gives SecurityException "That assembly does not allow partially trusted callers.". Its becos I am using my own security assembly for authentication. I resolved this issue by using the following in my assemblyinfo.cs
However, now when I login to Report Builder it gives me error System.IO.FileNotFoundException. Its not able to find my security assembly.
I also tried giving FullTrust to the assembly using Framework 2.0 Configuration. I read somewhere that the ClickOnce application caches its last called settings in the manifest file and you have to delete the manifest and manually alter the security in the application settings(properties).
Is this true? Is there any solution to this issue? Is this really an issue with clickonce application?
On my current project we have a requirement to re-authenticate the user when accessing sensitive information.
We want re-authenticate using standard NT logins against Active Directory (not a custom database or SSO.
This is trivial to configure using Basic Authentication, however I would like to use an ASP.NET login form. I would like to avoid writing a security extension as I do not want to perform custom authentication. I would like the web service to use it's built in authentication and authorisation mechanisms.
Is the above possible???
The following gives some more details about wht I've tried.
I have tried configuring the report server/manager with Forms authentication as in the sample but cannot get it to work with out implementing the security extensions.
I changed the web.config files and the policy files for permissioning my dll with FullTrust. I did not configure an extension as I want reporting services to use it's built in windows security mechanisms.
In the login page code behind I call the ReportingService2005.LogonUser() method which always throws the following exception: Client found response content type of 'text/html; charset=utf-8', but expected 'text/xml'. The request failed with the error message: --
Reporting Services Error
The report server has encountered a configuration error. See the report server log files for more information. (rsServerConfigurationError) Get Online Help
SQL Server Reporting Services --.
I check the log file and it has the following:
at System.Web.UI.Page.HandleError(Exception e) at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) at System.Web.UI.Page.ProcessRequest() at System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context) at System.Web.UI.Page.ProcessRequest(HttpContext context) at ASP.logon_aspx.ProcessRequest(HttpContext context) at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) aspnet_wp!library!18!03/13/2007-11:38:23:: e ERROR: Throwing Microsoft.ReportingServices.Diagnostics.Utilities.InternalCatalogException: An internal error occurred on the report server. See the error log for more details., ; Info: Microsoft.ReportingServices.Diagnostics.Utilities.InternalCatalogException: An internal error occurred on the report server. See the error log for more details. ---> System.Web.HttpUnhandledException: Exception of type 'System.Web.HttpUnhandledException' was thrown. ---> System.FormatException: Input string was not in a correct format. at System.Text.StringBuilder.FormatError() at System.Text.StringBuilder.AppendFormat(IFormatProvider provider, String format, Object[] args) at System.String.Format(IFormatProvider provider, String format, Object[] args) at Microsoft.Samples.ReportingServices.CustomSecurity.Logon.ServerBtnLogon_Click(Object sender, EventArgs e) in C:Program FilesMicrosoft SQL Server90SamplesReporting ServicesExtension SamplesFormsAuthentication SamplecsFormsAuthenticationLogon.aspx.cs:line 130 at System.Web.UI.WebControls.Button.OnClick(EventArgs e) at System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) at System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument) at System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) at System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData) at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) --- End of inner exception stack trace --- at System.Web.UI.Page.HandleError(Exception e) at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) at System.Web.UI.Page.ProcessRequest() at System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context) at System.Web.UI.Page.ProcessRequest(HttpContext context) at ASP.logon_aspx.ProcessRequest(HttpContext context) at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) --- End of inner exception stack trace --- aspnet_wp!library!18!03/13/2007-11:38:24:: i INFO: Exception dumped to: c:Program FilesMicrosoft SQL ServerMSSQL.3Reporting ServicesLogFiles flags= ReferencedMemory, AllThreads, SendToWatson aspnet_wp!library!1!03/13/2007-11:39:11:: e ERROR: Throwing Microsoft.ReportingServices.Diagnostics.Utilities.ServerConfigurationErrorException: The report server has encountered a configuration error. See the report server log files for more information., Could not load Authentication extension; Info: Microsoft.ReportingServices.Diagnostics.Utilities.ServerConfigurationErrorException: The report server has encountered a configuration error. See the report server log files for more information.
Am I missing something? Is this even possible? If not, then why isn't it possible?
It feels like I've been going round in circles on something that shouold be pretty trivial to configure.
I have a user who is trying to access the SQL 2005 server with 2 seperate accounts(using Windows Authentication). With one account he can connect just fine, but with the seccond he recieves a logon fail error. The only difference that we can tell is that the first account uses a password for our kerberos domain, and the second (that fails) uses a longer pass phrase (which does use spaces as characters). My intuition tells me that shouldn't matter, but I've been wrong before. Can anyone confirm this, or correct me if I'm wrong? This is using ASP.NET 2005 for the front end. The exact Exception details are: "System.Data.SqlClient.SqlException: Login failed for user 'domainuser "
I'm trying to get the forms authentication sample working - I have followed the instructions given in the ReadMe that came with the samples. When I try to browse to localhost/reportserver (on the server), instead of seeing the logon page as expected, I get the following error message:
An internal error occurred on the report server. See the error log for more details. (rsInternalError) Get Online Help
Request for the permission of type 'System.Web.AspNetHostingPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.
Request for the permission of type 'System.Web.AspNetHostingPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.
Request for the permission of type 'System.Web.AspNetHostingPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.
I built the sample in VS 2005, and am using v2 of .net. Reporting services is installed on a windows server 2003 machine.
This has been driving me crazy for a while now. Any help would be greatly appreciated!
I am using Reporting services 2005 and have enabled forms authentication using the example found in: 'C:Program FilesMicrosoft SQL Server90SamplesReporting ServicesExtension SamplesFormsAuthentication Sample' This works correctly without SSL, but when I enable SSL I get an error when logging in. The symptoms are as follows. I can login to the reporting server (in my case <server>/ReportServer2) directory, but when I login to the report manager (in my case at <server>/Reports2) I get the following error: 'The underlying connection was closed: An unexpected error occurred on a send.' Can anyone suggest why I might be getting this error?
I need help regarding forms authentication in SSRS. I exactly followed the steps described in the article: http://blogs.msdn.com/bimusings/archive/2005/12/05/500195.aspx. However it doesn€™t seem to be working at my end. The only things that I didn€™t implement correctly are the two members of IExtension interface, here€™s the code for these two members; public string LocalizedName { get { return "Naveed"; } } public void SetConfiguration ( string configuration ) { //throw new Exception("The method or operation is not implemented."); }
After performing all the steps mentioned in the article when I access http://<servername>/reports, it displays my login page alright, but when I submit the user credentials (whether right or wrong) it gives me: €œAccess denied creating App_Data subdirectory€? Description: For security reasons, the identity 'NAVEEDSIDDIQUIASPNET' (under which this web application is running), does not have permissions to create the App_Data subdirectory within the application root directory. ASP.NET stores the Microsoft SQL Express Database file used for services such as Membership and Profile in the App_Data subdirectory of your application.
Along with steps of how to grant the required permission. My question is why it is trying to create the new directory. Does it mean it is unable to find the database or does it mean something else? When I access http://<servername>/reportserver, it gives me:
An internal error occurred on the report server. See the error log for more details. (rsInternalError) Get Online Help
Could not load type 'Vantage.CustomSecurityExtension.Logon'.
Could not load type 'Vantage.CustomSecurityExtension.Logon'.
Could not load type 'Vantage.CustomSecurityExtension.Logon'.
Could not load type 'Vantage.CustomSecurityExtension.Logon'. Here €˜Logon€™ is the name of the code-behind class of my login page.
I have implemented forms authentication via a custom security extension in RS2005 as described in a relevant sample. I am asked for credentials when accessing the Report Manager and the Report Builder, however I can no longer connect to the report server in SQL Server Management Studio (I get HTML code as the error message) and the Preview tab in the Report Designer now fails with User Not Authorized.
I can live with the first problem, but the Report Designer needs to work. When I debug the extension, I can see that LogonUser method is being passed empty strings. This makes sense, since the Report Designer has not asked me for the credentials. Do I need to modify any the of the Designer configs to have it pop up the username/password window (similar to Report Builder) or is the only solution to use Windows Authentication on development machines and Forms Authentication in production?
We've successfully set up SSRS with forms Authentication (yea - wasn't easy!)
If we browse to the default web site, we get the login page. Once we authenticate, we can move around the site and run reports.
If however, we try to access a page (other than the login page) while we're not authenticated we get an exception instead of being redirected to the login page:
Object reference not set to an instance of an object
If we set the Reportmanagerweb.config file to use Windows authentication, we get a 401 Access Denied page instead.
My first inclination would be to override the Global.asax file for SSRS, swallow the exception and redirect to the Login page. Not sure how to do this since the Global.asax.cs page isn't in the folder (I assume the compiled version hidden away somewhere).
It's not just the intial login either, timeouts are especially frustrating because, instead of being redirected to the login page, the users get the exception.
Any idea what might be causing the exception in the first place?
<html><head><title>Object moved</title></head><body> <h2>Object moved to <a href="/ReportServer/logon.aspx?ReturnUrl=%2freportserver%2fReportExecution2005.asmx">here</a>.</h2> </body></html>
I've used the code from UILogon.aspx (Forms Authentication Security Extension) to extend a proxy server in a windows application to manage the cookie when connecting to a Reporting Services web service.
When the proxy class is instantiated I get this error on the AuthCookie property: 'server.AuthCookie' threw an exception of type 'System.NullReferenceException'
The code executes properly in UILogon.aspx and AuthCookie is set to a null reference.
Please adviseif you can assist debugging this:
The code: ------------------------------------------------------ //using directives ------------------------------------------------------- using System; using System.Collections; using System.Collections.Generic; using System.ComponentModel; using System.Data; using System.Drawing; using System.IO; using System.Text; using System.Text.RegularExpressions; using System.Web.Services.Protocols; using System.Windows.Forms; //using rs2005 = Microsoft.SqlServer.ReportingServices.ReportService2005; using rs2005 = Microsoft.Samples.ReportingServices.RSExplorer.ws_reportservice2005; using System.Runtime.InteropServices; using Microsoft.SqlServer; using Microsoft.SqlServer.MessageBox; using System.Globalization; using System.Net; using System.Web;
----------------------------------------------- // proxy class -------------------------------------------- public class ReportServerProxy : rs2005.ReportingService2005 {
protected override WebRequest GetWebRequest(Uri uri) { HttpWebRequest request; request = (HttpWebRequest)HttpWebRequest.Create(uri); // Create a cookie jar to hold the request cookie CookieContainer cookieJar = new CookieContainer(); request.CookieContainer = cookieJar; Cookie authCookie = AuthCookie; // if the client already has an auth cookie // place it in the request's cookie container if (authCookie != null) request.CookieContainer.Add(authCookie); request.Timeout = -1; request.Headers.Add("Accept-Language", HttpContext.Current.Request.Headers["Accept-Language"]); return request; } [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Usage", "CA2201oNotRaiseReservedExceptionTypes")] protected override WebResponse GetWebResponse(WebRequest request) { WebResponse response = base.GetWebResponse(request); string cookieName = response.Headers["RSAuthenticationHeader"]; // If the response contains an auth header, store the cookie if (cookieName != null) { Utilities.CustomAuthCookieName = cookieName; HttpWebResponse webResponse = (HttpWebResponse)response; Cookie authCookie = webResponse.Cookies[cookieName]; // If the auth cookie is null, throw an exception if (authCookie == null) { throw new Exception( "Authorization ticket not received by LogonUser"); } // otherwise save it for this request AuthCookie = authCookie; // and send it to the client Utilities.RelayCookieToClient(authCookie); } return response; } private Cookie AuthCookie { get { if (m_Authcookie == null) m_Authcookie = Utilities.TranslateCookie( HttpContext.Current.Request.Cookies[Utilities.CustomAuthCookieName]); return m_Authcookie; } set { m_Authcookie = value; } } private Cookie m_Authcookie = null; }
I have developed a custom authentication extension to Reporting Services 2005, using Visual Studio 2005 C#.
In local integration tests the extension behaved as expected, honouring the role based security of our main system. Following the deployment steps laid out from numerous sources all worked perfectly. We were optimistic.
I've since deployed to a 'live' user acceptance staging server, using the same procedures used in Integration and it's behaving incorrectly.
Initially the log in page is displayed as expected, at this point SQL dumps occur in the RS Log directory, the same as is seen here: http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=1750128&SiteID=1
Hopefully there'll be a resolution to that soon. As described in that topic, the main page of Report Manager appears.
After this it all goes wrong.
Sometimes we can browse to a folder and run a report. But after running the report, trying to run something else, or browse back to the containing folder we are presented with the error page with the message:
The permissions granted to user '' are insufficient for performing this operation.
Clicking on the home link brings up the top title and nothing else and you have no option but to close the site and re-login.
Sometimes you get the above message before you can even run a report. The error logs have the message listed at the end of this post.
Other times you log in to the website and the folders don't even appear, just the top title bar.
I have since added some verbose logging in each of the implemented methods in the extension DLL. The permission checking method return true and all the various data in each method appears as expected.
I have checked, checked again and re-checked all the configuration files, they match the local Integration files, barring the machine specific keys etc, they weren't just overwritten.
The location of the log directory where my internal logs are written is read from the configuration files via the SetConfiguration methods, if that wasn't set correctly then there wouldn't be any logs at all, so the configuration is being read correctly by the extension.
One other think that I've noticed is that the back door user that is configured in the config files works perfectly, but I can't see how this can make any sort of a difference as it returns the same result in the extension DLL as a 'normal' user does at the same point in the code.
Can someone please help me, and my poor scalp, it's losing hair at a rate of knots.
Set up: Windows Server 2005 SQL Server 2005 Service Pack 2 (Developer) IIS 6
Error message in the log files:
w3wp!library!1!27/06/2007-10:04:20:: e ERROR: Throwing Microsoft.ReportingServices.Diagnostics.Utilities.AccessDeniedException: The permissions granted to user '' are insufficient for performing this operation., ; Info: Microsoft.ReportingServices.Diagnostics.Utilities.AccessDeniedException: The permissions granted to user '' are insufficient for performing this operation. w3wp!ui!1!27/06/2007-10:04:20:: e ERROR: The permissions granted to user '' are insufficient for performing this operation. w3wp!ui!1!27/06/2007-10:04:20:: e ERROR: HTTP status code --> 500 -------Details-------- Microsoft.ReportingServices.Diagnostics.Utilities.AccessDeniedException: The permissions granted to user '' are insufficient for performing this operation. w3wp!ui!1!27/06/2007-10:04:20:: e ERROR: Exception in ShowErrorPage: System.Threading.ThreadAbortException: Thread was being aborted. at System.Threading.Thread.AbortInternal() at System.Threading.Thread.Abort(Object stateInfo) at System.Web.HttpResponse.End() at System.Web.HttpServerUtility.Transfer(String path, Boolean preserveForm) at Microsoft.ReportingServices.UI.ReportingPage.ShowErrorPage(String errMsg) at at System.Threading.Thread.AbortInternal() at System.Threading.Thread.Abort(Object stateInfo) at System.Web.HttpResponse.End() at System.Web.HttpServerUtility.Transfer(String path, Boolean preserveForm) at Microsoft.ReportingServices.UI.ReportingPage.ShowErrorPage(String errMsg)
Just yesterday I implemented SqlCacheDependencies on my ASP.NET 2.0 web site for SQL Server 2005. My SQL Server 2005 database is in mode 90, mirrored with a second database server. Now I am getting Error 17310 while running very simple statements, but only on a specific table.
We have a table called "tblSchools" which, due to negligence and incompetence, has a maximum size of over 8,000. I plan on fixing that eventually, by splitting all the long varchar(2048) fields off into other tables.
I wanted to use SqlCacheDependencies on this table, for every single column. So I created a DateTime column called LastChanged and created a trigger. I am using LastChanged as a DateTime type instead of a TimeStamp/RowVersion type because I thought it would be more useful.
Here are the changes made: ---------------------------
-- Adding the column... ALTER TABLE tblSchools ADD LastChanged DateTime Null GO
-- The program uses this stored procedure to watch the "LastChanged" column. CREATE PROCEDURE [apCacheWatchSchool] @SchoolID int AS select LastChanged from dbo.tblSchools where SchoolID = @SchoolID GO
-- Any updates on the table cause the LastChanged column to be updated with getdate() CREATE TRIGGER [UpdateLastChanged_TS] ON [dbo].[tblSchools] AFTER INSERT,UPDATE AS BEGIN SET NOCOUNT ON; update [dbo].[tblSchools] set LastChanged = getdate() where SchoolID in (select SchoolID from inserted); END GO
---------------------------
After adding this column and the trigger and s-proc, any update to any row in tblSchools fails with error 17310. It CANNOT set LastChanged to anything. It has to remain NULL. I was able to perform the following operation (as long as the tblSchools.LastChanged updating trigger [UpdateLastChanged_TS] was disabled): "update tblSchools set SchoolName = 'ZZZZ' + SchoolName where SchoolID = 185" -- so, it's not some kind of row length limit. I think it's a limit on # of columns that can be dealt with. I don't really know.
I don't know where the problem is occurring. I am just telling you why. I got around the problem (temporarily) by simply having the trigger update a DateTime column in another table, and having the SqlCacheDependency watch that column in the other table. No biggie.
As for moving some of the enormous varchar columns off of tblSchools... I don't really care enough. I guess that's why it's been like this for so long.
So, my problem is fixed, I just wanted to submit this bug report so you can at least fail gracefully in the next version of SQL Server.
I have the log/txt/mdmp files available, and can provide them upon request; they're too big for this form, sorry. Please contact me at plushpuffin AT wwddfd.com if you have any questions.
I had a few packages created with Windows Authentication which now needs to be migrated to run with SQL Server Authentication. I tried changing it in the connection managers but the packages failed to validate at the SCD transformations.For a few packages I had Configuration files for these packages where i tried to do it but it dint run giving the following Error Message: [Connection manager "Target"] Error: An OLE DB error has occurred. Error code: 0x80040E4D. An OLE DB record is available. Source: "Microsoft SQL Native Client" Hresult: 0x80040E4D Description: "Login failed for user <<with my network id>>.".
[Execute SQL Task] Error: Failed to acquire connection "Target". Connection may not be configured correctly or you may not have the right permissions on this connection.
I've successfully created a column bar graph that shows the availability (0-100%) for a given site for each month YTD. I would like to have fixed lines added to the graph across all the columns at the 99.0 and 99.99% marks to show where we've reached and surpassed these key service levels.
I can't seem to find any examples on how to do this. The line drawing tool doesn't always line up with the graph correctly when it's displayed so I was looking for a data point at those levels.
Sorry for the long post but I'll try to give a maximum of information.
I've tried to implement Form Authentication for Reporting Services. Right now, just about everything works as I would hope for, i.e.:
When I try to access http://<server>/ReportServer$SQLSERVER_2005, I am redirected to the authentication form. When successfully authenticated, I can access the report I can display reports throught the ReportViewer Web control by passing the authentication cookie. Etc.
(Note: My implementation of Form Authentication was inspired by http://www.devx.com/dotnet/Article/26759/0/page/1 which seems similar to Microsoft Sample)
(The $SQLSERVER_2005 suffix is because SQL Server 2000 is also installed on the server, but I don't think Reporting Services 2000 is installed)
There is one thing which does not work however and it is the Report Manager.
When I try to access http://<server>/Reports$SQLSERVER_2005, I would expect to be redirected to the /Pages/UILogon.aspx page. Instead, I get an error page with the following message:
"The report server is not responding. Verify that the report server is running and can be accessed from this computer."
Both ReportServer and Reports are on the same server, both have the same security on the folder and in IIS (6.0), both have Anonymous security access "checked".
If I revert to the old .config files (prior to my modifications for Form Authentication) and remove Anonymous from IIS for both sites, everything works fine (like it did after the installation).
Here are excerpts from the config files I've modified in ReportManager:
<CodeGroup class="FirstMatchCodeGroup" version="1" PermissionSetName="FullTrust" Description="This code group grants MyComputer code Execution permission. "> <IMembershipCondition class="ZoneMembershipCondition" version="1" Zone="MyComputer" />
Web.config:
<identity impersonate="false" />
Here is the content of the log ReportServerWebApp_*.log (see error in bold):
<Header> <Product>Microsoft SQL Server Reporting Services Version 9.00.1399.00</Product> <Locale>en-US</Locale> <TimeZone>Eastern Standard Time</TimeZone> <Path>C:Program FilesMicrosoft SQL ServerMSSQL.3Reporting ServicesLogFilesReportServerWebApp__11_10_2006_08_32_34.log</Path> <SystemName>MSCAPP02</SystemName> <OSName>Microsoft Windows NT 5.2.3790 Service Pack 1</OSName> <OSVersion>5.2.3790.65536</OSVersion> </Header> w3wp!library!5!11/10/2006-08:32:35:: i INFO: Initializing MaxActiveReqForOneUser to '20' requests(s) as specified in Configuration file. w3wp!library!5!11/10/2006-08:32:35:: i INFO: Initializing MaxScheduleWait to default value of '1' second(s) because it was not specified in Configuration file. w3wp!library!5!11/10/2006-08:32:35:: i INFO: Initializing DatabaseQueryTimeout to default value of '30' second(s) because it was not specified in Configuration file. w3wp!library!5!11/10/2006-08:32:35:: i INFO: Initializing ProcessRecycleOptions to default value of '0' because it was not specified in Configuration file. w3wp!library!5!11/10/2006-08:32:35:: i INFO: Initializing RunningRequestsScavengerCycle to default value of '30' second(s) because it was not specified in Configuration file. w3wp!library!5!11/10/2006-08:32:35:: i INFO: Initializing RunningRequestsDbCycle to default value of '30' second(s) because it was not specified in Configuration file. w3wp!library!5!11/10/2006-08:32:35:: i INFO: Initializing RunningRequestsAge to default value of '30' second(s) because it was not specified in Configuration file. w3wp!library!5!11/10/2006-08:32:35:: i INFO: Initializing CleanupCycleMinutes to default value of '10' minute(s) because it was not specified in Configuration file. w3wp!library!5!11/10/2006-08:32:35:: i INFO: Initializing DailyCleanupMinuteOfDay to default value of '120' minutes since midnight because it was not specified in Configuration file. w3wp!library!5!11/10/2006-08:32:35:: i INFO: Initializing WatsonFlags to default value of '1064' because it was not specified in Configuration file. w3wp!library!5!11/10/2006-08:32:35:: i INFO: Initializing WatsonDumpOnExceptions to default value of 'Microsoft.ReportingServices.Diagnostics.Utilities.InternalCatalogException,Microsoft.ReportingServices.Modeling.InternalModelingException' because it was not specified in Configuration file. w3wp!library!5!11/10/2006-08:32:35:: i INFO: Initializing WatsonDumpExcludeIfContainsExceptions to default value of 'System.Data.SqlClient.SqlException,System.Threading.ThreadAbortException' because it was not specified in Configuration file. w3wp!library!5!11/10/2006-08:32:35:: i INFO: Initializing SecureConnectionLevel to default value of '1' because it was not specified in Configuration file. w3wp!library!5!11/10/2006-08:32:35:: i INFO: Initializing DisplayErrorLink to 'True' as specified in Configuration file. w3wp!library!5!11/10/2006-08:32:35:: i INFO: Initializing WebServiceUseFileShareStorage to default value of 'False' because it was not specified in Configuration file. w3wp!ui!5!11/10/2006-08:32:39:: e ERROR: The report server is not responding. Verify that the report server is running and can be accessed from this computer. w3wp!ui!5!11/10/2006-08:32:39:: e ERROR: HTTP status code --> 500 -------Details-------- Microsoft.ReportingServices.UI.Global+RSWebServiceWrapper+CantCommunicateWithReportServerException: The report server is not responding. Verify that the report server is running and can be accessed from this computer.
at Microsoft.ReportingServices.UI.Global.RSWebServiceWrapper.GetSecureMethods()
at Microsoft.SqlServer.ReportingServices2005.RSConnection.IsSecureMethod(String methodname)
at Microsoft.SqlServer.ReportingServices2005.RSConnection.ValidateConnection()
at Microsoft.ReportingServices.UI.ReportingPage.EnsureHttpsLevel(HttpsLevel level)
at Microsoft.ReportingServices.UI.ReportingPage.ReportingPage_Init(Object sender, EventArgs args)
at System.EventHandler.Invoke(Object sender, EventArgs e)
at System.Web.UI.Control.OnInit(EventArgs e)
at System.Web.UI.Page.OnInit(EventArgs e)
at System.Web.UI.Control.InitRecursive(Control namingContainer)
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) w3wp!ui!5!11/10/2006-08:32:40:: e ERROR: Exception in ShowErrorPage: System.Threading.ThreadAbortException: Thread was being aborted. at System.Threading.Thread.AbortInternal() at System.Threading.Thread.Abort(Object stateInfo) at System.Web.HttpResponse.End() at System.Web.HttpServerUtility.Transfer(String path, Boolean preserveForm) at Microsoft.ReportingServices.UI.ReportingPage.ShowErrorPage(String errMsg) at at System.Threading.Thread.AbortInternal() at System.Threading.Thread.Abort(Object stateInfo) at System.Web.HttpResponse.End() at System.Web.HttpServerUtility.Transfer(String path, Boolean preserveForm) at Microsoft.ReportingServices.UI.ReportingPage.ShowErrorPage(String errMsg)
So that's it. Thanks for any help you can provide.
Greetings. I have developed our own custom security extension, implemented forms based authentication, and can authenticate from report manager, report server and sql studio. So far so good.
However, when it comes to Authorization, i'm unclear in a few areas and would appreciate if someone could help me out with the following questions. It should be noted that in the code I have granted an administrator user full access to all operations and permissions, and then tested against both an administrator user and a normal user.
"Returns the set of permissions granted a specific user for an item in the report server database."
Inparticular, the secDesc parameter is supposed to contain the security descriptor associated with the item.
However, with our extension this parameter is always null, even if I have already granted access for a user, which is confirmed through logging in CreateSecurityDescriptor.
Through the report manager or sql studio I can see that the permissions have been created, so I can't understand why I never see them in the GetPermissions method? This then (seems to) flow through to the various CheckAccess methods, where the users are authenticated, but are not authorized to perform any operations. i.e. in report manager a user has no folders or reports available.
Is RS authorization designed around the concept that the details will always be stored in it's own database?
Ideally, we'd like to have the various roles, users and function authorizations defined in our own security framework. This is working great for the authentication aspect of the extension, but unless there is a mechanism which exposes the details of the particular authorization process (e.g. the name of the folder being viewed or report being run), then I can't see a way we can implement it. Unless i'm missing something fundamental of course!
Using Report Builder as the Administrator user (or any other user), I can see no data models available, even though I have created them via Report Manager, and I get the following exception trying to open up the list of reports:
System.Web.Services.Protocols.SoapException: The permissions granted to user '' are insufficient for performing this operation. ---> Microsoft.ReportingServices.Diagnostics.Utilities.AccessDeniedException: The permissions granted to user '' are insufficient for performing this operation. at Microsoft.ReportingServices.Library.ListChildrenAction.PerformActionNow() at Microsoft.ReportingServices.Library.RSSoapAction.Execute() at Microsoft.ReportingServices.WebServer.ReportingService2005.ListChildren(String Item, Boolean Recursive, CatalogItem[]& CatalogItems)
I have implemented a report server proxy (inherited from ReportService2005) as per the example, to pass through the authorization cookie. Any clues as to what could be wrong?
Finally, I suspect part of my problem may be in assignment of users to System Roles ("System Administrator" and "System User"), I'm not sure if these are meant only for Windows Authentication? I can see no way of assigning these roles to any of my users using Forms Authentication.
I have SRS configured in SharePoint Integration mode. I have exposed a site collection under two MOSS-enabled websites - the first site has Forms Authentication enabled and the second site has Windows Integrated security enabled.
I have noticed that when I access the website with Forms Authentication I an unable to select "New (Report Model/Report Builder/Report DataSource)" options on my SRS integrated document library. When I access the site using WIndows Integrated security the menu options appear fine. Is there some sort of security trimming happening here that I am not aware of?
