We're trying to determine the best way to implement an authentication mechanism for our reporting services solution. Basically, we are exposing a web application to the internet, and allowing a forms authenticated user to access our report server somewhere within our intranet to view reports. I've browsed msdn and found that there are two approaches:
1. create a custom authentication extension for reporting services
2. create a restricted domain user that is allowed to access the report server
Going with approach 2 and assuming I'm using a ReportViewer control, in order to authenticate with the report server (using the one domain user created specifically for report server access), are we supposed to just provide an instance of an object implementing IReportServerCredential containing the domain user information to the Credentials property of the ReportViewer.ServerReport before accessing the report? Is this the correct way to implement approach 2? Also, if implementing approach 2 is so simple compared to approach 1, why would anyone choose to implement custom authentication extension if they don't need fine-grain access control on the report server level?
I wonder if it is possible to set forms authentication for report manager but leave report server "as it is". I need to authenticate users from external LDAP and can't use windows authentication for report manager, but I would also like to leave report server open for anonymous users. In that way authenticated administrators could create reports which anonymous users could read.
I tested the Security Extension Sample and got it working when I rewrote the authentication part with my own LDAP authentication.
If I have understood correctly, the report manager is just application inside report server so is it possible to use forms authentication with one application but still leave the report server with Windows authentication?
From what I have understood, Reporting Services could be configured to use Basic Authentication. In this way, a user can access a RS-server across the internet and he/she will be prompted for a valid username/password when trying to access.
However, from what I can understand this username and password will be sent uncrypted over the Internet (from the client machine to the RS-server), right?
My problem is, I need to give access to users acress the internet to a RS-server. The users uses all kind of operating systems (Windows, Linux, MacOS tec). And the communication needs to be encrypted.
How would you recommend me to implement security for this solution? I guess some kind of "Forms authentication" will have to be used? But how to make sure the data traffic is encrypted? And where do you recommend me to store the username and passwords? In an Active Directory on the server side, or in a separate database on the server side?
does anybody know why MS doesnt consider Basic Authentication a viable solution for Inter/Xtra net access to RS? I'm re reading the documentation at http://msdn2.microsoft.com/en-us/library/bb283249.aspx but so far am not getting what the Security Extension options accomplish that can't be accomplished with much less effort using some form of Basic Authentication.
I have a very confusing problem that I'm going to attempt to relay concisely:
I have a LAN on which I'm running an Intranet web site built in ASP.Net 2.0 and using SSRS / Sql Server 2005 on the same server.
The name of the box is "warehouse" or "warehouse.mydomain.us." When I ping "warehouse," I get a response from 137.86.166.8, as I should. Likewise, I get a response from 137.86.166.8 when I ping "warehouse.mydomain.us." If I do a "ping -a" on 137.86.166.8, it correctly resolves to "warehouse.mydomain.us." Based on the facts presented in this paragraph, I believe that my DNS is working as expected.
Using IE (6.0.2900.2180.xpsp_sp2_gdr.050301-1519) with "low" security settings, I navigate to http://warehouse.mydomain.us/lex/ (Lex is the name of the app) and it authenticates me to the index page (which calls the SSRS web service to get and display a list of available reports), except that I get the login prompt three times. If I hit F5 (refresh), I get three more login prompts and then I get a 401.1 error. From this point, no matter what I do, I can not see the index page again without closing and restarting IE.
I know that IE only passes credentials to certain sites, so I add my domain (http://warehouse.mydomain.us/) to the Local Intranet list ( Tools->Internet Options->Security->Local Intranet->Advanced) and then I can refresh and see my index page once, but I still get 3 login attempts and then the same thing happens -- I refresh and go through 3 logins and then get a 401.1.
If I now change my address bar to read http://137.86.166.8/lex, I get a single login and it works like a champ. This makes me think that there's a DNS problem, so I open up Mozilla Firefox and wouldn't you know it -- Firefox works like a champ all around -- one single sign-in, it keep credentials between Lex and SSRS, and it appears to use the DNS correctly. However, I can't use Firefox because I can't get any of the SSRS reports to look like they're supposed to in Mozilla-based browsers.
Argh.
I have set my IE securtiy settings to "Low." I have added the primary domain to the Local Intranet list and also to the Trusted Sites list (but you can't do both at the same time). I have even added the internal IP to my "hosts" file.
Does anyone know anything that might be a help to me in getting this figured out?
Other notes of interest:
My machine is an XP machine, but is not on the domain, but I do have a valid domain login that I use and it works in Firefox without problem.
after installing SQL Server 2008 R2 and the Reporting Services, I've managed to access the Report Manager URL....Reports through the web browser on the machine itself. But if i am trying to connect to on my client browser it does not find the Report Server.Do I need to configure the server in any way? Do I need to configure the firewall?
I have a Report Server when i try to deploy my report on the same server and if i use the Fully Qualified Domain Name in my report path i get the below Error
Sorry for the long post but I'll try to give a maximum of information.
I've tried to implement Form Authentication for Reporting Services. Right now, just about everything works as I would hope for, i.e.:
When I try to access http://<server>/ReportServer$SQLSERVER_2005, I am redirected to the authentication form. When successfully authenticated, I can access the report I can display reports throught the ReportViewer Web control by passing the authentication cookie. Etc.
(Note: My implementation of Form Authentication was inspired by http://www.devx.com/dotnet/Article/26759/0/page/1 which seems similar to Microsoft Sample)
(The $SQLSERVER_2005 suffix is because SQL Server 2000 is also installed on the server, but I don't think Reporting Services 2000 is installed)
There is one thing which does not work however and it is the Report Manager.
When I try to access http://<server>/Reports$SQLSERVER_2005, I would expect to be redirected to the /Pages/UILogon.aspx page. Instead, I get an error page with the following message:
"The report server is not responding. Verify that the report server is running and can be accessed from this computer."
Both ReportServer and Reports are on the same server, both have the same security on the folder and in IIS (6.0), both have Anonymous security access "checked".
If I revert to the old .config files (prior to my modifications for Form Authentication) and remove Anonymous from IIS for both sites, everything works fine (like it did after the installation).
Here are excerpts from the config files I've modified in ReportManager:
<CodeGroup class="FirstMatchCodeGroup" version="1" PermissionSetName="FullTrust" Description="This code group grants MyComputer code Execution permission. "> <IMembershipCondition class="ZoneMembershipCondition" version="1" Zone="MyComputer" />
Web.config:
<identity impersonate="false" />
Here is the content of the log ReportServerWebApp_*.log (see error in bold):
<Header> <Product>Microsoft SQL Server Reporting Services Version 9.00.1399.00</Product> <Locale>en-US</Locale> <TimeZone>Eastern Standard Time</TimeZone> <Path>C:Program FilesMicrosoft SQL ServerMSSQL.3Reporting ServicesLogFilesReportServerWebApp__11_10_2006_08_32_34.log</Path> <SystemName>MSCAPP02</SystemName> <OSName>Microsoft Windows NT 5.2.3790 Service Pack 1</OSName> <OSVersion>5.2.3790.65536</OSVersion> </Header> w3wp!library!5!11/10/2006-08:32:35:: i INFO: Initializing MaxActiveReqForOneUser to '20' requests(s) as specified in Configuration file. w3wp!library!5!11/10/2006-08:32:35:: i INFO: Initializing MaxScheduleWait to default value of '1' second(s) because it was not specified in Configuration file. w3wp!library!5!11/10/2006-08:32:35:: i INFO: Initializing DatabaseQueryTimeout to default value of '30' second(s) because it was not specified in Configuration file. w3wp!library!5!11/10/2006-08:32:35:: i INFO: Initializing ProcessRecycleOptions to default value of '0' because it was not specified in Configuration file. w3wp!library!5!11/10/2006-08:32:35:: i INFO: Initializing RunningRequestsScavengerCycle to default value of '30' second(s) because it was not specified in Configuration file. w3wp!library!5!11/10/2006-08:32:35:: i INFO: Initializing RunningRequestsDbCycle to default value of '30' second(s) because it was not specified in Configuration file. w3wp!library!5!11/10/2006-08:32:35:: i INFO: Initializing RunningRequestsAge to default value of '30' second(s) because it was not specified in Configuration file. w3wp!library!5!11/10/2006-08:32:35:: i INFO: Initializing CleanupCycleMinutes to default value of '10' minute(s) because it was not specified in Configuration file. w3wp!library!5!11/10/2006-08:32:35:: i INFO: Initializing DailyCleanupMinuteOfDay to default value of '120' minutes since midnight because it was not specified in Configuration file. w3wp!library!5!11/10/2006-08:32:35:: i INFO: Initializing WatsonFlags to default value of '1064' because it was not specified in Configuration file. w3wp!library!5!11/10/2006-08:32:35:: i INFO: Initializing WatsonDumpOnExceptions to default value of 'Microsoft.ReportingServices.Diagnostics.Utilities.InternalCatalogException,Microsoft.ReportingServices.Modeling.InternalModelingException' because it was not specified in Configuration file. w3wp!library!5!11/10/2006-08:32:35:: i INFO: Initializing WatsonDumpExcludeIfContainsExceptions to default value of 'System.Data.SqlClient.SqlException,System.Threading.ThreadAbortException' because it was not specified in Configuration file. w3wp!library!5!11/10/2006-08:32:35:: i INFO: Initializing SecureConnectionLevel to default value of '1' because it was not specified in Configuration file. w3wp!library!5!11/10/2006-08:32:35:: i INFO: Initializing DisplayErrorLink to 'True' as specified in Configuration file. w3wp!library!5!11/10/2006-08:32:35:: i INFO: Initializing WebServiceUseFileShareStorage to default value of 'False' because it was not specified in Configuration file. w3wp!ui!5!11/10/2006-08:32:39:: e ERROR: The report server is not responding. Verify that the report server is running and can be accessed from this computer. w3wp!ui!5!11/10/2006-08:32:39:: e ERROR: HTTP status code --> 500 -------Details-------- Microsoft.ReportingServices.UI.Global+RSWebServiceWrapper+CantCommunicateWithReportServerException: The report server is not responding. Verify that the report server is running and can be accessed from this computer.
at Microsoft.ReportingServices.UI.Global.RSWebServiceWrapper.GetSecureMethods()
at Microsoft.SqlServer.ReportingServices2005.RSConnection.IsSecureMethod(String methodname)
at Microsoft.SqlServer.ReportingServices2005.RSConnection.ValidateConnection()
at Microsoft.ReportingServices.UI.ReportingPage.EnsureHttpsLevel(HttpsLevel level)
at Microsoft.ReportingServices.UI.ReportingPage.ReportingPage_Init(Object sender, EventArgs args)
at System.EventHandler.Invoke(Object sender, EventArgs e)
at System.Web.UI.Control.OnInit(EventArgs e)
at System.Web.UI.Page.OnInit(EventArgs e)
at System.Web.UI.Control.InitRecursive(Control namingContainer)
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) w3wp!ui!5!11/10/2006-08:32:40:: e ERROR: Exception in ShowErrorPage: System.Threading.ThreadAbortException: Thread was being aborted. at System.Threading.Thread.AbortInternal() at System.Threading.Thread.Abort(Object stateInfo) at System.Web.HttpResponse.End() at System.Web.HttpServerUtility.Transfer(String path, Boolean preserveForm) at Microsoft.ReportingServices.UI.ReportingPage.ShowErrorPage(String errMsg) at at System.Threading.Thread.AbortInternal() at System.Threading.Thread.Abort(Object stateInfo) at System.Web.HttpResponse.End() at System.Web.HttpServerUtility.Transfer(String path, Boolean preserveForm) at Microsoft.ReportingServices.UI.ReportingPage.ShowErrorPage(String errMsg)
So that's it. Thanks for any help you can provide.
Hello.... I have the following setup: SQL/RS/Sharepoint on a server, ISA 2006 on another server and RS/WSS integration, published to the internet via NTLM / ISA authentication.
Report publishing finally works fine, but I am unable to launch the ReportBuilder through the Internet. Within the intranet works just fine. The error I get in the log when Report Builder starts to download itself is:
+ The remote server returned an error: (407) Proxy Authentication Required.
Any ideas ? Any way to pre-download the ReportBuilder? Any way to set anonymous access to the specific component?
Hi, I am developing a website that will use the VS Report Viewer control to display some business reports.....The website will be on the internet, but the report viewer will need to access an internal report server that the internet users don't have access to? Is this possible, or the correct way to do this? Any ideas / suggestions would be appreciated!
I am using SQL 2000 SP4 and Report Server SP2 on W2k3 SP1 Server.
I am having trouble displaying the report pages if I am connected from the Internet.
I have no problem if I am connected in the office (Intranet).
The frame that is not show is underneath the New Subscription bar in my report page. I can see everything above (header pages etc) and Home page etc.
I think for some reasons the request frame URL page is still https://myserver/Repor... instead https://myserver.mycompany.com/Report...
Thank's for any help
gogu
PS: Also I am able to deploy only from the Intranet with Target Server URL https://myserver/ReportServer If I setup VS.NET deploy Target Server URL https://myserver.mycompany.com/ReportServer it comes up with "A connection could not be made ..." If I open the Browser from the Intranet I can see the reports pages even if with https://myserver.mycompany.com/Reports... but it ask me for Username / Password. How can I tell VS.NET when deploy to use username/password?
I was able to log in to SSRS report manager. But i was unable to run a report i designed on report builder.
It prompts for login when i wanted to run the report and i used the same windows authentication to sign in
It will show me the parameters but when i click on view report it gives this error
"Data source 'DataSource1': An error has occurred.
Details: Microsoft.ReportingServices.ReportProcessing.ReportProcessingException: Cannot create a connection to data source 'DataSource1'. ---> System.Data.SqlClient.SqlException: Login failed for user 'Acc-11Admin'."
If we decide to make Report Manager the UI facing both internet and intranet users, but prefer that our intranet users not face the performance hit created by SSL, and prefer that SSL be turned on for internet users, what options do we have for configuting our RS environment if all users ultimately use the same reports and we wish to keep number of licenses at a minimum?
For using different services of SQL SERVER 2005 which is better... Windows Authentication or SQL Server Authentication? what are the advantages and disadvantages of both?
After implementing custom security extension for forms authentication, the report server works fine with Report Manager and web application. However, there is a problem with Report Builder.
It gives SecurityException "That assembly does not allow partially trusted callers.". Its becos I am using my own security assembly for authentication. I resolved this issue by using the following in my assemblyinfo.cs
However, now when I login to Report Builder it gives me error System.IO.FileNotFoundException. Its not able to find my security assembly.
I also tried giving FullTrust to the assembly using Framework 2.0 Configuration. I read somewhere that the ClickOnce application caches its last called settings in the manifest file and you have to delete the manifest and manually alter the security in the application settings(properties).
Is this true? Is there any solution to this issue? Is this really an issue with clickonce application?
We are using custom authentication to acess the report server.Users can access reports only through a .net application. Now we want to give the users the ability to deploy their reports trhough a .net client utility with out changing the anonymous security setting in IIS.
Can anyone point me in the right direction . Can we use rs.exe to deploy reports under forms authenticated mode...
In a nut shell "Is there a way to deploy report through forms authentication"/
I have implemented forms authentication via a custom security extension in RS2005 as described in a relevant sample. I am asked for credentials when accessing the Report Manager and the Report Builder, however I can no longer connect to the report server in SQL Server Management Studio (I get HTML code as the error message) and the Preview tab in the Report Designer now fails with User Not Authorized.
I can live with the first problem, but the Report Designer needs to work. When I debug the extension, I can see that LogonUser method is being passed empty strings. This makes sense, since the Report Designer has not asked me for the credentials. Do I need to modify any the of the Designer configs to have it pop up the username/password window (similar to Report Builder) or is the only solution to use Windows Authentication on development machines and Forms Authentication in production?
Hi, I would like to know how to call a report from a report viewer control in a web application. The reporting services is forms authenticated. I've done this authentication using the sample solution given by microsoft (adding custom security extension). Now am able to view the reports from Report manager and Report server URL. But i dont know how to authenticate the user from my web application and pass the credentials to the report server to view the report in report viewer control. Can somebody help in this? its bit urgent. Thanks in advance
I'm working on a web project that will display the reports in an iframe to the user. When I was using windows security It worked perfectly.
Now my boss wants me to use form based authentication instead that can authenticate against our current Active Directory. This is working perfectly and does authenticate correctly. The only problem is that when I load a report in the iframe http://myserver/reportserver/myreport-blah reporting services prompts the user to enter in windows credentials. Is there anyway to pass my form credentials to the report server so that the user doesn't have to log in again.
Both the report server and the web app are on the same server BUT in different virtual directories.
PS: I tried using the reportviewer control but it does not display things correctly. For example, I have use a multi select dropdown on the reports and it messes up the drop down when the user only has 1 selection (hiding the selection). If the user has more than one selection the drop down uses scroll bars. I would use the reportviewer control if it displayed exactly like it does when using alternate URL method.
Hey, I was just wondering if someone could point me in the right direction on an issue. I've got the authentication portion of a custom security extension working properly (while authorization is just sort of giving everyone a pass) and all of my Googling efforts seem to be bearing little fruit. Now that authentication is in place, whenever I try to deploy a report from Visual Studio, it comes up with an error.
The error is that it is getting the authentication html login page set in web.config (as I expected), while it was looking for an xml page. I'm a bit new to this side of things so I'm not really even sure where I should be looking to see what kind of xml page it wants and such.
I don't need anyone to bother explaining the entire thing to me as I should be able to figure it out once I can get a start, but as I said I just need a kick in the right direction because my Google-fu has failed
Hi, I am developing a VB app that will be accessed over the net. What do i need to do so that my users will be able to connect to the SQL server without being denied the permission. a hind regarding the network library settings will be most appreciated. Thanks in advance. Deepak.
I want to connect to other computer that installed M$ SQL Server2K over INTERNET. could you help me, plz.
I have used DNS (DOMAIN NAME SYSTEM) to forward to my computer( that connect to INTERNET) and my friend computer is the same. (because we have not static IP).
I am so confused and I am getting no help from the Microsoft, two months and only stammering from their representatives. I need to set up a Sql Server database that will allow internet access. This is not an e-commerce situation. At most there will be 10 known users of this system accessing statistical data. I had priced this system to use Backoffice, but as I now read this is not legal for internet use. It also appears that a processor license is required for internet access (not entirely clear on this). Access and MSDE also don't appear to be legal for internet access. The customer is on a shoe string budget. If I use stand-alone components the budget only covers an one processor SQL Server 2000 license. I don't like the idea of setting up a database system with only one processor. Is there another Sql Server based option I am not aware of? Its looking like a linux/mysql option - Yikes!
I need to develop an application in vb.net that uses sql server database so that user can access the use the application over the inter net. How Can I accomplish that ? What are the options ?
I'm reasonably new to MS SQL server, I've mostly been setting up databases and creating ASP Pages to look at them with.
However recently I've been given a fun job and I can't seem to find a way to do it.
The problem is we have 2 servers located on different sites, one is actually doing stuff the other just monitors some equipment and when status chages on the equipment a report is made to a table. The software doing this is bespoke and it would cost a fortune to have changed, what we want to do is have the monitoring server send a copy of the inserted row as they get inserted.
I've tried linking the servers via ODBC (in the linked servers part) but when a trigger i've put on the insert table fires it throws up an error about ANSI NULLS and WARNINGS and nothing happens.
After a look round on the internet I've found reference to using the 'set ANSI_NULLS' on command but this seems to be for stored procedures, even then when i try to execute the stored procedure as they show it still comes back with this error.
Can anyone suggest any other ways of copying the inserted row across?
Both servers are MS SQL but are not on a LAN so I have to refere to them as IP addresses.
I know it is possible to establish a connection to an SQL Server overthe Internet via Enterprise Manager. My question is, how secure is thisconnection? Is there a best practices document for this type ofconnection?Here is my scenario:We are looking to outsource our web hosting. Currently, we uploadclient sensitive data to our SQL Server databases within our internalnetwork. If we outsource, the SQL server will be on a differentnetwork. We are behind a firewall here and the dedicated hosted SQLServer will also be behind a firewall. Is the Enterprise Managerconnection succeptable to hackers? If so any reccomendations on how toaccomplish this would be appreciated.Another scenario is connecting to the SQL Server through a DSN. Canthis be accomplished from inside our network to outsourced server? Howsecure would that connection be?Thanks in Advance.
We have the following problem. Our DB (MSDE 2000) is situated on remote server on which we
have administrator privilege. The application which works on Local net connect to every machine in
the net and see the database on one of the mashine as well.
The connection string is data source=192.168.0.1XXXX;initial catalog=XXXX;integrated security=SSPI;persist security
info=True;workstation id=XXXX;packet size=4096"
but when we change IP in the connection string to our remote server(in internet with static IP) one we get
an exception says that SQL server does not exist or access denied. We opened ports on firewall but problem is still here. Then swithched off the firewall at all