Menu
*The details of the environment is described at the bottom.
I am trying to build an authentication solution for reporting services.
Online costumers should be authenticated using our existing costumer database, while local administrative users could use a simple, Basic, authentication.
I have made a security extension to SSRS using the codeplex examples and the way I use to issue the basic challenge is as follows
public void GetUserInfo(out IIdentity userIdentity, out IntPtr userId) { if (HttpContext.Current != null && HttpContext.Current.User != null) userIdentity = HttpContext.Current.User.Identity; else { HttpContext.Current.Response .AddHeader("WWW-Authenticate", "Basic realm=\"ReportServer\""); HttpContext.Current.Response.Status = "401 Unauthorized"; HttpContext.Current.Response.Flush(); HttpContext.Current.Response.Close(); userIdentity = new GenericIdentity("not authorized"); } userId = IntPtr.Zero; } That way when a user that haven't passed through the LogonUser method (ie. direct url access, bids report deployment, not the regular user apps) gets challenged with a Basic logon/password popup. To support this I made a httpmodule as follows
void IHttpModule.Init(HttpApplication context) { context.AuthenticateRequest += CustomAuthenticateRequest; } void CustomAuthenticateRequest(object sender, EventArgs e) { var app = sender as HttpApplication; if (app == null) return; var basicAuth = app.Context.Request.Headers["Authorization"]; if (!string.IsNullOrEmpty(basicAuth)) { var loginpass = Encoding.Default.GetString( Convert.FromBase64String(basicAuth.Replace("Basic ", ""))).Split(':'); if (loginpass.Length == 2 && loginpass[0] == adminUser && loginpass[1] == adminPass) { app.Context.User = new GenericPrincipal( new GenericIdentity(adminUser), null); } } } This works fine when accessing /ReportServer URL, I get challenged, enter the hardcoded admin login/pass and get logged on.
The problem is when accessing /Reports I get
System.Net.WebException: The request failed with HTTP status 401: Unauthorized
I want to know how can I pass the login/pass challenge all the way down to /Reports
I'm running SqlServer 2012 along with Reporting Services 2012, but the inner workings haven't changed from SSRS 2008-R2
In my web.config I have
<authentication mode="None" /> <identity impersonate="false" />, and the entry for the httpmodule On rssrvpolicy.config the codegroup for my httpmodule is with FullTrust
On rsreportserver.config I have
<AuthenticationTypes> <Custom/> </AuthenticationTypes>, and the entry for the security extension I don't have SSL configured, yet, and the bindings are at their default
423
Credentials = new NetworkCredential("username", "password", "domain"); divContents. InnerText = client. DownloadString(my report path);
On the Windows machine where you installed SSRS, locate the rsreportserver. config file. The default location is C:\Program Files\Microsoft SQL ServerReportingServicesInstance\Reporting Services\ReportServer\rsreportserver. config.
The steps are very simple: Standard install of SSRS 2005 (Integrated authentication) In IIS, duplicate the ReportingServices virtual directory and name it Public. Under Public properties set Directory Security - Authentication and Access Control - to Enable Anonymous access using the IUSR_ account.
From the error message, it seems that the authentication error occurs on rendering the UI of the report manager. Please go to the folder, c:\Program Files\Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services\ReportManager\, and find out the web.config file, and apply the following changes.
<authentication mode="None" /> <identity impersonate="false" />, and the entry for the httpmodule If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
