Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Windows Authentication with SSRS ASP.NET ReportViewer and Web Service

I'm having a few problems using SSRS currently. I have an ASP.NET website that uses Windows Authentication. That works fine and I know the website current user is the currently logged on user.

On this site is a webforms ReportViewer. This works fine when I don't set credentials. However looking at the execution log for the reports in SQL Server the Username is listed as DOMAIN\MACHINE.

I've tried setting the ReportServerCredentials property to a class like the one below:

[Serializable]
public class ReportCredentials : IReportServerCredentials   
{

    public bool GetFormsCredentials(out Cookie authCookie, out string userName, out string password, out string authority)
{
    authCookie = null;
    userName = null;
    password = null;
    authority = null;

    return false;
}

public WindowsIdentity ImpersonationUser
{
    get {
        return (WindowsIdentity)HttpContext.Current.User.Identity;
    }
}

public ICredentials NetworkCredentials
{
    get {
        return null;
    }
}

}

However, when this code executes I now get a 401 back from the web service and report service.

What's going on? They're both on the same domain. I want to use the current user and not the current machine. If I run the report on the report server it lists under the correct username, just not from my website.

like image 776
Lloyd Avatar asked Oct 07 '22 10:10

Lloyd


1 Answers

I was having my own troubles here but was ultimately successful.

Machine 1: client browser

Machine 2: webserver

Machine 3: SSRS + SQL Server

To solve the double hop I had the IT department turn on Active Directory Delegation for Machine2, setting to "Trust this computer for delegation to any service (Kerberos Only)".

On my webserver I modified the Web.config file to have:

 <authentication mode="Windows"/>
 <identity impersonate="true"/>

On the SSRS server I modified the rsreportserver.config file, adding <RSWindowsNegotiate/> to the <AuthenticationTypes> section. I believe the default is <RSWindowsNTLM/>. I just left both in there, giving me:

I restarted the SSRS server and all started working.

Hope this helps someone!

like image 77
kjo4jc Avatar answered Oct 11 '22 00:10

kjo4jc