Am I missing something when setting up Custom Authentication? We are testing
with the Enterprise version but only in development. We'd LOVE to do it with
the Standard Version so we don't have to buy Enterprise just for web apps.
Bascially, I don't want to require users to login to the report server AFTER
they've already logged in to our web application. I built the custom
authentication sample and had it working fine but when I try and use
logonUser to force credentials in, it still redirect to the login.aspx for
the reportserver.
Also, I don't want to use the SOAP API because our reports need to have a
toolbar
Is it possible to use Custom Forms Authentication with an internet app where
my reportserver is BEHIND the firewall and NOT require the user to log in
directly to the web server' Or is it as simple as moving the Report Server
up onto the exposed IIS server?
Any guidance or sample code would be much appreciated.I am in a very similar situation. If you did find any solution or code
snippet to help you out of this, can you please post it here ? It will be a
great help.
DC
"bteclt" <bteclt@.discussions.microsoft.com> wrote in message
news:3C03F1FF-392E-41DB-856B-1B46969D0CB0@.microsoft.com...
> Am I missing something when setting up Custom Authentication? We are
testing
> with the Enterprise version but only in development. We'd LOVE to do it
with
> the Standard Version so we don't have to buy Enterprise just for web apps.
> Bascially, I don't want to require users to login to the report server
AFTER
> they've already logged in to our web application. I built the custom
> authentication sample and had it working fine but when I try and use
> logonUser to force credentials in, it still redirect to the login.aspx for
> the reportserver.
> Also, I don't want to use the SOAP API because our reports need to have a
> toolbar
> Is it possible to use Custom Forms Authentication with an internet app
where
> my reportserver is BEHIND the firewall and NOT require the user to log in
> directly to the web server' Or is it as simple as moving the Report
Server
> up onto the exposed IIS server?
> Any guidance or sample code would be much appreciated.
>|||DC,
I can tell you this...I've spent days now reading the various forums and
have not found any luck with this. It appears most users are happy with the
SOAP API and reports without toolbars OR are trying to simply secure access
to the Report Manager via a login on the Web. I assume there are people that
want on-demand reports that render in a browser using the Viewer Control or
the Toolbar (and without a secondary login to the report server) but they
don't seem to want to respond to the forums. I've also seen a lot of
frustration from folks simply trying to implement the custom security. I
would have assume Microsoft would have been very interested in making
reporting via the Internet an easy task to implement but it appears they are
happy letting Crystal Reports keep a strong grip on the marketplace. Don't
get me wrong, they/we should be concerned about securing our apps but they
should also not make it required for us to be web developers, network admins
and security specialists and DBA's all at once...just seems like it gets to
the point where frustration wins out and staying with current reporting
solutions (we use Crystal) or searching for others is the best way out. I'll
post back to this forum anything else I find out though! I'd appreciate it
if you could do the same...maybe one of us can crack this
"DC" wrote:
> I am in a very similar situation. If you did find any solution or code
> snippet to help you out of this, can you please post it here ? It will be a
> great help.
> DC
>
> "bteclt" <bteclt@.discussions.microsoft.com> wrote in message
> news:3C03F1FF-392E-41DB-856B-1B46969D0CB0@.microsoft.com...
> > Am I missing something when setting up Custom Authentication? We are
> testing
> > with the Enterprise version but only in development. We'd LOVE to do it
> with
> > the Standard Version so we don't have to buy Enterprise just for web apps.
> >
> > Bascially, I don't want to require users to login to the report server
> AFTER
> > they've already logged in to our web application. I built the custom
> > authentication sample and had it working fine but when I try and use
> > logonUser to force credentials in, it still redirect to the login.aspx for
> > the reportserver.
> >
> > Also, I don't want to use the SOAP API because our reports need to have a
> > toolbar
> >
> > Is it possible to use Custom Forms Authentication with an internet app
> where
> > my reportserver is BEHIND the firewall and NOT require the user to log in
> > directly to the web server' Or is it as simple as moving the Report
> Server
> > up onto the exposed IIS server?
> >
> > Any guidance or sample code would be much appreciated.
> >
> >
>
>|||I am sorry about your frustration. This queston has been asked zillion times
in different flavors.
Let's leave RS aside. Your question boils down to:
"If I have two web applications (one Internet-facing and the other behind a
firewall) can a web user access the private web app? And the answer is no.
URL addressability (if this is what you want) relies on direct access to the
Report Server and your Report Server has to be Internet-facing as well. In
addition, since Forms Authentication is cookie-based, all cookie-related
restrictions apply, e.g. cross-domain cookies are not allowed so both apps
have to be on the same domain, when testing don't use localhost, etc.
As a side note, one of things developers including myself appreciate most
about RS is its extensible model. It allows you to extend/replace data,
security, delivery and rendering functionality. Try doing this with
Crystal...
--
Hope this helps.
---
Teo Lachev, MVP [SQL Server], MCSD, MCT
Author: "Microsoft Reporting Services in Action"
Publisher website: http://www.manning.com/lachev
Buy it from Amazon.com: http://shrinkster.com/eq
Home page and blog: http://www.prologika.com/
---
"bteclt" <bteclt@.discussions.microsoft.com> wrote in message
news:D26EE429-EAAF-44C2-9AA4-01F2B6206F39@.microsoft.com...
> DC,
> I can tell you this...I've spent days now reading the various forums and
> have not found any luck with this. It appears most users are happy with
the
> SOAP API and reports without toolbars OR are trying to simply secure
access
> to the Report Manager via a login on the Web. I assume there are people
that
> want on-demand reports that render in a browser using the Viewer Control
or
> the Toolbar (and without a secondary login to the report server) but they
> don't seem to want to respond to the forums. I've also seen a lot of
> frustration from folks simply trying to implement the custom security. I
> would have assume Microsoft would have been very interested in making
> reporting via the Internet an easy task to implement but it appears they
are
> happy letting Crystal Reports keep a strong grip on the marketplace.
Don't
> get me wrong, they/we should be concerned about securing our apps but they
> should also not make it required for us to be web developers, network
admins
> and security specialists and DBA's all at once...just seems like it gets
to
> the point where frustration wins out and staying with current reporting
> solutions (we use Crystal) or searching for others is the best way out.
I'll
> post back to this forum anything else I find out though! I'd appreciate
it
> if you could do the same...maybe one of us can crack this
>
> "DC" wrote:
> > I am in a very similar situation. If you did find any solution or code
> > snippet to help you out of this, can you please post it here ? It will
be a
> > great help.
> >
> > DC
> >
> >
> > "bteclt" <bteclt@.discussions.microsoft.com> wrote in message
> > news:3C03F1FF-392E-41DB-856B-1B46969D0CB0@.microsoft.com...
> > > Am I missing something when setting up Custom Authentication? We are
> > testing
> > > with the Enterprise version but only in development. We'd LOVE to do
it
> > with
> > > the Standard Version so we don't have to buy Enterprise just for web
apps.
> > >
> > > Bascially, I don't want to require users to login to the report server
> > AFTER
> > > they've already logged in to our web application. I built the custom
> > > authentication sample and had it working fine but when I try and use
> > > logonUser to force credentials in, it still redirect to the login.aspx
for
> > > the reportserver.
> > >
> > > Also, I don't want to use the SOAP API because our reports need to
have a
> > > toolbar
> > >
> > > Is it possible to use Custom Forms Authentication with an internet app
> > where
> > > my reportserver is BEHIND the firewall and NOT require the user to log
in
> > > directly to the web server' Or is it as simple as moving the Report
> > Server
> > > up onto the exposed IIS server?
> > >
> > > Any guidance or sample code would be much appreciated.
> > >
> > >
> >
> >
> >|||Teo,
Ok, if I follow your post here and my configuration is as follows:
a) SRS running on Default Web site in Production IIS envirnonment with
custom security dll set up as prescribed in the Microsoft Forms
Authentication Sample
b) Production web site (in this case on the exact same server as SRS) that
uses a Forms based authentication (ie. we have users table in MSSQL that is
checked with a login stored procedure based on click event from submit button
on web login page)
c) Production MSSQL DB is behind firewall and is connected through the web app
d) hyperlinks on the menu to individual SQL Reports
I want to run the SQL Reports in an on-demand format from the clicks on the
hyperlinks (in other words, click link, report opens with the toolbar on top
or preferably in the VIEWER control). Remember, I DON'T want to use the SOAP
API becuase I need the toolbars.
What's the best method to :
1) Instantiate the credentials into the report from the web app (I can hard
code these in the app based on the roles etc I set up in the user store from
the custom authentication sample)
2) Open the report without requiring a login to the report server (ie. login
automatically based on the credentials passed in step one). Specifically, I
HAVE TO have the toolbar on top or in a perfect world I'd like to use the
viewer
Any samples or links to examples would be GREAT!!! As an aside, we primarily
use vb.net in our code behinds so that is preferred but any solutions (C# or
VB) would save us in a big way. (And FYI - I have your book and have read
the section about doing this but it talks mostly about having users login to
the UIlogon.aspx and that's what I am trying to avoid...can this be done?)
Thanks in Advance!
BTE
"Teo Lachev [MVP]" wrote:
> I am sorry about your frustration. This queston has been asked zillion times
> in different flavors.
> Let's leave RS aside. Your question boils down to:
> "If I have two web applications (one Internet-facing and the other behind a
> firewall) can a web user access the private web app? And the answer is no.
> URL addressability (if this is what you want) relies on direct access to the
> Report Server and your Report Server has to be Internet-facing as well. In
> addition, since Forms Authentication is cookie-based, all cookie-related
> restrictions apply, e.g. cross-domain cookies are not allowed so both apps
> have to be on the same domain, when testing don't use localhost, etc.
> As a side note, one of things developers including myself appreciate most
> about RS is its extensible model. It allows you to extend/replace data,
> security, delivery and rendering functionality. Try doing this with
> Crystal...
> --
> Hope this helps.
> ---
> Teo Lachev, MVP [SQL Server], MCSD, MCT
> Author: "Microsoft Reporting Services in Action"
> Publisher website: http://www.manning.com/lachev
> Buy it from Amazon.com: http://shrinkster.com/eq
> Home page and blog: http://www.prologika.com/
> ---
> "bteclt" <bteclt@.discussions.microsoft.com> wrote in message
> news:D26EE429-EAAF-44C2-9AA4-01F2B6206F39@.microsoft.com...
> > DC,
> > I can tell you this...I've spent days now reading the various forums and
> > have not found any luck with this. It appears most users are happy with
> the
> > SOAP API and reports without toolbars OR are trying to simply secure
> access
> > to the Report Manager via a login on the Web. I assume there are people
> that
> > want on-demand reports that render in a browser using the Viewer Control
> or
> > the Toolbar (and without a secondary login to the report server) but they
> > don't seem to want to respond to the forums. I've also seen a lot of
> > frustration from folks simply trying to implement the custom security. I
> > would have assume Microsoft would have been very interested in making
> > reporting via the Internet an easy task to implement but it appears they
> are
> > happy letting Crystal Reports keep a strong grip on the marketplace.
> Don't
> > get me wrong, they/we should be concerned about securing our apps but they
> > should also not make it required for us to be web developers, network
> admins
> > and security specialists and DBA's all at once...just seems like it gets
> to
> > the point where frustration wins out and staying with current reporting
> > solutions (we use Crystal) or searching for others is the best way out.
> I'll
> > post back to this forum anything else I find out though! I'd appreciate
> it
> > if you could do the same...maybe one of us can crack this
> >
> >
> >
> > "DC" wrote:
> >
> > > I am in a very similar situation. If you did find any solution or code
> > > snippet to help you out of this, can you please post it here ? It will
> be a
> > > great help.
> > >
> > > DC
> > >
> > >
> > > "bteclt" <bteclt@.discussions.microsoft.com> wrote in message
> > > news:3C03F1FF-392E-41DB-856B-1B46969D0CB0@.microsoft.com...
> > > > Am I missing something when setting up Custom Authentication? We are
> > > testing
> > > > with the Enterprise version but only in development. We'd LOVE to do
> it
> > > with
> > > > the Standard Version so we don't have to buy Enterprise just for web
> apps.
> > > >
> > > > Bascially, I don't want to require users to login to the report server
> > > AFTER
> > > > they've already logged in to our web application. I built the custom
> > > > authentication sample and had it working fine but when I try and use
> > > > logonUser to force credentials in, it still redirect to the login.aspx
> for
> > > > the reportserver.
> > > >
> > > > Also, I don't want to use the SOAP API because our reports need to
> have a
> > > > toolbar
> > > >
> > > > Is it possible to use Custom Forms Authentication with an internet app
> > > where
> > > > my reportserver is BEHIND the firewall and NOT require the user to log
> in
> > > > directly to the web server' Or is it as simple as moving the Report
> > > Server
> > > > up onto the exposed IIS server?
> > > >
> > > > Any guidance or sample code would be much appreciated.
> > > >
> > > >
> > >
> > >
> > >
>
>|||Please find my comments inline.
--
Hope this helps.
---
Teo Lachev, MVP [SQL Server], MCSD, MCT
Author: "Microsoft Reporting Services in Action"
Publisher website: http://www.manning.com/lachev
Buy it from Amazon.com: http://shrinkster.com/eq
Home page and blog: http://www.prologika.com/
---
"bteclt" <bteclt@.discussions.microsoft.com> wrote in message
news:92AF49BE-22E1-4C01-B177-F802D3D5193C@.microsoft.com...
> Teo,
> Ok, if I follow your post here and my configuration is as follows:
> a) SRS running on Default Web site in Production IIS envirnonment with
> custom security dll set up as prescribed in the Microsoft Forms
> Authentication Sample
> b) Production web site (in this case on the exact same server as SRS) that
> uses a Forms based authentication (ie. we have users table in MSSQL that
is
> checked with a login stored procedure based on click event from submit
button
> on web login page)
> c) Production MSSQL DB is behind firewall and is connected through the web
app
> d) hyperlinks on the menu to individual SQL Reports
> I want to run the SQL Reports in an on-demand format from the clicks on
the
> hyperlinks (in other words, click link, report opens with the toolbar on
top
> or preferably in the VIEWER control). Remember, I DON'T want to use the
SOAP
> API becuase I need the toolbars.
> What's the best method to :
> 1) Instantiate the credentials into the report from the web app (I can
hard
> code these in the app based on the roles etc I set up in the user store
from
> the custom authentication sample)
Teo: There is only one way. You can the RS LogonUser SOAP API and pass the
user credientials. LogonUser in turns calls
IAuthenticationExtension.LogonUser in your custom security extension.
> 2) Open the report without requiring a login to the report server (ie.
login
> automatically based on the credentials passed in step one). Specifically,
I
> HAVE TO have the toolbar on top or in a perfect world I'd like to use the
> viewer
>
Teo: Same as above. Once LogonUser is called and
IAuthenticationExtension.LogonUser returns true (user is authenticated), the
Report Server will proceed by issuing an authentication ticket in the form
of a cookie (just like ASP.NET Forms Authentication does). From there, as
long as the cookie is passed back, the Report Server will treat the user is
authenticated and won't prompt the user to log in again.
> Any samples or links to examples would be GREAT!!! As an aside, we
primarily
> use vb.net in our code behinds so that is preferred but any solutions (C#
or
> VB) would save us in a big way. (And FYI - I have your book and have read
> the section about doing this but it talks mostly about having users login
to
> the UIlogon.aspx and that's what I am trying to avoid...can this be done?)
>
Teo: Thanks for purchasing my book. I tend to disagree with you though.
Chapter 15 (15.4.1) explains how RS custom security can be integrated with a
web application similar to your scenario. It leverages the enchanced version
of the Report Viewer I wrote but the concept is the same. Remember,
UILogon.aspx is for the Report Manager, Logon.aspx is what the Report Server
uses to prompt the user, Login.aspx is the custom login page inside my
application.
I wrote a two-part article about Forms Authentication which goes into more
details than my book does including role-membership, troubleshooting, etc.
It will be published by SQL Server Magazine in the February and March 2005
issues I think. I hope my article will help demistifying RS custom security.
> Thanks in Advance!
> BTE
> "Teo Lachev [MVP]" wrote:
> > I am sorry about your frustration. This queston has been asked zillion
times
> > in different flavors.
> >
> > Let's leave RS aside. Your question boils down to:
> >
> > "If I have two web applications (one Internet-facing and the other
behind a
> > firewall) can a web user access the private web app? And the answer is
no.
> > URL addressability (if this is what you want) relies on direct access to
the
> > Report Server and your Report Server has to be Internet-facing as well.
In
> > addition, since Forms Authentication is cookie-based, all cookie-related
> > restrictions apply, e.g. cross-domain cookies are not allowed so both
apps
> > have to be on the same domain, when testing don't use localhost, etc.
> >
> > As a side note, one of things developers including myself appreciate
most
> > about RS is its extensible model. It allows you to extend/replace data,
> > security, delivery and rendering functionality. Try doing this with
> > Crystal...
> > --
> > Hope this helps.
> >
> > ---
> > Teo Lachev, MVP [SQL Server], MCSD, MCT
> > Author: "Microsoft Reporting Services in Action"
> > Publisher website: http://www.manning.com/lachev
> > Buy it from Amazon.com: http://shrinkster.com/eq
> > Home page and blog: http://www.prologika.com/
> > ---
> >
> > "bteclt" <bteclt@.discussions.microsoft.com> wrote in message
> > news:D26EE429-EAAF-44C2-9AA4-01F2B6206F39@.microsoft.com...
> > > DC,
> > > I can tell you this...I've spent days now reading the various forums
and
> > > have not found any luck with this. It appears most users are happy
with
> > the
> > > SOAP API and reports without toolbars OR are trying to simply secure
> > access
> > > to the Report Manager via a login on the Web. I assume there are
people
> > that
> > > want on-demand reports that render in a browser using the Viewer
Control
> > or
> > > the Toolbar (and without a secondary login to the report server) but
they
> > > don't seem to want to respond to the forums. I've also seen a lot of
> > > frustration from folks simply trying to implement the custom security.
I
> > > would have assume Microsoft would have been very interested in making
> > > reporting via the Internet an easy task to implement but it appears
they
> > are
> > > happy letting Crystal Reports keep a strong grip on the marketplace.
> > Don't
> > > get me wrong, they/we should be concerned about securing our apps but
they
> > > should also not make it required for us to be web developers, network
> > admins
> > > and security specialists and DBA's all at once...just seems like it
gets
> > to
> > > the point where frustration wins out and staying with current
reporting
> > > solutions (we use Crystal) or searching for others is the best way
out.
> > I'll
> > > post back to this forum anything else I find out though! I'd
appreciate
> > it
> > > if you could do the same...maybe one of us can crack this
> > >
> > >
> > >
> > > "DC" wrote:
> > >
> > > > I am in a very similar situation. If you did find any solution or
code
> > > > snippet to help you out of this, can you please post it here ? It
will
> > be a
> > > > great help.
> > > >
> > > > DC
> > > >
> > > >
> > > > "bteclt" <bteclt@.discussions.microsoft.com> wrote in message
> > > > news:3C03F1FF-392E-41DB-856B-1B46969D0CB0@.microsoft.com...
> > > > > Am I missing something when setting up Custom Authentication? We
are
> > > > testing
> > > > > with the Enterprise version but only in development. We'd LOVE to
do
> > it
> > > > with
> > > > > the Standard Version so we don't have to buy Enterprise just for
web
> > apps.
> > > > >
> > > > > Bascially, I don't want to require users to login to the report
server
> > > > AFTER
> > > > > they've already logged in to our web application. I built the
custom
> > > > > authentication sample and had it working fine but when I try and
use
> > > > > logonUser to force credentials in, it still redirect to the
login.aspx
> > for
> > > > > the reportserver.
> > > > >
> > > > > Also, I don't want to use the SOAP API because our reports need to
> > have a
> > > > > toolbar
> > > > >
> > > > > Is it possible to use Custom Forms Authentication with an internet
app
> > > > where
> > > > > my reportserver is BEHIND the firewall and NOT require the user to
log
> > in
> > > > > directly to the web server' Or is it as simple as moving the
Report
> > > > Server
> > > > > up onto the exposed IIS server?
> > > > >
> > > > > Any guidance or sample code would be much appreciated.
> > > > >
> > > > >
> > > >
> > > >
> > > >
> >
> >
> >
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment