24

*The details of the environment is described at the bottom.

I am trying to build an authentication solution for reporting services.

Online costumers should be authenticated using our existing costumer database, while local administrative users could use a simple, Basic, authentication.

I have made a security extension to SSRS using the codeplex examples and the way I use to issue the basic challenge is as follows

public void GetUserInfo(out IIdentity userIdentity, out IntPtr userId)
{
    if (HttpContext.Current != null && HttpContext.Current.User != null)
        userIdentity = HttpContext.Current.User.Identity;
    else
    {
        HttpContext.Current.Response
            .AddHeader("WWW-Authenticate", "Basic realm=\"ReportServer\"");
        HttpContext.Current.Response.Status = "401 Unauthorized";
        HttpContext.Current.Response.Flush();
        HttpContext.Current.Response.Close();
        userIdentity = new GenericIdentity("not authorized");
    }

    userId = IntPtr.Zero;
}

That way when a user that haven't passed through the LogonUser method (ie. direct url access, bids report deployment, not the regular user apps) gets challenged with a Basic logon/password popup. To support this I made a httpmodule as follows

void IHttpModule.Init(HttpApplication context)
{
    context.AuthenticateRequest += CustomAuthenticateRequest;
}

void CustomAuthenticateRequest(object sender, EventArgs e)
{
    var app = sender as HttpApplication;

    if (app == null) return;

    var basicAuth = app.Context.Request.Headers["Authorization"];

    if (!string.IsNullOrEmpty(basicAuth))
    {
        var loginpass = Encoding.Default.GetString(
           Convert.FromBase64String(basicAuth.Replace("Basic ", ""))).Split(':');
        if (loginpass.Length == 2 
            && loginpass[0] == adminUser 
            && loginpass[1] == adminPass)
        {
            app.Context.User = new GenericPrincipal(
                new GenericIdentity(adminUser), null);
        }
    }
}

This works fine when accessing /ReportServer URL, I get challenged, enter the hardcoded admin login/pass and get logged on.

The problem is when accessing /Reports I get

System.Net.WebException: The request failed with HTTP status 401: Unauthorized

I want to know how can I pass the login/pass challenge all the way down to /Reports

I'm running SqlServer 2012 along with Reporting Services 2012, but the inner workings haven't changed from SSRS 2008-R2

In my web.config I have

<authentication mode="None" />
<identity impersonate="false" />, and the entry for the httpmodule

On rssrvpolicy.config the codegroup for my httpmodule is with FullTrust

On rsreportserver.config I have

    <AuthenticationTypes>
        <Custom/>
    </AuthenticationTypes>, and the entry for the security extension

I don't have SSL configured, yet, and the bindings are at their default

Paras Joshi
  • 20,427
  • 11
  • 57
  • 70
Thiago Dantas
  • 670
  • 6
  • 16
  • I would still love an answer, but for now I've done a workaround. On my HttpModule I only allow access to report manager through local machine access. When accessing from the local machine I just set the context user as admin. An awfully ugly solution, but a solution neverthless. – Thiago Dantas Jul 01 '12 at 20:28
  • ReportManager talks to ReportServer using same public SOAP API, so it has to authenticate itself somehow. I guess that you need to add same module into ReportManager configuration files. I hope ReportManager then will use same auth cookie or credentials to talk to ReportServer. – user1578107 Aug 07 '12 at 21:27
  • Custom security is possible. If you override the Authenticate and Authorize methods at the SSRS service level then it is just a matter of including the functions with the ssrs manager and providing a default login page. – Ross Bush Feb 04 '13 at 01:48
  • May be you need another SSIS security extention for Reports? You have `Basic realm=\"ReportServer\""`, but what happens when you access a different "realm" - There is no regular authenticataion and there is no request for Basic auth... – Stoleg May 28 '13 at 12:55

1 Answers1

4

From the error message, it seems that the authentication error occurs on rendering the UI of the report manager. Please go to the folder, c:\Program Files\Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services\ReportManager\, and find out the web.config file, and apply the following changes.

<authentication mode="None" />
<identity impersonate="false" />, and the entry for the httpmodule
YASH GOLWARA
  • 41
  • 7