3

I've searched the better part of 2 days for an answer (here and elsewhere on the net) and I am thoroughly stumped.

In brief- I have an app with an IFrame that I want to have render certain reports using the Report Server ReportViewer (URL Access).

Everything works as I expected, with the not-so-subtle exception of the fact that upon the first request to the Report Server via URL access, I get an annoying prompt asking for username and password*. Subsequent requests work just fine- no prompts, fluid, clean, SSRS as I expect it to behave**.

From what I can gather, I essentially need to make my application send all Requests in an "authenticated" manner that the Report Server understands and thereby things can bypass this security prompt. I tried setting up Custom Forms authentication in both my app and the Report Server to no avail (followed a guide for 2012, maybe why no luck there).

Is there some SSRS/Security expert or someone more experienced than me out there who can tell me (or even suggest an idea) how to get my URL access to work from my web app client without the darn security prompt/popup on 1st Request?

I simply want to send authenticated username/password (or just an auth'd Request) to Report Server and not have this prompt pop up. My users cannot have the Report Server credentials. I thought this would be a relatively straightforward programmatic task. I've tried ASP.NET impersonation, authenticated cookies, and some other approaches.

Nothing is working. Can any awesome soul out there lend a brainwave?

Thanks to all who read, answer, or even simply suggest an idea. I greatly appreciate the knowledge share.

-Radagast

*this happens both when viewing the app directly on the Web/Report Server (same machine and OS) as well as when viewing the app remotely.

**as with so many fun things in software development, everything worked 100% a-OK on my local report server- both in VS as well as after I deployed my app- that is.. deployed it.. 'locally'. :/

cfitzg
  • 43
  • 10
  • 1
    I was finally able to configure Custom Security extension. – cfitzg May 10 '17 at 06:06
  • I have the exact same issue (been working on it for a week.) My attempt at a Custom Security extension failed. Can you share your code, or point me to a blog or article with an example? – Scott Duncan Nov 01 '19 at 20:46
  • No prob amigo- In my case, we were utilizing URL access and putting it in an – cfitzg Nov 02 '19 at 21:15
  • Also, to implement customized Auth, base your Auth on this walk-through: https://github.com/microsoft/Reporting-Services/tree/master/CustomSecuritySample2016 (follow every step to a T, and you will have custom auth which you can customize to work with your own db, Redis, custom jwt, cookies, Social Auth, whatever you want). If none of that resolves your issue, describe exactly what you see happening vs. what you expect and I'll do my best to help you out or at least point you in the right direction. -colin – cfitzg Nov 02 '19 at 21:15
  • PS: You want to check for the existence of a SSRS/ASPNET cookie indicating SSRS has been authenticated (via Windows or Custom Auth). I forget the name of the cookie but you'll see it when auth'd, and you won't see it when not auth'd). PPS: The answer to a lot you need to know re: customizing SSRS is in an SSRS post I made a while back: https://kpitsimpl.blogspot.com/2018/04/ssrs-extension-methods-3-levels.html – cfitzg Nov 02 '19 at 21:15
  • Thank you, cfitzg. This looks to be just what I need! – Scott Duncan Nov 04 '19 at 14:52
  • cfitzg, I have a 'chicken & egg problem' now. I followed the CustomSecurityExample & can register users & login to Reports, but these users have no authorization to view the reports. If I revert to Windows Auth, I can access the SSRS UI, but can only add domain users. How do I give these new users access rights? – Scott Duncan Nov 06 '19 at 21:49
  • Yes I recall this same scenario. We actually just modified the CustomSecuritySample. Specifically these files: AuthenticationExtension.cs >> this method: public void GetUserInfo(IRSRequestContext requestContext, out IIdentity userIdentity, out IntPtr userId)) as well you'll need to move the login from the BtnRegister_Click() method in Login.aspx.cs to PageLoad()...... and you can modify this to customize ssrs catalog object security/rights: AuthenticationUtilities.cs – cfitzg Nov 07 '19 at 23:14
  • I meant ServerBtnLogon_Click of course. Also, as a general guide (I've spent countless days debugging SSRS customization for clients), just debug your custom security assembly (watch for that ssrs-custom-auth-specific session cookie I mention above), and eventually you'll be able to find a path that allows for persistent auth and proper security/access right for your particular needs. In our case, we were using a token from another Auth app that auth'd the client in RS (if the client does not already have that session cookie or has an expired session cookie). – cfitzg Nov 07 '19 at 23:17
  • If you have some generic code to post of what you think you want to do, I can offer thoughts. Otherwise I can provide some sample code if I can find any shareable or whip some up. Just let me know if you are still stuck after reviewing and implementing your custom stuff re: the above suggestions. – cfitzg Nov 07 '19 at 23:23
  • Thanks, cfitzg for the suggestions. I found the problem, just a simple misconfiguration. In the RSReportServer.config, I did not identify the Admin Account correctly in the element. The sample code did not explain that need at all, and in general I found the sample code README really needs to be updated by Microsoft. Hopefully this will be the last time I bother you. – Scott Duncan Nov 08 '19 at 15:05
  • No bother, glad it all worked out man. And agreed Microsoft should make sure documentation is complete. Share whatever you learn is my motto. – cfitzg Nov 10 '19 at 21:05

0 Answers0