Advertisement

05.16.2008 at 10:53AM PDT, ID: 23409203
[x]
Attachment Details

Report Viewer not sending credentials

Asked by kbslpdev2 in SQL Server 2005, Microsoft Visual C#.Net, MS Forefront

Tags: Microsoft, SQL Reporting Services, 2005, C# .net, IE 6

I am implementing a report viewer inside a web based c# application.  The report viewer points back to reports being served out by sql reporting services.  The ultimate goal is to have a network service account that the report viewer uses to authenticate with the report server using an implementation of the IReportServerConnection interface (see code snippet) using  Windows Integrated Authentication.   I have this working right now when the report server is set to basic authentication.  It also works with windows integrated authentication when everything is on the same box.  

I have also tried getting this to work with impersonation (<identity impersonate="true"/> in the web.config) and without any sort of impersonation (passing network service account to report server).  Always it is the same error message:

The request failed with HTTP status 401: Access Denied.

This message appears inside the report viewer.

In all cases the appropriate user has been given browse permissions for the report in report server, but I don't think it is getting that far anyway.  I have every type of logging I can think of cranked up such that any time anything tries to connect with the report server machine, tons of stuff is dumped into the system and security logs.  Whenever the reportviewer makes one of these failed requests, there is nothing accept four lines in the IIS logs:
#Fields: time c-ip cs-username s-sitename s-computername s-ip s-port cs-method cs-uri-stem cs-uri-query sc-status sc-win32-status sc-bytes cs-bytes time-taken cs-version cs-host cs(User-Agent) cs(Cookie) cs(Referer)
21:33:25 172.16.4.245 - W3SVC1 KII-B19YBD1 172.16.29.15 80 POST /ReportServer/ReportExecution2005.asmx - 401 5 4644 871 360 HTTP/1.1 kii-b19ybd1 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30;+InfoPath.1;+.NET+CLR+3.0.04506.648;+.NET+CLR+3.5.21022;+MS-RTC+LM+8) - -
21:35:03 172.16.4.245 - W3SVC1 KII-B19YBD1 172.16.29.15 80 POST /ReportServer/ReportExecution2005.asmx - 401 5 4644 895 344 HTTP/1.1 kii-b19ybd1 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30;+InfoPath.1;+.NET+CLR+3.0.04506.648;+.NET+CLR+3.5.21022;+MS-RTC+LM+8) - -
21:35:03 172.16.4.245 - W3SVC1 KII-B19YBD1 172.16.29.15 80 POST /ReportServer/ReportExecution2005.asmx - 401 5 4644 871 343 HTTP/1.1 kii-b19ybd1 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30;+InfoPath.1;+.NET+CLR+3.0.04506.648;+.NET+CLR+3.5.21022;+MS-RTC+LM+8) - -
21:35:03 172.16.4.245 - W3SVC1 KII-B19YBD1 172.16.29.15 80 POST /ReportServer/ReportExecution2005.asmx - 401 5 4644 871 344 HTTP/1.1 kii-b19ybd1 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30;+InfoPath.1;+.NET+CLR+3.0.04506.648;+.NET+CLR+3.5.21022;+MS-RTC+LM+8) - -

notice that only a '-' appears in the cs-username column.

I will add more detail if I think of anything else.Start Free Trial 
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:
47:
48:
49:
50:
51:
52:
53:
54:
55:
56:
57:
58:
59:
60:
61:
62:
63:
64:
65:
66:
67:
68:
69:
70:
71:
72:
73:
74:
75:
76:
77:
78:
79:
80:
81:
82:
83:
84:
85:
86:
87:
88:
89:
90:
91:
92:
93:
94:
95:
96:
97:
98:
99:
100:
101:
102:
103:
104:
105:
106:
107:
108:
109:
110:
111:
112:
113:

using System;
using System.Collections.Generic;
using System.Data;
using System.Configuration;
using System.Net;
using System.Security.Principal;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
using Microsoft.Reporting.WebForms;
 
/// <summary>
/// Summary description for ReportServerConnection
/// </summary>
[Serializable]
public sealed class ReportServerConnection : IReportServerConnection
{
    
    public WindowsIdentity ImpersonationUser
    {
        get
        {
            // Use the default Windows user.  Credentials will be
            // provided by the NetworkCredentials property.
            return null;
        }
    }
 
    public ICredentials NetworkCredentials
    {
        get
        {
            // Read the user information from the web.config file.  
            // By reading the information on demand instead of 
            // storing it, the credentials will not be stored in 
            // session, reducing the vulnerable surface area to the
            // web.config file, which can be secured with an ACL.
 
            string userName =
                ConfigurationManager.AppSettings
                    ["ReportViewerUser"];
 
            if (string.IsNullOrEmpty(userName))
                throw new Exception(
                    "Missing user name from web.config file");
 
            // Password
            string password =
                ConfigurationManager.AppSettings
                    ["ReportViewerPassword"];
 
            if (string.IsNullOrEmpty(password))
                throw new Exception(
                    "Missing password from web.config file");
 
            // Domain
            string domain =
                ConfigurationManager.AppSettings
                    ["ReportViewerDomain"];
 
            if (string.IsNullOrEmpty(domain))
                throw new Exception(
                    "Missing domain from web.config file");
 
            //HttpContext.Current.Response.Write("NetworkCredentials<br>" + mUserName + "<br>" + mPassword + " <br>" + mAuthority + "<BR>");
            //HttpContext.Current.Response.Write(userName + "<br>" + password + " <br>" + domain);
            //return new NetworkCredential(mUserName, mPassword, mAuthority);//
            return new NetworkCredential(userName, password, domain);;
        }
    }
 
    public bool GetFormsCredentials(out Cookie authCookie,
                out string userName, out string password,
                out string authority)
    {
        authCookie = null;
        userName = null; 
        password = null; 
        authority = null;
        
        // Not using form credentials
        return false;
    }
 
    public Uri ReportServerUrl
    {
        get
        {
            string url =
                ConfigurationManager.AppSettings[
                    "ReportServerUrl"];
 
            if (string.IsNullOrEmpty(url))
                throw new Exception(
                    "Missing url from the Web.config file");
 
            return new Uri(url);
        }
    }
 
    public int Timeout
    {
        get
        {
            return 600000; // 10 Minutes
        }
    }
 
   
}
[+][-]05.16.2008 at 11:00AM PDT, ID: 21585000

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]05.16.2008 at 12:49PM PDT, ID: 21585862

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]05.16.2008 at 01:49PM PDT, ID: 21586336

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]05.16.2008 at 01:58PM PDT, ID: 21586383

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]05.19.2008 at 02:07PM PDT, ID: 21601610

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]05.19.2008 at 02:23PM PDT, ID: 21601746

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]05.22.2008 at 07:25AM PDT, ID: 21624079

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]05.29.2008 at 08:49AM PDT, ID: 21670271

View this solution now by starting your 7-day free trial. Setting up your free trial is quick, easy, and secure. We will return you to this solution, unlocked, when you're done.

 

About this solution

Zones: SQL Server 2005, Microsoft Visual C#.Net, MS Forefront
Tags: Microsoft, SQL Reporting Services, 2005, C# .net, IE 6
Sign Up Now!
Solution Provided By: kbslpdev2
Participating Experts: 4
Solution Grade: A
 
 
 
Loading Advertisement...
20080716-EE-VQP-32 / EE_QW_2_20070628