cimscims
asked on
The request failed with HTTP status 401: Unauthorized (Reporting Services)
I have generated a report using reporting services 2008 and trying to display the report on the web page. The report runs locally and with the report manager. But when it is accessed from other machine, i get the "The request failed with HTTP status 401: Unauthorized" error.
I have done the following:
1) In the web.config, added the following element under the system.web section:
<identity impersonate="true" />
2) Navigated to HKEY_LOCAL_MACHINE\SYSTEM\
Also i am using the below attached code.
Could anyone help me out what i am missing like do i need to pass any network credentials or something?
Thanks.
I have done the following:
1) In the web.config, added the following element under the system.web section:
<identity impersonate="true" />
2) Navigated to HKEY_LOCAL_MACHINE\SYSTEM\
Also i am using the below attached code.
Could anyone help me out what i am missing like do i need to pass any network credentials or something?
Thanks.
Private Sub btnSubmit_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles btnSubmit.Click
Dim prmInput(0) As ReportParameter
'Add Input Parameter
prmInput(0) = New ReportParameter("intYear", ddlYear.SelectedValue)
ReportViewer1.ServerReport.ReportServerUrl = New System.Uri(strReportServerUrl)
ReportViewer1.ShowCredentialPrompts = False
ReportViewer1.ProcessingMode = Microsoft.Reporting.WebForms.ProcessingMode.Remote
ReportViewer1.ServerReport.ReportPath = "/XReports/X_XXXX"
ReportViewer1.ServerReport.SetParameters(prmInput)
ReportViewer1.ShowParameterPrompts = False
ReportViewer1.ShowBackButton = False
End Sub
ASKER
I have a intranet web application.on click of a link on the menu, I am displaying the report on the page.I don't have problems if I do a remote desktop to the server and view the web page that has the report. Also I could see the report from the report manager.only problem is if I access the web page from my machine, I am getting the error message.
is the web app using the same nt login as for RDP and to access/view it via report manager?
if yes please make sure you put the full path in your web app ReportPath and grant access to the report URL as per link below:
http://msdn.microsoft.com/en-us/library/bb283249.aspx
From your code above I see you try to use webforms however please note that you can't use both forms and integrated security at the same time for the report security:
http://technet.microsoft.com/en-us/library/ms152899.aspx
if yes please make sure you put the full path in your web app ReportPath and grant access to the report URL as per link below:
http://msdn.microsoft.com/en-us/library/bb283249.aspx
From your code above I see you try to use webforms however please note that you can't use both forms and integrated security at the same time for the report security:
http://technet.microsoft.com/en-us/library/ms152899.aspx
ASKER
You are right. I am using Webforms. What is integrated security and report security?
"Integrated security" is NT security and relies on a domain/user login/authentication and all these are set at the web site level but I don't think you can have a mixed mode as per Microsoft documentation. So in other words you choose one or the other under your SSRS website security where the reports were deployed. Is it possible to use integrated or NT authentication in your web app? Maybe that would be the easiest if you are on a local network/intranet. if you need to access it from the web then indeed forms authentication is for you:
Forms Authentication requires that a person is present to enter credentials. For unattended applications that communicate directly with the Reporting Services Web service, Forms Authentication must be combined with a custom authentication scheme.
Forms Authentication is appropriate for Reporting Services when:
You need to store and authenticate users that do not have Microsoft Windows accounts, and
You need to provide your own user interface form as a logon page between different pages on a Web site.
Consider the following when writing a custom security extension that supports Forms Authentication:
If you use Forms Authentication, anonymous access must be enabled on the report server virtual directory in Internet Information Services (IIS).
ASP.NET authentication must be set to Forms. You configure ASP.NET authentication in the Web.config file for the report server.
Reporting Services can authenticate and authorize users with either Windows Authentication or custom authentication, but not both. Reporting Services does not support simultaneous use of multiple security extensions.
Forms Authentication requires that a person is present to enter credentials. For unattended applications that communicate directly with the Reporting Services Web service, Forms Authentication must be combined with a custom authentication scheme.
Forms Authentication is appropriate for Reporting Services when:
You need to store and authenticate users that do not have Microsoft Windows accounts, and
You need to provide your own user interface form as a logon page between different pages on a Web site.
Consider the following when writing a custom security extension that supports Forms Authentication:
If you use Forms Authentication, anonymous access must be enabled on the report server virtual directory in Internet Information Services (IIS).
ASP.NET authentication must be set to Forms. You configure ASP.NET authentication in the Web.config file for the report server.
Reporting Services can authenticate and authorize users with either Windows Authentication or custom authentication, but not both. Reporting Services does not support simultaneous use of multiple security extensions.
ASKER
I am using Windows authentication as the app is in intranet. Where can i find SSRS website security?
Find the settings for the web app in IIS 7.0
IIS-Authentication.jpg
IIS-AppPool.jpg
Find the settings for the web app in IIS 7.0
IIS-Authentication.jpg
IIS-AppPool.jpg
SSRS website security is usualy inherited from the default website from the SSRS server and if you expand that default website you should see two virtual websites used by SSRS - Report MAnager and Report Server. I would try enable anonymous authentication briefly to see if that solves the problem before going further. if you can't access it with anonymous enabled then it maybe something else.
Hm...you should have at least one DefaultAppPool under the app pools as far as I know it should run "integrated" security.
ASKER
You are right. There is DefaultAppPool under the app pools which is running under 'Integrated' security. I just copied the specific one. Where can find default website from the SSRS server? Are you refering to the server where the reporting services are installed?
ASKER
Here is the IIS on the SSRS server
IIS-Website.jpg
IIS-Website.jpg
ASKER
As i am using SSRS 2008, i think we cannot see the two virtual directories as it used to be in SSRS 2005.
I am also using SSRS 2008 on windows 2008 and SSRS 2005 on win 2003 as wqell and always the 2 websites for report manager/server are under the default web site on the SSRS box indeed.
ASKER
Are the websites created automatically? As you see in the screenshots in my earlier post, iis7.0 is empty on the ssrs 2008 box.
The web sites are generated during the SSRS 2005 or 2008 configuration and you can start that tool on the SSRS server box WITHOUT any changes but to check where they are configured.
Check for Web service URL = Report Server and Report Manager URLs to see where they are located.
Check for Web service URL = Report Server and Report Manager URLs to see where they are located.
ASKER
I am on the way back to home. I will check and shall post tomorrow.thanks for your support.
ASKER
Good Morning lcohan. I could not find the physical path for the Web Service and Report Manager URL's. I have attached the screenshots for the sections.
WebServiceURL.jpg
ReportManageURL.jpg
WebServiceURL.jpg
ReportManageURL.jpg
ASKER
It seems SSRS doesn't create virtual directories in IIS anymore. Got something from web.
**************************
RS 2005 and earlier uses IIS.
RS 2008 changed its architecture and IIS is not used at all. IIS does not
need to even be installed on the machine. Shich is nice for Windows 7
because Windows 7 home edition will now work.
--
Bruce Loehle-Conger
MVP SQL Server Reporting Services
Link : http://www.eggheadcafe.com/software/aspnet/35420948/ssrs-2008-and-reportserver-and-reports--iis-virtual-directories.aspx
**************************
**************************
RS 2005 and earlier uses IIS.
RS 2008 changed its architecture and IIS is not used at all. IIS does not
need to even be installed on the machine. Shich is nice for Windows 7
because Windows 7 home edition will now work.
--
Bruce Loehle-Conger
MVP SQL Server Reporting Services
Link : http://www.eggheadcafe.com/software/aspnet/35420948/ssrs-2008-and-reportserver-and-reports--iis-virtual-directories.aspx
**************************
OK so you don't have it configured to use IIS (and that should be fine on SSRS2008) so your SSRS reporting service will be using HTTP.SYS directly to listen for requests on a specific port that you define for report server URLs. Can that port be accessed from your web app?
Please see the link below that has sumarized all major SSRS changes and hopefully you find why you get the 401 error. There must be some permission issue - maybe is at the OS folder level? Are there any SQL Log errors or event viewer entries on the SSRSA box when you try is from your web app?
It is a interesting challange and I may try go the same route if we can find your answer as currently I have my 2008 SSRS split from SQL but runing still through IIS virtual web sites on a specific port that will need to be poked through the firewall which is a risk.
Please see the link below that has sumarized all major SSRS changes and hopefully you find why you get the 401 error. There must be some permission issue - maybe is at the OS folder level? Are there any SQL Log errors or event viewer entries on the SSRSA box when you try is from your web app?
It is a interesting challange and I may try go the same route if we can find your answer as currently I have my 2008 SSRS split from SQL but runing still through IIS virtual web sites on a specific port that will need to be poked through the firewall which is a risk.
ASKER
I have checked the event logs on SSRS box and there are no events. As the Report server is running with a 'NetworkService' account, do i need to pass those credentials in the below method?
Private Sub btnSubmit_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles btnSubmit.Click
Dim prmInput(0) As ReportParameter
'Add Input Parameter
prmInput(0) = New ReportParameter("intYear",
ReportViewer1.ServerReport
ReportViewer1.ShowCredenti
ReportViewer1.ProcessingMo
ReportViewer1.ServerReport
ReportViewer1.ServerReport
ReportViewer1.ShowParamete
ReportViewer1.ShowBackButt
End Sub
Private Sub btnSubmit_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles btnSubmit.Click
Dim prmInput(0) As ReportParameter
'Add Input Parameter
prmInput(0) = New ReportParameter("intYear",
ReportViewer1.ServerReport
ReportViewer1.ShowCredenti
ReportViewer1.ProcessingMo
ReportViewer1.ServerReport
ReportViewer1.ServerReport
ReportViewer1.ShowParamete
ReportViewer1.ShowBackButt
End Sub
Are you using win 7 on the client from where you access the report?
I suggest try run the app as admin even if you are local admin, and same through IE if you use the browser to access it.
I suggest try run the app as admin even if you are local admin, and same through IE if you use the browser to access it.
According to Microsoft:
Network Service Account - The Network Service account is a built-in account that has more access to resources and objects than members of the Users group. but this may not be sufficient..
Would it be possible from your security policy point of view to start it as Local system instead or even better with a speciffic domain account that has local admin rigts on the SSRS box?
Network Service Account - The Network Service account is a built-in account that has more access to resources and objects than members of the Users group. but this may not be sufficient..
Would it be possible from your security policy point of view to start it as Local system instead or even better with a speciffic domain account that has local admin rigts on the SSRS box?
ASKER
I have to check with my Manager before changing it. He is not in today.
ASKER
ok. Let me give the details of my environment. I have
1) TESTSQL running on Windows server 2008 R2 with SSRS 2008 and SQL Server 2008
2) TESTDEV running on Windows server 2008 R2 with IIS7.0
3) LOCALDEV running on XP with IE 6.0
1) When i login to to TESTDEV box and browse the report, it shows up
2) When i login to to LOCALDEV box and browse the report, it displays the 401 error.
What may be the difference in TESTDEV and LCOALDEV?
1) TESTSQL running on Windows server 2008 R2 with SSRS 2008 and SQL Server 2008
2) TESTDEV running on Windows server 2008 R2 with IIS7.0
3) LOCALDEV running on XP with IE 6.0
1) When i login to to TESTDEV box and browse the report, it shows up
2) When i login to to LOCALDEV box and browse the report, it displays the 401 error.
What may be the difference in TESTDEV and LCOALDEV?
Well the OS and IE versions are diferent on TESTDEV vs. LOCALDEV
Do you use same nt login on both? are they on the same domain?
Do you use same nt login on both? are they on the same domain?
ASKER
Yes, i am using the same login and Domain. I think OS shouldn't matter. What do you say?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I assume you connect to the SSRS to access the report by the IP in URL – something like: http://111.111.111.111:9999/ReportServer