Hi all,
I'm new to reporting services and having a nightmare with setting up the security. The problem is as follows:
I have been forced to allow anonymous access on IIS6 but have a requirement where some sub reports need to be secure because they are of a sensitive nature. When I remove anonymous access from the secure reports and add specific active directory accounts, it works fine if I am logged on to active directory with that account. Most of our users are not in AD and will just get an rsAccessDenied message. I need RS to prompt for a username and password. I can achieve this by specifying that the user provides a username and password on the shared data source, but this doesn't give much flexibility.
The primary data source is on another server with more servers to be referenced in the near future. All servers are in active directory.
I have told my developers that they will probably need to use custom security extentions, but they want to avoid this route if possible.
I did have another workarround by setting up another virtual directory referencing the same reporting services folder and removing anonymous access, which kind of worked. The problem I found was that something kept caching the users connection credentials, and if you want to a different secure report you got the rsAccessDenied message.
I just want a login prompt, please help!
Andy
Hi AndyI'll take a stab at a portion of your question, though I see there are several layers to your question so take this for what it is worth. I have not used the AD features of RS, but have some knowledge of it.
DON'T use shared data sources. I have one setup with stored procedures and in the properties for those (in Visual Studio where you specify that it is the data source) click the option to prompt the user for ctheir SQL Server credentials (which I am guessing are pulled in via AD in your case). I am not sure what it would do for your subreports as you might have several data sources with different permissions. You could end up with one prompts for credentials for each data source where you specified to prompt.
I am curious how this turns out, please post your results.|||
Thanks for the reply.
Not sure that I explained myself properly, but I've now got a working solution.
RS is configured to use a virtual directory called securereportserver using windows authentication. I also have a duplicate virtual directory called reportserver which allows anonymous access (in IIS). All the public reports are configured in RS as anonymous access allowed, where as the secure reports are restricted to various AD groups. When users connect to the secure reports area they are prompted for a windows password, then when authenticated they are only able to see reports they have access to, including public reports. All other users connect to the anonymous report server virtual directory where no passwords are required.
I originally wanted RS to force a prompt for password when a user tried to access a secure report, but would just get RSAccessDenied.
The above solution works fine though.
Thanks again.
No comments:
Post a Comment