Databases
StackOverflow2013
Postsdbo
POhow to forward basic authentication challenge to report manager url
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POhow to forward basic authentication challenge to report manager url
    text
    copied!<p>*The details of the environment is described at the bottom.</p> <p>I am trying to build an authentication solution for reporting services.</p> <p>Online costumers should be authenticated using our existing costumer database, while local administrative users could use a simple, Basic, authentication.</p> <p>I have made a security extension to <code>SSRS</code> using the codeplex examples and the way I use to issue the basic challenge is as follows</p> <pre><code>public void GetUserInfo(out IIdentity userIdentity, out IntPtr userId) { if (HttpContext.Current != null &amp;&amp; HttpContext.Current.User != null) userIdentity = HttpContext.Current.User.Identity; else { HttpContext.Current.Response .AddHeader("WWW-Authenticate", "Basic realm=\"ReportServer\""); HttpContext.Current.Response.Status = "401 Unauthorized"; HttpContext.Current.Response.Flush(); HttpContext.Current.Response.Close(); userIdentity = new GenericIdentity("not authorized"); } userId = IntPtr.Zero; } </code></pre> <p>That way when a user that haven't passed through the <code>LogonUser</code> method (ie. direct url access, bids report deployment, not the regular user apps) gets challenged with a Basic logon/password popup. To support this I made a httpmodule as follows</p> <pre><code>void IHttpModule.Init(HttpApplication context) { context.AuthenticateRequest += CustomAuthenticateRequest; } void CustomAuthenticateRequest(object sender, EventArgs e) { var app = sender as HttpApplication; if (app == null) return; var basicAuth = app.Context.Request.Headers["Authorization"]; if (!string.IsNullOrEmpty(basicAuth)) { var loginpass = Encoding.Default.GetString( Convert.FromBase64String(basicAuth.Replace("Basic ", ""))).Split(':'); if (loginpass.Length == 2 &amp;&amp; loginpass[0] == adminUser &amp;&amp; loginpass[1] == adminPass) { app.Context.User = new GenericPrincipal( new GenericIdentity(adminUser), null); } } } </code></pre> <p>This works fine when accessing <code>/ReportServer</code> URL, I get challenged, enter the hardcoded admin login/pass and get logged on.</p> <p>The problem is when accessing <code>/Reports</code> I get </p> <blockquote> <p>System.Net.WebException: The request failed with HTTP status 401: Unauthorized</p> </blockquote> <p><strong>I want to know how can I pass the login/pass challenge all the way down to <code>/Reports</code></strong></p> <p>I'm running SqlServer 2012 along with Reporting Services 2012, but the inner workings haven't changed from <code>SSRS 2008-R2</code></p> <p>In my <code>web.config</code> I have</p> <pre><code>&lt;authentication mode="None" /&gt; &lt;identity impersonate="false" /&gt;, and the entry for the httpmodule </code></pre> <p>On <code>rssrvpolicy.config</code> the codegroup for my httpmodule is with FullTrust</p> <p>On <code>rsreportserver.config</code> I have</p> <pre><code> &lt;AuthenticationTypes&gt; &lt;Custom/&gt; &lt;/AuthenticationTypes&gt;, and the entry for the security extension </code></pre> <p>I don't have <code>SSL</code> configured, yet, and the bindings are at their default</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload