.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
Gaurav Pal
Post New Web Links

Windows Identity Foundation (Claims Based Authentication) for Reporting Services

Posted By:      Posted Date: October 06, 2010    Points: 0   Category :Sql Server


I see that SQL Server 2008 R2 Reporting Services now supports Claims Based Authentication in Sharepoint 2010, meaning that end users can authenticate with Sharepoint using Claims Based Authentication, and use the same security tokens to connect through to Reporting Services.

I assume that behind the scenes Sharepoint is using Windows Identity Foundation (WIF - formerly codenamed "Geneva") to handle the authentication, and passing this on to Reporting Services.

I'm keen to use Windows Identity Foundation to authenticate with Reporting Services without Sharepoint. We have an existing ASP.NET web application, and we'd like to call Reporting Services from that, passing on the Windows Identity Foundation credentials of the user logged into our web application.

I've done some work on setting up a custom security extension using Forms Authentication (based on the sample), but am not sure how to proceed from there.

Google/Bing hasn't been helpful. Can you please point me to some guidance on how to set up Windows Identity Foundation authentication for Reporting Services?<

View Complete Post

More Related Resource Links

Contract-First Web Services: Schema-based Development with Windows Communication Foundation


Schema- first contract-first modeling of Web Services gives you the ability to model your contracts with an XML-centric mindset. This process keeps you focused on universally acceptable types and the hierarchical data structures that can be represented in XML.

Christian Weyer, Buddhike de Silva

MSDN Magazine October 2009

Windows Sharepoint Foundation 2010 - Document Library Settings with Reporting Services 2008 R2 in in

I have a client who has recently upgraded their SharePoint system to Windows Sharepoint Foundation 2010 with Reporting Services 2008 R2 in integrated mode. I have configured reporting services and am able to deploy reports to SharePoint. The client created a document library before the upgrade to WSF 2010. I need to add Report Builder 3.0 to the New Document menu and found the following article. http://technet.microsoft.com/en-us/library/bb326289.aspx "Allow management of content types?" is set to yes under the advanced document library settings. The problem is that when I try to "add from existing site content types" the reporting services content types are not in the list. I appreciate any help you can give me.

Reporting Services 2008 and Windows Authentication


I have been searching through numerous blogs and MSDN/Technet posts for the answer to this but I can't seem to find anything concrete other than 'do something different.'


What I am attempting to do is setup reporting services to do a double hop when using Windows Authentication back to remote datasources.  Here are the scenarios I am faced with so far;  To the best of my knowledge I have setup the appropriate SPN's for kerberos, the server hosting the application is setup for Delegation, as is the Domain Service Account that RS is running under.  RS is running in native mode, not sharepoint integrated.


1) When the rsreportserver.config file is set to use NTLM a user can authenticate back to the report server and a report will return the USERID for as appropriate user.  When making a connection to a remote datasource it tries to authenticate as NT Authority\Anonymous logon.  obviously I am not going to setup the anon logon as a read only account on the server for security purposes.

The Web.config file for the report server is set to impersonate 'TRUE', when setting to false the reports returns a userid of the service account RS is using, and attempts to connect to the remote datasource as the service account.  There would be no way to filter roles for who is able to

Claims Based Authentication (CBA) and Web Services Authentication


I'm planning to use CBA to do authentication and authorization to a document library.  For example, if you have the claim type 'location' equal to 'London' then you are granted access to a folder.  Simple, and it works great from the out-of-the-box web browser interface. 

The question is, can the Web Services interfaces also accept a signed SAML token and use those attribute to do authentication and authorization?  I would prefer to use the CMIS interface where possible.  I understand that the web services are based on WCF, which leads me to believe I can just modify the web.config to add in WCF directives for ws2007HttpBinding->security->message, but will the SP web services code respond by using the identity in the message? 

What I have noticed so far, is that the CMIS interface has directives for only impersonation only.  Since CBA identities do not map to windows accounts, I thinking I'm barking up the wrong tree.  I'm not dead set on CMIS, so if there are other web services available to do CBA, I'm all ears.

There's not a lot of practical material on this, and I'm currently working on a PoC to acheive this goal.  Any help would be greatly appreciated. 



Claims-based authentication w/ SP2010 Foundation and performing a web request in code


Hey all! Using VS2010 and SP2010 Foundation on Win2008R2 dev machine, the following code within a custom LDAP provider class originally worked using OOB authentication until I switched to claims-based authemtication. The purpose behind the code is to check a url for access using the existing user and return a true or false.

HttpWebRequest myRequest = (HttpWebRequest)WebRequest.Create(Url);
myRequest.Method = "GET";
myRequest.UseDefaultCredentials = true;
myRequest.Timeout = 8000;
myResponse = myRequest.GetResponse();
streamReader = new StreamReader(myResponse.GetResponseStream(), System.Text.Encoding.UTF8);
string result = streamReader.ReadToEnd();

After switching to claims-based auth, I now get a 403 error in code regardless if the user has access or not. Here's the web.config:

<membership defaultProvider="i">

        <add name="i" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider, Microsoft.SharePoint, Version=, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />

        <add name="CustomLDAPMembership" type="[custom ldap class]" server="[omitted]" port="

migrate from windows to forms in claims based authentication


Hi friends,

               I am using sharepoint2010 forms based authenticaion (claims based) configure all the web.config files and its working fine.Now I want to change this applicaion to windows authentication (claims) what are the things to follow to change the application to windows and vice versa.I refer few links but they are referring from  classic to claims and many other things not my req..!



Geneva Framework: A Better Approach For Building Claims-Based WCF Services


Here we introduce Microsoft Code Name "Geneva," the new framework for building claims-based applications and services, and federated security scenarios.

Michele Leroux Bustamante

MSDN Magazine December 2008

Security Briefs: Exploring Claims-Based Identity


Keith Brown introduces you to the new identity model in the Microsoft .NET Framework 3.0.

Keith Brown

MSDN Magazine September 2007

Identity: Secure Your ASP.NET Apps And WCF Services With Windows CardSpace


Windows CardSpace replaces traditional authentication with a more consistent and streamlined login process and improves trust between end-users, applications and services. Michèle Leroux Bustamante explains.

Michele Leroux Bustamante

MSDN Magazine April 2007

Forms based users being prompted for windows authentication login for My Sites photos in user lists

Here's an issue I didn't see coming for our forms based authentication users. 

We have a web application extended to an external url to handle forms based authentication for users outside of our domain. Our setup looks like this...

Internal Users/Windows Authentication - moss.domain.com
External Users/Forms Based - mossext.domain.com
My Site for Internal Users - mysites.domain.com

When our forms based users are accessing user lists, or discussion pages that display user pictures, they are getting a windows authentication login for our internal users (mysites.domain.com) who have populated their my site with personal photo.

How do we fix this? 

How to upgrade from Windows SharePoint Services 2.0 to SharePoint Foundation 2010 after mistanely de


I need a detailed instruction on how to upgrade From Upgrading from Windows SharePoint Services 2.0  (SBS 2003 ) to SharePoint Foundation 2010.

Background of the case:

I have all my databases (STS-database and STS_Config) saved but, I forgot to save my Virtual Site )Companyweb site) and I mistakenly re-installed IIS on the SBS 2003, hence  I lost the companyweb site. Is this an issue to migrate to Sharepoint foundation 2010. The Sharepoint foundation 2010 is running on a Microsoft HyperV Server 2008 R2
Also, I have created a Virtual 2003 SRV ENT with Sharepoint Services 3.0 running on it. I also have attached my Databases STS_Database and STS_Config)... how do I get it working like a regular website. I have modified the CNAME record to reflect the new server... http://companyweb - it take me to the new site but it loads a blank page. I did create a new CompanyWeb Virtual site on the VHD 2003 server.
Your help is greatly appreciated.

Thanks for your prompt response. Nelson

SQL Server Reporting Services not able to install on Windows Vista Home Premium


Recently I had a weird problem while trying to install SQL Server Reporting Service in my local PC. I am using Windows Vista Home Premium and I wanted to configure SSRS in my PC. During the installation, the setup wizard listed all the services that we want to install and I found that only Reporting Server checkbox option was disabled and I wondered why??? I thought it may be becuase of some installation problem and tried again and its useless... I googled lot of sites for 3 days and finally found that due to some IIS issues, it is not possible to install Reporting Server in Vista Home Premium version. Reporting Server needs some specific IIS features to be installed in the machine.

But unfortunately those features are not available for Home Premium users which in term restricts users not to install reporting server in our PCs... Also, Microsoft has accepted it as an issue and its not possible to get it install in Home Premium...just wanted to share and might be useful for someone like me.

Reference: http://support.microsoft.com/kb/920201/en-us

Windows Identity Foundation Security Token Service can't stay logged in

I'm using the Windows Identity Foundation **(WIF)** Security Token Service **(STS)** to handle authentication for my application which is working all well and good. However I can't seem to get any long running login with the STS. From my understanding I shouldn't care about the client tokens at the application level since they can expire all they want to and it should redirect me to the STS and as long as they're still logged in on the STS it should refresh their application token. Yet it doesn't seem to want to keep them signed in. Here's what occurs in my login.aspx on the STS var cookie = FormsAuthentication.GetAuthCookie(userName, persistTicket); if (persistTicket) cookie.Expires = DateTime.Now.AddDays(14); Response.Cookies.Add(cookie); var returnUrl = Request.QueryString["ReturnUrl"]; Response.Redirect(returnUrl ?? "default.aspx"); Which was taken almost directly from existing application using normal Forms Auth. From my web.config <authentication mode="Forms"> <forms loginUrl="Login.aspx" protection="All" timeout="2880" name=".STS" path="/" requireSSL="false" slidingExpiration="true" defaultUrl="default.aspx" cookieless="UseDeviceProfile" enableCrossAppRedirects="false" /> </auth

Windows service can't use Reporting Services on SQL Service 2008 R2

Hello. I have a Windows service that run as Local System account. The service uses the Reporting Services ReportService2005.asmx web service. When I have SQL Server 2008 installed, I have no problems and my service is able to browse and create report. After I have installed SQL Server 2008 R2 I get the error "The request failed with HTTP status 401: Unauthorized." when the service tries to use the web service. If I change my service to log on as a user with administrator rights, it is able to use Reposting Services again. What has changes in SQL Server 2008 R2, that doesn't allow the Local System account to use Repoting Services? And is it possible to configure Reporting Services to allow it?   - Per

Claims Tips: Learning About Claims-Based Authentication in SharePoint 2010

Use these five tips for guidance in solving problems related to using and configuring claims.

Sample: SharePoint Claims-Based Authentication

Explore the code as you learn how to create a custom security token service (STS) and set up a trust relationship between a SharePoint 2010 farm and the custom STS.
ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend