View Complete Post
I have spent some time getting Forms Authentication working with 2008 (R2) I have one final problem left that is causing intense frustration...
The working bits:
a) Built and tested the required extension - thanks to a combination of old Microsoft example supplemented by the one from chapter 19 of Teo Lachev's book, supplemented by Brian Lawson's book.
b) used existing user/group structures in the db to implement role level permissions
c) Can now grant rights to usernames and the usernames validated against our db, they can log in fine and run reports.
d) Nice customised login screens that login across the application and Reporting Services with a single login - which was the primary aim after all!
e) can grant rights to folders at group level and granting/revoking those rights adds or removes the folders in ReportManager - all looking wonderful
The last hurdle:
If I grant permissions to a specific username (we use email address as the username) then that user can log in to ReportManager fine and see what they should see, so it seems like the bulk of the authentication and authorisation extension logic is OK.
If I grant the exact same permission to a role, and make a login a member of that role (removing the specific username permission) then they
I have been searching through numerous blogs and MSDN/Technet posts for the answer to this but I can't seem to find anything concrete other than 'do something different.'
What I am attempting to do is setup reporting services to do a double hop when using Windows Authentication back to remote datasources.ÃÂ Here are the scenarios I am faced with so far;ÃÂ To the best of my knowledge I have setup the appropriate SPN's for kerberos, the server hosting the application is setup for Delegation, as is the Domain Service Account that RSÃÂ is running under.ÃÂ RS is running in native mode, not sharepoint integrated.
1) When the rsreportserver.config file is set to use NTLM a user can authenticate back to the report server and a report will return the USERID for as appropriate user.ÃÂ When making a connection to a remote datasource it tries to authenticate as NT Authority\Anonymous logon.ÃÂ obviously I am not going to setup the anon logon as a read only account on the server for security purposes.
The Web.config file for the report server is set to impersonate 'TRUE', when settingÃÂ to false the reports returns a userid of the service account RS is using, and attempts to connect to the remote datasource as the service account.ÃÂ There would be no way to filter roles for who is able to
I see that SQL Server 2008 R2 Reporting Services now supports
Claims Based Authentication in Sharepoint 2010, meaning that end users can authenticate with Sharepoint using Claims Based Authentication, and use the same security tokens to connect through to Reporting Services.
I assume that behind the scenes Sharepoint is using
Windows Identity Foundation (WIF - formerly codenamed "Geneva") to handle the authentication, and passing this on to Reporting Services.
I'm keen to use Windows Identity Foundation to authenticate with Reporting Services
without Sharepoint. We have an existing ASP.NET web application, and we'd like to call Reporting Services from that, passing on the Windows Identity Foundation credentials of the user logged into our web application.
I've done some work on setting up a custom security extension using Forms Authentication (based on the
sample), but am not sure how to proceed from there.
Google/Bing hasn't been helpful. Can you please point me to some guidance on how to set up Windows Identity Foundation authentication for Reporting Services?<
I'm planning to use CBA to do authentication and authorization to a document library. For example, if you have the claim type 'location' equal to 'London' then you are granted access to a folder. Simple, and it works great from the out-of-the-box
web browser interface.
The question is, can the Web Services interfaces also accept a signed SAML token and use those attribute to do authentication and authorization? I would prefer to use the CMIS interface where possible. I understand that the web services
are based on WCF, which leads me to believe I can just modify the web.config to add in WCF directives for ws2007HttpBinding->security->message, but will the SP web services code respond by using the identity in the message?
What I have noticed so far, is that the CMIS interface has directives for only impersonation only. Since CBA identities do not map to windows accounts, I thinking I'm barking up the wrong tree. I'm not dead set on CMIS, so if there are other
web services available to do CBA, I'm all ears.
There's not a lot of practical material on this, and I'm currently working on a PoC to acheive this goal. Any help would be greatly appreciated.
we have successfully installed SharePoint 2010. Our next goal is to use the Excel Services. The therein published sheets contain a data connection to an SSAS cube which again holds the corresponding user permissions in their roles. In order to pass the windows
credentials on to the SSAS cube we need to translate the Claim back to a windows token. According to this whitepaper (a href="http://technet.microsoft.com/en-us/library/ff829837.aspx">http://technet.microsoft.com/en-us/library/ff829837.aspx) we need to
set up the constrained delegation with the option "Use any authentication protocol". Unluckily this option is not permitted to be set by our internal CorpAudit settings.
Does anyone of you have a workaround on this topic or is the use of the delegation of credential not possible at all without this setting?
We have a WSS 3.0 site that uses forms authentication using a custom SQL Server 2000 database. My goal is to log into the site with a Blackberry phone and display list items in small aspx pages formatted for the Blackberry browser.I'm in that prototyping phase, learning what I can and cannot do with each approach. Initially I wanted to use the SP web services to authenticate and use the resulting cookie in subsequent web service calls. I have not been able to get the authentication web service working yet. My other idea was to use the native mobile login page to authenticate.ÃÂ Then I should be able to use the SP object model to fetch and display lists on other pages.I saw postings that the SP web services don't work with forms authentication but also saw posts indicating success.What's the final answer on that one? I'd just as soon avoid unnecessary paths.Has anyone actually done something like this?Thanks for the help!Terry
Apologies if this is the incorrect forum. Please let me know if it should have been posted elsewhere. Please let me know if I need to clarify anthing. Thanks in advance for any suggestions, direction pointing, etc.
I have been using all three features of client application services (authentication, profiles, and roles) in my windows app (DotNet 3.5 framework) for almost two years now. Up until now, I have not had any problems. This week I hit a brick wall and am
pretty stumped with two seperate but related issues.
In development, we decided to upgrade our websites/services to DotNet 4.0. All applications upgraded successfully. However we are unable to log into our application using Client Application services. No matter what user we use, Membership.ValidateUser returns
false. Since we know the username and passwords, we thought this was strange. When debugging the application, we found that Membership.ValidateUser was throwing an InvalidOperationException (see below for complete exception) stating that the ASPXAUTH property
was too long, longer that the schema created in the SQL/CE database. (See below for things tried).
In production .. A user all of the sudden could no longer gain access to the application. Upon inspection, his ASPXAUTH cookie was 264 characters long (9 characters longer than the schemas nvarchar(256)). E
I really need someone's help to configure my SharePoint 2007/ Excel services connectioon to SSAS 2008. It surely cannot be that complicated???
MOSS on server 1
SSAS 2008 cube on server 1
Trusted data provider created (OLE DB, MSOLAP.4)
Trusted data connection library created
Trusted File location created - children trusted, allow external data = "Trusted data connection libraries and embedded"
Unattended Service Account - setup
I use Excel and create a new .odc file with athenticated type = NONE and save it to the Trusted data connection library. Using the odc I open a new workbook. I firstly get a security warning saying that "MS Office has identified a potential security concern.
Data connections have been blocked. If you choose to enable data connections..."
I click on Enable, and now have access to my cube. I create a pivit table and chart and publish the workbook back to a child folder in the Trusted File location. All okay so far!!
Now I open the new workbook, and as soon as I try and interact with it, I get the dreaded error "Unable to retrieve external data for the following connections:
The data sources may be unreachable, may not be responding, or may have denied you access
Verify that data refresh is enabled for the
I am trying to call an authentication method on a web service that returns a cookie, however when i call the web service, I just get the SOAP object returned, how do i get the cookie back after I have been authenticated ?
Any help or pointers appriciated
in .net 3.5 Microsoft has introduced Applicaton Service through WCF. This includes Authentication Service, Role Provider Service and Profiler Service. Now I am having a requirement that force me to add one more Function in AuthenticationService class. But
I have found that AuthenticationService Class have no public Constructor. Thus it cannot be inherited. So is there any other way, I can add one more function into System.Web.ApplicationServices.AuthenticationService class.