.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
david stephan
Gaurav Pal
Post New Web Links

ReportViewer, Forms Authentication and Impersonating Authenticated User

Posted By:      Posted Date: October 25, 2010    Points: 0   Category :Sql Server
I am using Forms Authentication against AD and everything is working perfectly.  I have a reportviewer control that I would like to impersonate the authenticated user when making the report request.  Seems easy enough, and there are all sorts of combinations available, but I am at a loss to *easily* accomplish this.  When using just the normal Impersonate="true" in web.config, it impersonates the service account asp runs as.  In order to impersonate with reportviewer the only way I see to get the credentials in there is to know the username / password / domain.   I found a solution that accomplishes this (by encrypting all three and putting them in a cookie, then decrypting them on the return call to put in the ServerCredentials).

Note - RS is running out of the box, in native (non sharepoint) mode, using Windows Authentication.  I need to keep it this way as users will still be hitting the native Portal and I do not want to penalize them to enter their credentials each time they visit.

I imagine this scenario is covered in the design of RS, but I just haven't figured out how to do it.  If anyone can offer suggestions I am all ears.  :)

Thanks in advance,

View Complete Post

More Related Resource Links

Forms based users being prompted for windows authentication login for My Sites photos in user lists

Here's an issue I didn't see coming for our forms based authentication users. 

We have a web application extended to an external url to handle forms based authentication for users outside of our domain. Our setup looks like this...

Internal Users/Windows Authentication - moss.domain.com
External Users/Forms Based - mossext.domain.com
My Site for Internal Users - mysites.domain.com

When our forms based users are accessing user lists, or discussion pages that display user pictures, they are getting a windows authentication login for our internal users (mysites.domain.com) who have populated their my site with personal photo.

How do we fix this? 

Automatic expiration of forms authentication when user closes the browser windows without signing ou

Dear all, can u tell me how to automatically sign out a user if he/she closes the browser window without signing out. I'm using Forms Authentication.   Thanks 

Active Directory user impersonation with forms authentication

I've written a small ASP.NET 3.5 application to allow users to update selected account attributes on their own. Everything works fine when I use Basic Authentication, but because the dialog that is presented is less than ideal, I'd like to use forms authentication to give the users more instruction on how to log in. My problem is that in order for the user to update their account information, I have to have the application impersonate them for the update actions. I've scoured the internet trying to find a solution to my issue, but nothing fits or works. I have tried setting the web.config:<identity impersonate="true" /> but that doesn't seem to work. I also have the C# code using the WindowsImpersonationContext class, but still no luck. protected void titleTextBox_TextChanged(object sender, EventArgs e) { TextBox tb = (TextBox)sender; string fieldTitle = "job title"; string fieldName = "title"; if (userDirectoryEntry == null) CaptureUserIdentity(); try { WindowsImpersonationContext impersonationContext = userWindowsIdentity.Impersonate(); if (String.IsNullOrEmpty(tb.Text)) userDirectoryEntry.Properties[fieldName].Clear();

AutoLogin for authenticated user via LiveID in Sharepoint 2010 (Claims Based Authentication)

Hi,     Im working in integrating LiveID authentication in my Sharepoint site. Live id gives back a token of the user with which i created a dummy profile using MembershipProvider.CreateUser. Now i have to auto login the user with the profile i created, i mean i have to force login to my sharepoint site using the created dummy user details without asking the user to give username n password.Any suggestion will be a great help for me to proceed.   Thanks Saravanan Michael

Forms Authentication sending user to LoginURL on first hit of page even though page has [allow users

On the first hit, and only the first hit, to my page having [ALLOW users="*"] in the web.config, the user is redirected to the LoginUrl, but on all subsequent visits to the page, the user IS allowed access.  The user shoud ALWAYS be allowed access to this page.  I suspect it is a configuration problem, so here are snippets of my web.config... <compilation debug="false" strict="true" explicit="true" /> <trace enabled="false"/> <authentication mode="Forms"> <forms protection="All" cookieless="UseCookies" requireSSL="false" slidingExpiration="false" timeout="20" name="12345678-1234-1234-1234-123456789012" loginUrl="~/Web/Login.aspx" defaultUrl="~/Web/MyPage.aspx" enableCrossAppRedirects="false" /> <authentication> <httpCookies httpOnlyCookies="true" /> <sessionState cookieless="UseCookies" />         <location path="Web/Contact.aspx"> <system.web> <authorization> <allow users="*"/> <authorization> <system.web> <location>   Can you help me figure out why users are not ALWAYS allowed access to the /Web/Contact.aspx page? Thx!      

Notify user of forms authentication timeout

When the forms authentication cookie expires, I'm trying to override the default behavior of redirecting to the login page, and pass a value on the querystring (timeout=true), so I can inform the user what has happened.I'm prepared to work out the logic to know if they have actually timed out or not, I just don't know the best place to override where the response is redirected to the login page.  The best place I can find is "FormsAuthentication_OnAuthenticate", but perhaps you know of a better place?Thanks!

Forms Authentication -> login.aspx bypass and auto-create user?


Can I do the following, if I have 'this' within my web.config:

        <authentication mode="Forms">
            <forms loginUrl="Login.aspx" name=".ASPXFORMSAUTH" timeout="120"/>

        <authentication mode="Forms">

            <forms loginUrl="Login.aspx" name=".ASPXFORMSAUTH" timeout="120"/>


Explained: Forms Authentication in ASP.NET

This module explains how forms authentication works in ASP.NET version 2.0. It explains how IIS and ASP.NET authentication work together, and it explains the role and operation of the FormsAuthenticationModule class.

Using Forms Authentication in ASP.NET - Part 1

Classic ASP developers often had to "roll their own" authentication scheme, however, in ASP.NET much of the grunt work has been taken out. This article outlines how things have changed and how FormsAuthentication can be used to secure a Web site with a minimal amount of code.

ASP.NET Forms Authentication - Part 1

Often, in legacy Web applications, users authenticate themselves via a Web form. This Web form submits the user's credentials to business logic that determines their authorization level. Upon successful authentication, the application then submits a ticket in the form of a cookie, albeit a hard cookie or session variable. This ticket contains anything from just a valid session identification access token to customized personalization values.

ASP.NET forms authentication with roles

.A timeout is specified in minutes. This is "time since last request" not the "time since login". If a login is indicated to be persistent (described later) this is ignored.
.A protection method is specified for the cookie.
Next I wanted to specify a folder to which access is restricted to people who have logged in. To do this I entered the following code in the web.config file (beneath

Forms Authentication in ASP.NET

In this tutorial you will learn about Forms Authentication in ASP.NET 2.0 - Forms Authentication class, Cookie Domain, Forms Cookies, The Login Control, Signin, Signout, Authenticate, Redirect, Login Status, Login Name and Login View Controls.

Problems with Forms Authentication in DD 4 site


Hello,  I am seeing a strange problem with Forms Authentication in my DD site.   A user logs into and can view/edit/delete data all day, but when they execute a Custom Filter against data (for example , a control DynamicData/Filters/CustomerLastNameSearch.ascx ) then the site auth fails, and redirects to the log in screen.

in web.config I have

     <authentication mode="Forms">
            <forms name=".Star" loginUrl="~/Login.aspx" protection="All" defaultUrl="~/Default.aspx" path="/" timeout="43200" cookieless="UseCookies" />     

Offhand, I am thinking two things : that DynamicData/Filters path requires some special handling for some reason, or the control extension ascx is causing auth to get confused.   Has anyone else experienced this or have any suggestions?  Thanks!

How to authenticate local user usin ldap or non domain authentication



I created one application, and I need to authenticate local user. This user is the user who is login to his/her Personal Computer.. Main thing his that he/she does not in any DOMAIN... I want NON-DOMAIN authentication.. any how.... please help...

help needed: Ldap User authentication using userDN and password



Is it possible to authenticate a user using userDN and password? If so, then tell me the syntax.So far i have tried to authenticate using username and password from my c# code using directoryentry which takes the parameters like domainname,username and password. But i need to authenticate using Userdn and password.

InfoPath: Turn User Input into XML with Custom Forms Using Office InfoPath 2003


Office InfoPath 2003 is a new Microsoft Office product that lets you design your own data collection forms that, when submitted, turn the user-entered data into XML for any XML-supporting process to use. With an InfoPath solution in place, you can convert all those commonly used paper forms into Microsoft Office-based forms and end the cycle of handwriting and reentering data into your systems. Today organizations are beginning to realize the value of the mountains of data they collect every day, how hard it is to access it, and are striving to mine it effectively. InfoPath will aid in the design of effective data collection systems. Here the author shows you how to get started.

Aaron Skonnard

MSDN Magazine September 2003

Windows Forms: Developing Compelling User Controls that Target Forms in the .NET Framework


In the beginning, writing controls meant dealing with Windows messages. Then came Visual Basic controls, which introduced methods, properties, and events. Later, ActiveX controls, which ran atop COM, became popular. While each innovation in control writing brought more flexibility, nothing has matched the versatility of the new .NET Windows Forms controls and Web Forms controls. This article, the first of a two-part series, introduces the reader to Windows Forms, beginning with their inheritance from one of the .NET CLR base classes, which makes control creation much faster than before. Control programming is illustrated through the development of a login control. The equally flexible Web Forms controls will be covered in Part 2.

David S. Platt

MSDN Magazine April 2002

ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend