Browse DevX
Sign up for e-mail newsletters from DevX


Harden MS Reporting Services Using Custom Extensions, Part 2 : Page 5

In Part 1, you learned to create a custom security model for Microsoft Reporting Services. Now, tighten the screws by adding role membership authentication and stave off problems by troubleshooting and debugging your custom extensions ahead of time.




Building the Right Environment to Support AI, Machine Learning and Deep Learning

In Search of Cookies
By now, it should be clear to you that the Holy Grail of RS Forms Authentication is successful cookie management. But suppose that after following the above troubleshooting tips, the browser still prompts you with the standard Windows login dialog. The most likely reason for this behavior is that the Report Server doesn't receive the authentication cookie from the browser. Therefore, it is essential to verify that the authentication cookie has been sent back to the Report Server. You can do this using a tracing utility like tcpTrace or Microsoft SOAP Trace. Both utilities are available free of charge and work in the same way. They intercept the TCP traffic between two nodes and dump it to the screen.

Figure 4. tcpTrace: Use tcpTrace to troubleshoot RS custom security.

The steps below explain how to use tcpTrace to verify that the authentication cookie has been successfully transmitted. The steps to set up Soap Trace are similar:

  1. Once tcpTrace is downloaded and installed, run tcpTrace.
  2. Start a formatted trace from the File—>Start Trace.
  3. In the tcpTrace Settings dialog, change the destination host to your application server's name or TCP/IP address. For example, if the application is externally accessible as www.xyz.com, enter www.xyz.com as a destination host. If it listens on a different port than the default HTTP port (80), change the value of the destination port accordingly.
  4. Append port 8080 to the Report Server end point in the report page of your Web application. For example, in the AdventureWorks code sample, open Default.aspx and change the ReportViewer ReportPath property to http://<ReportServerMachineName>:8080/ReportServer, where ReportServerMachineName is the Report Server machine name.
  5. Open the browser, and type http://localhost:8080/<AppVroot/>, where the AppVroot is the virtual root name of your Web application (AdventureWorks in this example).
  6. At this point, tcpTrace should intercept the HTTP request to your application and should output the trace messages. Once your application calls the LogonUser SOAP API, you should see a response message in the bottom right pane. This message should include the authentication cookie (see Figure 4). The name of the cookie should be the same as the one specified in the RS web.config file (sqlAuthCookie by default).
  7. Now, navigate to the page that requests a report (default.aspx in our code sample). If everything is OK, tctTrace should intercept the outbound HTTP request and the authentication cookie should be included in the request.
If the authentication cookie is not included in the client request, Forms Authentication will fail because the Report Server cannot find the authentication ticket. As a result, you will be redirected to the Logon.aspx page.

Now you know how to leverage RS Forms Authentication to report-enable Internet-facing applications by preserving report-interactive features without compromising security.

Hopefully, this article has demystified RS custom security and given you the practical implementation skills you need to implement custom security successfully, should your reporting requirements call for it.

Teo Lachev works as a technical architect for a leading financial institution where he designs and implements .NET-centric Business Intelligence solutions. He is a Microsoft Most Valuable Professional (MVP) for SQL Server. Teo is the author of the books Applied Microsoft Analysis Services 2005 and Microsoft Reporting Services in Action.
Comment and Contribute






(Maximum characters: 1200). You have 1200 characters left.



Thanks for your registration, follow us on our social networks to keep up-to-date