I am creating a data driven subscription and that requires you to stored credentials. However, they want want a link to the report embedded in the email. If the user clicks the link then stored credentials will be what is authenticated and not the actual user.
They would like the user to be prompted for authentication when they manually execute the report. Here are a couple of things I was considering:
I think I can accomplish this by creating a copy of the report that uses a different data source configured to prompt the user for credentials and use the URL to this report to include in the data driven subscription.
I don't think I can do this, in sql update the Credential Retrieval to go from Using the Following Credentials to Prompt the User for Credentials. However, if you switch it back to use the setting Using the Following Credentials, then I will need to reapply the username and password. Not quite for sure how to do that programmatically.
Does anybody else have an idea on how to handle this?
Related
I have a SSRS report for which the Datasource is connected via Database credentials. Now I wanted to restrict a parameter dropdown based on the user using the report.
I tried impersonating the user but it didnt work.
I tried getting the User!UserID within SSRS, but it didn't work.
How can I get the Windows login of the user? Is there any other way or am I missing anything?
Edit -
Not everyone in the organisation has got access to the Database, hence we use the Database user login. But we have a table which holds the AD login and using that I need to restrict the drop down lists in the parameter.
You'll have to change the credentials on the datasource to use windows authentication. If this is a shared datasource you might have to create a new datasource that use windows authentication and point your datasets to that instead.
I am trying to send a login payload which is
{"username":"EMAIL","password":"PASSWORD","wnaMode":"modal"}
to https://www.zalando.nl/api/reef/login I am doing this so my program can login and get all my orders and put it in a spreadsheet automatically, however when I send the post request I get this back
Access Denied
You don't have permission to access "http://failover.www.zalando.de/waf_deny_shop.html?" on this server.
Reference #18.9f633e17.1577580584.7b7612d
What could I do?
This is a result of a bot-protection solution they use, it is working against login automations just like the one you wrote. Consider a scenario where someone is brute-forcing the password of a specific user or just tries to re-use credential dumps (AKA "credential stuffing") - this is why this defense mechanism is in place.
I have created an SSRS report which I am using in Asp.net website. Reports accepts server, database,user and password to create connection string dynamically. Dynamic connection string is required because user can select a database at the time of log-in and that database need to be used for SSRS.
One requirement is such that user should be able to create SSRS report himself. For the purpose I provided guideline that how to create parameters that are require data-source's dynamic connection string.
One possible problem I thought is if user do not make parameters as hidden, he will have database credential in clear text.
I thought of adding encryption at asp.net website and decryption in SSRS report but decryption function/code will be easily accessible at the time of designing.
Any idea how to overcome the situation?
I suggested that the OP should read the following documentation:
Specify Credential and Connection Information for Report Data Sources
This were the remarks made by the OP:
Prompt the user for credentials :Not possible because some users can view report with provided website user/password. He will have no idea about DB.
Store credentials: Not possible because user will see data in website as well as in report by database selected at the time of log-in. Database selection option is given at the time of log-in in website because there would be more than one database. so one report will show different data based on selected DB by the user.
Use Windows integrated security : Not possible because most of our client are not allowing use to use integrated security for database access. we need to use their provided credentials for all database access.
Use no credentials : we need to use client provided credentials for all database access. Correct me if i missed something from that article
This is my response and answer to the presented problem:
You require a user to login to your website, as soon as the user is logged in you should be able to know who this user is. This also means that you can give a user specific rights/access to your application.
So you can use the Stored Credentials and more specifically use the Integrated Security.
Type | Context for network connection | Data Source
-------------------- | -------------------------------- | -----------------
Integrated security | Impersonate the current user | For all data source types, connect using the current user account
I believe the following documentation might be exactly what you're looking for.
How to: Secure Connection Strings When Using Data Source Controls
I would strongly recommend creating a new table containing data that specifies the different access levels to then have a junction table with the user table. This will make it easy to determine which user has access to which report and allow for an easy implementatuon of the Integraded Security.
I have a requirement to generate an email to administrator whenever a user sign up. Administrator will approve the registration by clicking on a link provided in email and database should get updated, without admin to login to administrator console.
I am looking for best practice to code this scenario with keeping application security intact. I can generate email with dynamic rendom value attached to the link(provided in email) URL, but i am not sure how to keep a track of this on application side?
Any thoughts?
You could generate a random validation number when the user signs up, and store it in the database with the user record. Then generate an email with a link such as
http://foo.bar.com/approveUser.action?userId=<theUserId>&validationToken=<theRandomNumber>
When the approveUser action is invoked, check if the validation token stored in the database for the given user ID matches with the token sent as parameter, and if so, approve the user.
I am not able to create subscriptions for SSRS reports as it gives the following error:
Subscriptions cannot be created because the credentials used to run
the report are not stored, or if a linked report, the link is no
longer valid.
My set up is as following:
ServerA - Database Server
ServerB - Report Server
MachineC - Internet explorer to view the reports
So I am viewing reports on Machine C, IE, and ServerB connects to ServerA for Datasource.
The problem sounds like the report expects the user to provide credentials when it is viewed. When you create a subscription, it does not have the credentials to execute the report.
Go to the report, click the properties tab, then choose Data Sources in the left pane.
Are you using a shared data source? Is it using Windows integrated security? If so, can you change it to use a service account made just to run these reports? You may need to view these properties by viewing the data source itself.
If it is a custom data source is the option "Credentials supplied by the user running the report" selected? If so, can you change it to "Credentials stored securely in the report server"?
Either way, if you want to set up a subscription, I have made it work by providing credentials in the data source rather than have the user input them.
If you are worried about security, I would suggest managing that on the report level rather than the data source level.
What the error does not make clear is, in order to be able to subscribe to a report not only must the data source be set to "Credentials stored securely in the report server" you must also not select the option "Impersonate the authenticated user after a connection has been made to the data source".
The way I did was to create a new data source in the report builder and explicitly provided the username and password there to be used.
Then, used that username password with the new data source with the report and voila it worked.
I faced same issue as you, and i found its solution, as #richard said already that it is related to credential of data source you use for your deployed report.
To resolve it Follow these steps:
1. Right click on your shared Data source which you use in your deployed report.
2. Click On Edit Button.
3. a new window will open click on Credential from left pane, Select Use this user name and password then click ok.
4. Check on Save these credential option you get on to previous screen.
5. Test connection and if succeed click ok and deploy your project on report server.
For reference plese look at screen shot given below:
Thanks.