I am working with Power Bi report server and want to connect SSAS tabular model in Live connection mode. The problem is my servers are not in the same domain and I am not able to connect to Tabular with this domain windows credential. Is there any way to set the different domain windows credential in power bi RS ? Or if there is any other solution please advise
I solve my problem with NTLM Solution ....
see
https://learn.microsoft.com/en-us/analysis-services/instances/authentication-methodologies-supported-by-analysis-services?view=asallproducts-allversions
Related
I am trying to do custom authentication in my solution that will use Power BI Report Server. The user will see the report through an IFrame pointing to the Report hosted in PBIRS. We want to use CustomAuthentication, only user logged in the site will see the report.
Is It possible to the IIS that will host my Asp page and the PBIRS are in different machines? Or they need to be in the same machine?
I think is not possible, because in one tutorial they said that the IIS web.config and the PBIRS web.config need to have the same machine keys; but I need confirmation.
Thank You
Conclusion: It is possible, taken that both machine hard code the same machine key in the web config, and the cookie can be shared.
You can refer https://stackoverflow.com/a/61456301/7040747, this is a solution on how you connect them together.
C# authenticate a user by decrypting the login cookie using the Machine Key. So if your Power BI Report Server (PBIRS) is able to receive the login credential cookie from your ASP, and able to validate the cookie by successfully decrypting it, PBIRS will then be able to authenticate the user who entered the system.
Let me first describe the actual situation: We want to build a new SQL Server enviroment based on SQL Server 2016. AS you may know, in SQL Server 2016 the mobile reports from Datazen are integrated. So far so good. The Problem: In our current Enviroment, there is one internal Datazen Server and one external server. The external Datazen server exists only to read data from the internal one. So there is no direct Data Access (to Data Sources), the administration part is disabled and only the needed Services (to read from internal server) are installed. We want to build that same archtiecture in SQL Server 2016 Reporting Services. Do you know any way to do that?
I thought the best solution was a second SQL Server with Reporting Services but only read access on the other SQL Server (didn't found any setting like this).
We don't want the internal server to be accessible over the web beacause of security.
interesting question, but not sure i understand correctly ;) what do you mean with "the external datazen Server exists only to read data from the internal one"? How does this configuration look like? Do you have a sale out Deployment where the external Servers hosts "Web Application" and "Share Cache Instance" while internal Server hosts "Data Acquisition" and the same roles as the external Server?
In SSRS you can also Scale out web frontends, but all Servers will act as "data acquisition server" to stay in datazen terminology. Do you have security concerns with this topology? Whats the difference to have the data "read only" in DMZ or connect from DMZ/external Server to internal datasources? One Option would be to do a secure Application Publishing of internal SSRS Server with a Firewall like Microsoft ISA Server
I am looking for a solution to the following problem:
I have a web application that exposes a Data Warehouse using Views written in my MS-SQL DB
I let the clients of my application use Report Builder to create RDL files against these Views
My application then uploads the RDL files to the SSRS server and makes the required modifications to allow users displaying these reports in different places in my Application.
The problem:
As long as the client's machine has access to the MS SQL server using port 1433 i have no problems with the described scenario.
One of the clients has strict security polices and will not open port 1433 to the SQL server and because of that all the solution I have with reporting will not work.
Can you suggest a workaround or a different approach that will no have to use port 1433 ?
Event if it will require to install some additional software or expose the Views in a different way I'm looking for something that can help me create the same solution without the requirement of port 1433.
Only thing I can think of is an RDP to another server or like a citrix published app or virtualized application where the host server it is running off of would have access
I have few ssrs 2008 reports.I have created group of users and gave all required permissions to that group.
Now when I am running those reports I am getting strange error.
Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'
I don't know from where it came.
I got suggestion that its a issue related to Kerberos authentication. Please some one knows how to solve this let me know.
Or some one knows to solve this kerberos issue also tell me in steps if possible.
Thanks
Vik
Are your reports using pass-through integrated authentication, defined user integrated authentication, or sql user authentication? I suspect the first, in which case you're dealing with the difference between impersonation and delegation.
When connecting to a web server using integrated authentication, behind the scenes you are actually using NTLM or Kerberos. Both allow the process running your web server to act as you. NTLM's impersonation via security token prevents the server from connecting to yet another server as you (that is, to the DB server) and there acting as you again—this is the "double-hop" problem. Kerberos instead uses delegation, passing a ticket around that each server can check for validity and allow.
To get Kerberos working there are several requirements.
If you're connecting to the web server using a name other than its main DNS name (using as an alias) you have to register the alias as valid for the machine with SetSPN. You can have problems with the SPN (Service Principal Name) even without this. Check the SPN on your servers carefully to see if it matches what you expect.
The server you initially connect to must be "trusted for delegation" in your domain policy.
The user that your web server is running under must be "trusted for delegation" as well.
You can work around all this stuff by just making your reports have stored credentials of some sort rather than using pass-through authentication.
The difference between dev and test could be the IIS user, or the data source.
Now, I am assuming here that you're not using SharePoint and are just doing a normal SSRS web install. So if that is not correct please say so.
We have a analysis services olap cube (SSAS 2008) deployed at a test server (MS Serve 2008) in our domain, you can browse the olap cube via ssms without problem. No problems with olap cube itself so far. The user account is admin on the analysis services server.
We also have reporting services (SSRS 2008) installed at the same test server and have a datasource inside the reporting services report that fetch data from the analysis service olap cube. We have set up windows integrated authentication setting but the user trying to connect trough reporting services report to the olap cube get access denied.
An error has occurred during report processing. (rsProcessingAborted)
Query execution failed for dataset 'DsMillCd'. (rsErrorExecutingCommand)
Either the user, KORSNET\TFMAN, does not have access to the AnalysisServices database, or the database does not exist.
If i try out the same olap cube and report trough business intelligence studio local its working, so it must be some setting on the reporting services server.
Do reporting services connect to the analysis services as a another domain account?
I have searched and googled for a answer for about 6 hours now without luck, i'm getting a bit frustrated to get this working.
I think its only a configuration setting that i have missed, so all suggestions are welcome...
Are you logged on as KORSNET\TFMAN?
If the datasource set up for the report is set to use the credentials of the user then it will attempt to authenticate to the database as that user.
Does IE show the site as being part of the local intranet? If not go into security settings and add it.
Does that user actually have permissions to read the database?
It could be the "double-hop" problem where credentials can be carried and used once, but not again, however I think this is unlikely in this situation.