Scenario:
I am trying to do custom authentication( https://github.com/microsoft/Reporting-Services/tree/master/CustomSecuritySample ) in the iframe that will show my report stored on Report Server. I don't want use windows user to authentication, I want use the users of my system.
My doubt:
Is it necessary to register the users of my system in PowerBI Report Server > Report123 > Manage > Security? Or because of custom authentication isn't necessary to register?
Thank You
Related
We have a dashboard deployed on a Power BI Server On-premise. So no Azure AD solutions please.
We would like to display this dashboard on an Extranet Web Application that uses Forms Authentication for its users. We currently use iFrame or redirect URL access, since those are the only options.
We don't want the Users to login again to view reports since they have already logged in to the Application. They are currently being prompted.
How can we use a common credential(preferably AD account) to authenticate/authorize each dashboard view? We want to be able to change the credentials programmatically.
You'll have to implement a custom authentication extension. You should be able to use the existing SSRS documentation, given that Power BI Report Server is essentially a direct superset of SSRS. If you want to use AD accounts, you'll have to establish a normal AD authentication flow in your application, as well as pass on a valid cookie over to the SSRS side of things. Microsoft has pretty extensive documentation, as well as samples on this:
Documentation on custom authentication:
https://learn.microsoft.com/en-us/sql/reporting-services/extensions/security-extension/authentication-in-reporting-services
Repository with samples:
https://github.com/Microsoft/Reporting-Services/tree/master/CustomSecuritySample
I have installed SQL Server 2016 and have successfully published a report and now I want to create a subscription for the report. However, there is no subscription tab within the Web Portal, and there is not a Subscribe option on the drop down menu of the report.
I have made myself an admin and have ran the browser in admin mode. Is there a setting I'm missing to make subscriptions available?
Thanks
You must have access to the report. Before you can subscribe to a report, you must have permission to view it.
For Native mode report servers, the following role assignments affect subscriptions:
The "Manage individual subscriptions" task allows users to create, modify, and delete subscriptions for a specific report. In the predefined roles, this task is part of Browser and Report Builder roles. Role assignments that include this task allow a user to manage only those subscriptions that he or she creates.
The "Manage all subscriptions" task allows users to access and modify all subscriptions. This task is required to create data-driven subscriptions. In predefined roles, only the Content Manager role includes this task.
I have created an SSRS report which I am using in Asp.net website. Reports accepts server, database,user and password to create connection string dynamically. Dynamic connection string is required because user can select a database at the time of log-in and that database need to be used for SSRS.
One requirement is such that user should be able to create SSRS report himself. For the purpose I provided guideline that how to create parameters that are require data-source's dynamic connection string.
One possible problem I thought is if user do not make parameters as hidden, he will have database credential in clear text.
I thought of adding encryption at asp.net website and decryption in SSRS report but decryption function/code will be easily accessible at the time of designing.
Any idea how to overcome the situation?
I suggested that the OP should read the following documentation:
Specify Credential and Connection Information for Report Data Sources
This were the remarks made by the OP:
Prompt the user for credentials :Not possible because some users can view report with provided website user/password. He will have no idea about DB.
Store credentials: Not possible because user will see data in website as well as in report by database selected at the time of log-in. Database selection option is given at the time of log-in in website because there would be more than one database. so one report will show different data based on selected DB by the user.
Use Windows integrated security : Not possible because most of our client are not allowing use to use integrated security for database access. we need to use their provided credentials for all database access.
Use no credentials : we need to use client provided credentials for all database access. Correct me if i missed something from that article
This is my response and answer to the presented problem:
You require a user to login to your website, as soon as the user is logged in you should be able to know who this user is. This also means that you can give a user specific rights/access to your application.
So you can use the Stored Credentials and more specifically use the Integrated Security.
Type | Context for network connection | Data Source
-------------------- | -------------------------------- | -----------------
Integrated security | Impersonate the current user | For all data source types, connect using the current user account
I believe the following documentation might be exactly what you're looking for.
How to: Secure Connection Strings When Using Data Source Controls
I would strongly recommend creating a new table containing data that specifies the different access levels to then have a junction table with the user table. This will make it easy to determine which user has access to which report and allow for an easy implementatuon of the Integraded Security.
Can anybody explain the detailed step by step procedure for form authentication in sql reporting services 2008 r2 .I am new to ssrs ,I need details about how to configure in rsreportserver,web.config files and how to write coding for authentication for ssrs .Is there any special procedure for ssrs forms authentication and how to verify in C# code and where to redirect ?
See these links for some examples & other information from Microsoft:
http://msdn.microsoft.com/en-us/library/xdt4thhy(v=vs.100).aspx
http://msdn.microsoft.com/en-us/library/cc281383.aspx
http://msftrsprodsamples.codeplex.com/wikipage?title=SS2008R2%21Security%20Extension%20Sample
http://www.codeproject.com/Articles/675943/SSRS-Forms-Authentication
The high level summary is:
Create custom authentication process (login form, credential source, backend code to wire it all together)
Extend LogonUser() method of SSRS webservice
Modify configs to expect forms auth, and allow your custom code to run within the app pool
I've done this a few times now, and honestly, it's easier than it sounds.
My domain account is administrator at this server, which runs sql 2008r2 and reporting service. when i navigate to "http://localhost/reports" , i can see the web ui. Anyway, i click to site settings, than navigate to Security tab. At this window i go to New Role Assignment. My problem is at this section. The only roles i see here are System Administrator and System User.
I googled about it, the screenshots i saw all had report server roles like browser,Publisher,Report builder.
Anyhow, is this about the installation process, or could it be about my domain account's permissions, or something other?
Thanks in advance
Edit
When i connect to report server using sql server management studio, in security tab i can see both roles and system roles folders.
Roles in Report Manager are contextual. What you see in site settings are System Roles, they control access to global features (content independent). Browser, Publisher etc - those are Item roles and they are assigned in context of report catalog items (folders, reports, etc) See docs for more http://msdn.microsoft.com/en-us/library/ms156034(v=sql.105).aspx
To summarize, use SSMS is to create or update role definition, or Report Manager to assign roles to users/items