How to avoid Authentication issue in Mozilla FF in SSRS Reports - reporting-services

I've deployed an SSRS report on my PC and am able to access my report through the report manager. When I copied the report URL and opened it on another PC over the network, it asked for credentials when using Mozilla Firefox.
I've tried the following in Firefox:
The about:config "This might void your warranty!" warning page may appear. Click I'll be careful, I promise!, to continue to the about:config page.
In the about:config page, search for the preference network.automatic-ntlm-auth.trusted-uris, and double-click on it.
I've added my server URL in that manner, which prevents the credentials popup from appearing.
I don't think this is the correct way of doing things. If I'd pass around the URL to -say- 100 different users, they would all need to do what i did as described above?
Can anyone help me to avoid credentials popups (username and password), and open the report directly?

check your server URL, must be just "http://server_name" in firefox about:config "network.automatic-ntlm-auth.trusted-uris" key
store credential required in for accessing data source, at report tab "data source"-"Credential stored securely in the report server"
add in security tab "domain user" that has credentials for accessing the report , check only for "Browsing"
enter credential for "domain user",for the first time when showing report in firefox and allow to remember
now it works automatically when you start link shortcut

The report will need credentials to run. (Turning on anonymous access to SSRS is not supported and not recommended.)
Those credentials can come from a few different places.
1. Users are prompted for user name and password.
2. Credentials are stored in the browser (or in Windows.) As you've seen, this is easier to handle with Internet Explorer than Firefox for NTLM authentication. But Firefox does give you an option, as you've mentioned.
3. Some other service or website accesses the report server and hands in credentials. This other service then passes the report on to users. Designing this would require some thought: Would you need to track who accesses this service? How would you secure individual reports?
Your comment suggests that you have conflicting requirements: you aren't allowed to have Firefox automatically log in for security reasons, but you want to have Firefox automatically log in. There's no technical advice that can solve that problem.

Related

Microsoft Edge, Always Prompt Credential for Saveral User When Open Sharepoint O365

i have finished develop a portal site with sharepoint online (O365), and i facing a weird issue.
the issue is when user open the portal site via Microsoft Edge always prompt credential, and there only occoured for several users. but for another user just input credential at first time.
so we just need to let the credential entered at a first time. for next time, then users does not need to enter the credential again.
i have tried to compare the configuration of microsoft edge, but not successfully.
please if you some clue, please help me. thanks
note : for default of home page of Microsoft edge alreadt setted up by the Active Directory server.
I am assuming that you are using MS Edge Chromium browser (Correct me if you are using the Edge legacy browser).
I suggest you paste edge://settings/passwords in the address bar and press the Enter key.
Check and make sure that Sign in automatically option is enabled. if it is disabled then Edge browser every time asks you for permission before signing in to the site.

Logout functionality on SSRS WebPortal

I am able to setup and run the SSRS 2016 environment for reporting purposes
https://learn.microsoft.com/en-us/sql/reporting-services/web-portal-ssrs-native-mode
When i try to access the portal [ similar to the one explained in above link] i can see all my reports and all is working .
ON top right corner of the web portal it shows the user details who currently accessed the portal and its by default the windows user who logged in to the windows. But in a specific scenario i have multiple windows users and i have to to access this report as a different windows user.
For this now i am doing the steps
close the browser
clear cache
open browser and reload report url [localhost/report/browse]
it will ask to input user name and password and i am able to logged in as different user
But is it possible to implement a logout kind of feature similar to webapps so we can redirects to Login page again in SSRS 2016 Web Portal . Is it possible ? Since i cant see anything in the documentation related to this. Can someone helps to get an idea about the implementation
I have this issue a lot while trying to setup sensible hierarchical SSRS security based on AD Groups and SSRS Server Roles and SSRS Folder Security Roles. After my browser caches creds from my NTLM challenge response, I can open an Incognito browser and login with different creds.

How to pass credentials when accessing SSRS report through URLs

I am trying to access a SSRS report using URL like in Expression ="javascript:void(window.open('http://servername/ReportServer/Pages/ReportViewer.aspx?%2fTransaction_All_Reports%2fCustomer_+Payment_Receipt_Report&rs:Command=Render+Name &ReportParameter1=" & Fields!CustTransID.Value & " &rs:Command=Render','_blank' ,'resizeable=1,toolbar=0,status=0,menu=0,top=20,left=20,width=1040,height=1040'))"
When I try to access above Url, I am asked for my network credentials, giving which I get all pages of SSRS report rendered in browser window.
Now I want to display these contents in a popup window inside my webApp. When i try to open it asks credentials,
What i need is it possible to give credentials inside above code block? like my username and password,
I need its directly open w/o asks credenetials
Can anyone help me please ,it save my life...
Depending on the user's browser settings, you may be able to send credentials in the URL. This is generally disabled, though, because it leaves the user password in plaintext.
If accessing the server with Internet Explorer you can use Windows integrated authentication to pass the current user credentials automatically. This depends on the IE security settings.
Otherwise I don't think there's is a good way. Anonymous access to the SSRS server is not recommended, and hard to configure.
If it were my solution, I would have the server side code connect to the SSRS server, retrieve the report and then resend that stream to the user.

SSRS 2008: User Does Not Have Required Permissions

I have already researched the following existing SO questions and the links that they reference:
User '' does not have required permissions, SSRS 2008 on Windows 8
Reporting Services permissions on SQL Server R2 SSRS
SQL Server Reporting Service - Service Manager Error - User Does not have required permission
I've taken the steps already outlined by these suggested solutions, but even after all that and also logging out and back in, nothing has changed. In fact my user name was already listed as a System Administrator before I started any of this.
One of the solutions (http://thecodeattic.wordpress.com/category/ssrs/) also mentions a "Folder Settings" area where you can specify roles for a user - "Content Manager," "Publisher," "Browser," "Report Builder," and "My Reports" - but I don't see a way to navigate to this section anywhere.
Any ideas? Thanks!
SSRS has 2 security/role sections available in the web GUI: Folder Settings and Site Settings. The navigation path to get to each is kind of weird.
For Folder Settings, login to the report server (/Reports by default). In SSRS 2012, there's a button in the top toolbar called 'Folder Settings'. I believe the link is the same in 2008, but it's been a while since we migrated.
Adding user permissions here allows the named users to run reports. Here you should add your own user account, plus the account used to run reports. In my case (web app), this is my IIS Application Pool identity (IIS AppPool\DefaultAppPool).
Site Settings controls who can login to the Report server and access more report metadata. You'll see the 2 roles are System Administrator and System User, so these are all really trusted users. Beyond giving yourself admin, you'll only need to grant permissions to user accounts that do "adminy things", like deploying reports. In my case I've got a local user account that my web application impersonates in order to deploy or delete reports. Users (ReportViewer) don't need this access.
I suspect all you're missing is the Folder Settings (e.g. "permission to run reports") settings, which are accessible from the first page when you login to the report server.
If you don't see that link, try the direct URL:
http://MYREPORTSERVER.COM/Reports/Pages/Folder.aspx?ItemPath=%2f&SelectedTabId=PropertiesTab
(Tested on 2012 only)
It is important to run your browser (IE) "As Administrator".
Another important bit is to go to http://localhost/reports, not http://SERVERNAME/reports !
Than click that "Folder Settings" link. Than follow instructions in that postings above.
I ran into the same pickle myself with the SSRS 2014 user access settings.
In my situation I have a folder for each of the company's departments - which are a lot!!
After some digging (well, digging and actually giving/revoking myself the user rights) I realised that:
1) I have to add each user in the root HOME Folder Settings (just with "browser" role)
2) Doing this will grant that user access to every report in every folder!! What the hell's with that, MicroSoft?!?
3) I have to edit each of the folders for which that user SHOULDN'T have permissions and remove each of these users manually so that, that particular user(s) will eventually have rights just for the one folder(aka dept) they belong to.
Has someone found a better/faster way of achieving this w/o all the extra, huge, painfull, frustrating manual work of removing an user from all the other folders, except the only one that user should only have access in?
If I add an user just to that folder - w/o adding it in the the HOME folder security - then that user will get the same error message as in the OP's description.
And I think I remember, back in the days of SSRS 2005, a SSRS ReportManager admin user was able to edit/modify this so called profiles. I couldn't find that anywhere in SSRS 2014 Report Manager
One trick is to run internet explorer 11 in administrator mode.
Then you can add your windows user.
Also, accessing the URLs in an InPrivate IE tab will raise the permission error.
This worked for me to add my domain account to the local instance:
Create a local admin user within Computer Management
Download and Launch Edge-Chrome as an administrator (https://www.microsoftedgeinsider.com/en-us/)
Ensure you're browsing as a guest by clicking the profile pic to the right of the address bar
Launch the reports site e.g. http://yourpc/reports
Click on the cog in the top right of the web page, select "site settings"
Click "Security" on the left menu and add the user account to Administrator
Reboot for luck
This may work in another browser, but haven't tried it.
EDIT: You'll need to add the domain user to the default folders too.

SSRS Authentication Issues on a fresh install

Once again the SSRS security wall has hit me.
I did a fresh SSRS 2008R2 install.
I created a separate account (ssrs) on my box to access SSRS-related services.
Upon navigating to localhost/reportserver, I was confronted with a windows authentication popup. I entered the ssrs username and pw and after some time was presented with the following error message:
The permissions granted to user 'mybox\ssrs' are insufficient for performing this operation. (rsAccessDenied)
Navigating to localhost/reports/pages/folder.aspx renders the same SQL Server Reporting Services error.
I've setup reportserver.config as follows:
<Authentication>
<AuthenticationTypes>
<RSWindowsBasic>
<LogonMethod>3</LogonMethod>
<Realm></Realm>
<DefaultDomain></DefaultDomain>
</RSWindowsBasic>
</AuthenticationTypes>
<EnableAuthPersistence>true</EnableAuthPersistence>
</Authentication>
Ultimately, what I would like to do, is access the reports through my C# code, which I'm assuming I will use the authenticated user that I've setup on the box.
One post indicates to add the name or group to the ssrs group, which once done, doesn't work with SQLServerReportServerUser$MyBox$MSRS10_50.SQLSERVER2008R2.
Keep in mind, I am not yet able to even view any of the report services menus, as some people have had issues with. I'm at step 1, just trying to see the services.
I've even tried logging in with my admin account on this box - no go - still a permissions issue.
Some step-by-step guidance on this would be helpful.
Thank you.
After several different combinations of trying, the solution has presented itself.
To recap - this is auth issue was right when trying to access localhost/reports and localhost/reportserver - couldn't even get to the Reporting Services homepage.
I had tried setting Full Control permissions for my ssrs user and Everyone on C:\Program Files\Microsoft SQL Server\MSRS10_50.SQLSERVER2008R2\Reporting Services (and all subdirectories) which did NOT work.
Ultimately, I started IE in Administrator mode (right-click on IE, select Run as Administrator), and was able to navigate to localhost/reports which goes to http://localhost/Reports/Pages/Folder.aspx.
Select Folder Settings / New Role Assignment. The New Role Assignment page will allow you to setup specific users you have setup on the box.
In my case, for now and just testing, I just have one user to access all SSRS-related items.
Incidentally, I am accessing /reports through a different browser, so the fact that I'm in IE as Admin, doesn't affect the other separate vendor instance.