I've build an asp.net site with a report viewer control that displays reports hosted on our reporting services report server. Everything works great. But now I need to do the same thing with a public facing site, where I'll need to access my report server through the firewall.
My question is: How do I lock this down to make sure that the end user can only access certain reports?
I think that all I need to do is make sure my IIS, in my DMZ, can talk to the report server. But, I think I'll need to impersonate a user that only has access to the reports I want to make available. On the other hand, if my report server is only accessible from the DMZ, then I won't need to worry about the end user directly connecting to the report server. I seems like any report I want to serve to the outside world just needs to be accessible by the default ASPNET account? I hoping someone can confirm my speculation or tell me where I'm wrong.
I had this problem too. What I had to do was make sure that each report takes a parameter from the application. If your authenticated users have an role through a role provider, and public users do not, you could pass the role as a parameter to the report through the application. That way if a user is not authenticated, the parameter will be null, and the report will not execute.
Related
Our IT Dept gave me an SSRS 2016 Dev Instance to play with. But I have two things that I need to figure out, as I've hit a dead end on:
The AppId I need to run our subscriptions under. It's needed to be setup on the SSRS Server to allow Local Login or the reports would not work.
Can some explain why we would need to allow login locally? Or even if it's the correct way to handle it, or should I be setting up something different for the AppId to work correctly?
I also need to be able to setup shared schedules. However when I click the settings gear, I only have 'My Subscriptions', and I understand I need 'Site Settings' to show up here.
What permissions do they need to setup in order for me to gain access to Site Settings?
Sorry, I'm not sure how to answer the first one. I think because SSRS is an additional service external of SQL Server it needs a local SQL Server login. Not really my forte.
By default there is a BUILTIN\Administrators role. The following link will describe who gets placed in the BUILTIN\Administrators role. Once you're in there, you can get to site settings and add your own security settings and shared schedules.
BUILTIN\Administrators info link
Hope this helps.
So, I'm trying to figure out how best to go about exposing some reports on a SSRS server that's behind the firewall to users on an extranet site, as discussed here. My DBAs have set a constraint that I pass Windows credentials to the server to gain access, and that the server remain behind the firewall. I'm having trouble conceiving of how to do that and still maintain a secure system in a public-facing DMZ. Here are some of my questions:
How can I allow users to authenticate to AD while preventing brute-force account hacking? In other words, one option is to create an app in the DMZ that accepts a u&p, and attempts to authenticated against AD inside the firewall. However, I need to prevent repeat trying and failing.
Assuming I have an authenticated user, how do I pass that credential to the SSRS server? What languages or mechanisms exist to accomplish that? Does this have to be a .NET app or could I manage it through Java?
How would I accomplish permitting the user to interact with the SSRS server? I don't want to loose all the UI functionality of the reports, and I don't want to rewrite it either. It seems like a hack to write an app that acts as a proxy, but that's all I can think of. Ideas?
TIA
We have a SSRS report server 2008 (not R2) on our internal network that has reports (and data) we want users on the Internet to be able to run. We've created a vb.net web application that users will log into and run reports from. The application runs in our DMZ and is connected to the SQL Server database (running on the same server as the SSRS) via an open port.
I suspect we have to use SSRS Web Service to access the reports since url access would require opening up the SQL Reporting Server to the outside (we don't want to do this). Correct?
I've created a page in the Web application that can render a SSRS report to file but I want to display the report to the user on a web page (and still provide ability to save report). What do I need to do? Can I have the resuls of the Render command be displayed in the Report Viewer or some other control?
Pointers to examples would be great.
Thanks
You're looking for the ReportViewer Controls, specifically the Web version (there's also a WinForms version):
If you incorporate that into your web application you will get a control you can place on any page;
The control can connect to your SQL backend from the web server, so you don't have to expose your SQL backend to anyone else;
The control by default renders in the browser (utilizing the html renderer) providing the user with a nice preview.
The control comes with a nice toolbar that allows for navigating, searching, printing, and also exporting (i.e. saving) to various formats.
Check out the download link for Microsoft Report Viewer 2010 Redistributable Package, which contains both the Web and WinForms controls.
PS. Opening up the SSRS Web Service directly to the world is not something you'd typically want to do. The web service is great for secure communication with your own applications, and gives you some more fine-grained control (as you've noted, by creating a page to export/render reports). For providing a site with reports however, I'd recommend the ReportViewer.
I'm a very new user to SSRS. I learned the basic things and am able to make reports using VS 2008 and BIDS. But I can't move further. I want to use the dynamic data source. My issues are:
First the user should input four credentials: a)Server name b) database name c) user id 4) password. It will help to make the connection with database and make the data source. The credential should be stored in session or cookie.
Now the user will be able to see all the reports without giving the credential because he/she has already given them.
I made a dynamic data source but the credentials are asked for every time I open a report.
Any demo project or an articles will be highly appreciated.
It sounds like SSRS alone will not accomplish what you want. SSRS will not provide a good interface for end users to create new datasources, or change existing datasources. There are some potential workarounds that get some of the functionality you desire, such as a method to change servers found at:
http://blog.softartisans.com/2011/04/19/how-to-create-a-dynamic-reporting-services-shared-data-source-using-linked-servers/
(requires the ability to use linked servers.)
But to manage the user session or cookies, you will need more than SSRS. The easiest way to get at this will be with a .NET web site to manage the credentials. It might be able to use a ReportViewer control, or other method of accessing SSRS, such as URL access, to get reporting functionality.
I'm currently using Reporting Services from SQL Server 2012. I know that one of the most common possibility to access reports is to use web server from SSRS itself with its web service. My question is: do we have other possibilities to access these reports, like from our own web page on our own server e.g. IIS or Apache? And do we still need this web server integrated with SSRS?
Sounds like you are looking for this document specifying methods applications can use SSRS. It provides links on how you can implement three methods of server access:
Using the web service
the ReportViewer control
URL access.
URL access can be very easy to implement, you can get the resulting report as a stream and pass it on to the client, save it, display it, &c.
Note that even Report Manager is built using these methods.
There are two methods to access the reports : either from the SSRS web server or from SharePoint.
Note that you can always create a web application that pulls the report list from SSRS and display those reports as you wish by using the SSRS web services.