My goal is to perform Single sign on functionality from my WPF application which has a embedded browser . Single sign on needs to be implemented for this so that the user should not be asked to enter this credentials again to check the reports from the wpf browser. I need to create a local environment for testing this functionality from my side since I am developing for a product i.e a sql report which has forms authentication and logging to the report from my application. I have browsed almost everything on the net regarding this implementation and the sample provided by microsoft for forms authentication is not working. I also find certain condition that the sample will not work in Itanium based processors etc.. and I am working on ssrs 2012. Sign on with capturing the DOM of reporting site and peforming the login wouldn't be a good idea since this is for a product and reporting login will not be same. I am thinking of implementing with Httpwebrequest and Response, but still not clear on implementing. Some one please provide me crisp and working solution for my implementation. Thanks in advance.
Some one please provide me crisp and working solution for my
implementation.
I wouldn't count on that, especially if you're asking for a source code solution.
Single sign-on assumes that you still have an authentication server somewhere, something like Google OAuth. From your question, it isn't quite clear to me if that's what your looking for. If you just need to supply custom credentials to WebBrowser control, that's still possible, but that solution is for WinForms version of WebBrowser control. The WPF version is sealed from customization, so you may have better luck hosting the WinForms WebBrowser in your WPF project, using WindowsFormsHost.
I finally found the way for Implementing single sign on for reporting services. The standard way for implementing single sign on for forms authentication is by using custom security extension sample. The configuration is a bit tricky, But once the configuration is done single sign on needs to be done by getting the auth token by calling Logonuser() methon in reporting service. The below code passes the credentials and returns auth token.
Configuring forms authentication can be found detailed here
http://www.codeproject.com/Articles/675943/SSRS-2012-Forms-Authentication
The below code helps me to achieve single sign on.
[DllImport("wininet.dll", CharSet = CharSet.Auto, SetLastError = true)]
static extern bool InternetSetCookie(string lpszUrlName, string lpszCookieName, string lpszCookieData);
private void GetAuthToken(string username, string password)
{
// Step1: Add reference to report service either by directly referencing the reportinservice.asmx service of by converting wsdl to class file.
ReportServerProxy2010 rsProxy = new ReportServerProxy2010();
//Step2: Assign the report server service eg:"http://<servername>/ReportServer/ReportService2010.asmx";
rsProxy.Url = string.Format(ReportServerUrl, ReportServer);
try
{
rsProxy.LogonUser(username,password, null);
Cookie authCookie = rsProxy.AuthCookie;
if (authCookie != null)
{
//Internet Set Cookie is a com method which sets the obtained auth token to internet explorer
InternetSetCookie(Url, null, authCookie.ToString());
}
}
catch (Exception ex)
{
}
}
//When navigating now, the auth token is accepted and report manager page is displayed directly without asking for login credentials.
WebBrowserControl.Navigate(new Uri("");}
I recently encountered a strange thing. On some of my company's servers when an exception message is printed out (yes, bad, I know. It's for debugging), the actual message isn't displayed. Instead it displays the key for an external string resource and says that "Debugging resource strings are unavailable"
After some research I've come up with the following:
In release mode, Silverlight does not package the xap with the dlls containing the actual error messages in order to save space.
I've found workarounds for OLD versions, but nothing for 4. It seems like there are Developer versions of the SL 2 and 3 runtime which will resolve the errors automatically, but I cannot find one for SL 4.
So my question is this:
What the heck do I need to do to my SL 4 app / computer to let me see the full, detailed errors when it's in release mode?
You can download the developer runtime (which contains the full exception strings) from the GetStarted page - http://www.silverlight.net/getstarted/ - search for "Developer Runtimes for Windows and OSX", it's near the bottom of the page.
Though it is too late to reply, it may help somebody else. We have a web application using Silverlight 4, installed in various test environments. This web application consumes more than one WCF services. All but one of the test environment sites consistently failed with message "Debugging Resource strings are unavailable". Agreeably the real exception was swallowed. Being a Silverlight application, there was no logging, and it always appeared that there was something failing in the Silverlight component. I connected the application in my development environment to that particular test environment, and found out that the problem was in fact in one of the WCF services. I fixed the problem at the service end and the SL component stopped having this problem.
Why was the WCF failing?
The WCF service had the following code in the constructor:
public MyService()
{
//Create an instance of Data Lookup service asycnchronously.
if (_dataLookupSrvc == null)
{
try
{
System.Threading.Tasks.Task.Factory.StartNew(() => _dataLookupSrvc = new LookupDataService.LookupDataService());
}
catch (Exception ex)
{
_log.Error<Exception>(ex);
}
}
}
Somebody moved the underlying LookupDataService.dll from the service folder causing the constructor to fail, but not right away. As the LookupDataService instance was created in anonymous method, the exception logging in this method never took place. Once the LookupDataService.dll was dropped in the service folder, the "Debugging Resource strings are unavailable" message went away.
It was a fun wild goose chase!
Have you already checked the event viewer on the machine where the application crashed? Start->Run. eventvwr
I have successfully implemented Forms Authentication in SSRS, so it now uses both Roles and Users from my website, using the ordinary asp.net membership framework.
I can log in to the portal and run any report, as long as I have the correct role from my original app. All good.
However, if I create a subscription, then, when the subscription runs, I don't get my report, but rather this message in the log:
subscription!WindowsService_0!161a0!10/21/2009-22:42:05:: i INFO:
Microsoft.ReportingServices.Diagnostics.Utilities.InternalCatalogException:
An internal error occurred on the report server. See the error log for more details. --->
System.Configuration.Provider.ProviderException:
The Role Manager feature has not been enabled.
at System.Web.Security.Roles.EnsureEnabled()
at System.Web.Security.Roles.GetRolesForUser(String username)
at MyApp.ReportServer.Security.Module.Authorization.CheckAccess(String userName, IntPtr userToken, Byte[] secDesc, ReportOperation requiredOperation)
at Microsoft.ReportingServices.Library.Security.CheckAccess(ItemType catItemType, Byte[] secDesc, ReportOperation rptOper, String reportPath)
at Microsoft.ReportingServices.Library.SecurityRequirements.CheckAccess(ItemType itemType, Byte[] securityDescriptor, String itemPath)
at Microsoft.ReportingServices.Library.DefinitionLoader.GetParameterDefinition(CatalogItemContext itemContext, String historyId, Boolean forRendering, SecurityRequirements requirements)
at Microsoft.ReportingServices.Library.RSService.GetReportParameters(ClientRequest session, CatalogItemContext reportContext, Boolean forRendering)
at Microsoft.ReportingServices.Library.RSServiceDataProvider.GetParameters(ClientRequest session, CatalogItemContext reportContext)
at Microsoft.ReportingServices.Library.RenderForNewSession.GetReportParameters()
at Microsoft.ReportingServices.Library.RenderForNewSession.GetReportMetadata()
at Microsoft.ReportingServices.Library.RenderForNewSession.get_ExecuteExistingSnapshot()
at Microsoft.ReportingServices.Library.RenderForNewSession.GetExecutionStrategy()
at Microsoft.ReportingServices.Library.ReportExecutionBase.InternalExecuteReport()
at Microsoft.ReportingServices.Library.ReportExecutionBase.Execute()
at Microsoft.ReportingServices.Diagnostics.CancelablePhaseBase.ExecuteWrapper()
--- End of inner exception stack trace ---
The MyApp line is my custom security extension.
I have the RoleManager and membership provider setup in web.config in the /ReportServer directory.
Does the subscription runner circumvent the website settings somehow?
UPDATE:
Ok, so I found out, that apparently it is running with whatever is values is set in MACHINE.CONFIG when a subscription is being evaluated/triggered by sql agent.
Any clues why it doesn't use the web.config settings, but goes straight to machine.config?
I not formiliar with SSRS, but I am with .NET / membership providers and web/app/machine.config.
Your exception states subscription!WindowsService_0!161a0!10/21/2009-22:42:05::
I think this means the subscription service is a windows service and doesn't run in IIS. This means it has a different configuration file.
http://reportserver -> IIS -> web.config (Your configuration)
subscription!WindowsService -> Services -> app.config -> machine.config.
Hope it helps.
I created a report model using SSRS (2005) and published to the local server. But when I tried to run the report for the model I published using report builder I get the following error.
Report execution error:The permissions granted to user are insufficient for performing this operation. (rsAccessDenied)
It's because of lack of privilege for the user you are running the report builder, just give that user or a group a privilege to run report builder.
Please visit this article
Or for shortcut:
Start Internet Explorer using "Run as Administrator"
Open http://localhost/reports
Go to properties tab (SSRS 2008)
Security->New Role Assignment
Add DOMAIN/USERNAME or DOMAIN/USERGROUP
Check Report builder
I know it's for a long time ago but you (or any other new comers) can resolve this issue by
Add the [Domain\User] to Administrator, IISUser, SQLReportingUser groups
Delete Encryption Key in SSRS configuration tools
ReRun the Database Change in SSRS configuration tools
Open WebServiceUrl from SSRS configuration tools (http://localhost/reportserver)
creating Reports Folder manually
go to Properties of created folder and add these roles to security (builtin\users , builtin\Administrator, domain\user)
Deploy your reports and your problem resolved
Right Click Microsoft BI -> Click Run as Administrator -> either open your existing SSRS report or create your new SSRS report and then deploy your report after that complied you will be received one web URL for to view your report. Copy that URL and paste to web browser(Run as Administrator) and you will get your report view.
You could use Internet Explorer, which would be essential for web service
If it is wrong means,Please forgive me since i did like this so that i just written.
Make sure you have access configured to the URL http://localhost/reports using the SQL Reporting Services Configuration. To do this:
Open Reporting Services Configuration Manager -> then connect to the report server instance -> then click on Report Manager URL.
In the Report Manager URL page, click the Advanced button -> then in the Multiple Identities for Report Manager, click Add.
In the Add a Report Manager HTTP URL popup box, select Host Header and type in: localhost
Click OK to save your changes.
Now start/ run Internet Explorer using Run as Administator...
(NOTE: If you don't see the 'Site Settings' link in the top left corner while at http://localhost/reports it is probably because you aren't running IE as an Administator or you haven't assigned your computers 'domain\username' to the reporting services roles, see how to do this in the next few steps.)
Then go to: http://localhost/reports (you may have to login with your Computer's username and password)
You should now be directed to the Home page of SQL Server Reporting Services here: http://localhost/Reports/Pages/Folder.aspx
From the Home page, click the Properties tab, then click New Role Assignment
In the Group or user name textbox, add the 'domain\username' which was in the error message (in my case, I added: DOUGDELL3-PC\DOUGDELL3 for the 'domain\username', in your case you can find the domain\username for your computer in the rsAccessDenied error message).
Now check all the checkboxes; Browser, Content Manager, My Reports, Publisher, Report Builder, and then click OK.
You're domain\username should now be assigned to the Roles that will give you access to deploy your reports to the Report Server. If you're using Visual Studio or SQL Server Business Intelligence Development Studio to deploy your reports to your local reports server, you should now be able to.
Hopefully, that helps you solve your Reports Server rsAccessDenied error message...
Just to let you know this tutorial was done on a Windows 7 computer with SQL Server Reporting Services 2008.
Reference Article: http://techasp.blogspot.co.uk/2013/06/how-to-fix-reporting-services.html
You can also make sure that the Identity in your Application Pool has the right permissions.
Go to IIS Manager
Click Application pools
Identify the application pool of the site you are deploying reports on
Check that the identity is set to some service account or user account that has admin permissions
You can change the identity by stopping the pool, right clicking it, and selecting Advanced Settings...
Under Process Model is the Identity field
I have used following steps and it is working for me.
Open Reporting Services Configuration Manager -> then connect to the report server instance -> then click on Report Manager URL.
In the Report Manager URL page, click the Advanced button -> then in the Multiple Identities for Report Manager, click Add.
In the Add a Report Manager HTTP URL popup box, select Host Header and type in: localhost
Click OK to save your changes.
Then:
copied the report server URL
Run Google chrome/Internet Explorer as administrator
Paste URL in address bar and press enter.
it is working fine for me on Internet Explorer and Google Chrome but not for mozilla Firefox.
In case of Firefox asking for username and Password I am providing it but it is not working. I am admin and have full right.
I have done 1 more change set "User Account Control Settings" to never notify.
If you are getting such type of exception while deploying this report from Visual Studio then do the following things:
Open Google chrome/Internet Explorer with administrator right.
open report server URL in it.
3.Click on "New Role Assignment" add the then enter the user name and select the Roles
.
click ok.
Now deploy the report from Visual studio it will work and deploy the reports at specified server.
under Site setting in Reports manager >Configure system-level role definitions > check ExecuteReport Defination option
then
Create a System UserGroup, Give the access to that group at
Connect to your reporting Services Data base in server properties and add a group and permite the access as System User... It should work
I have SQL2008 / Windows 2008 Enterprise and this is what I had to do to correct the rs.accessdenied, 404, 401 and 503 errors:
Added NT Users to SQL Report Server Users and IIS_USR Group
I changed SQL Reporting Service to Local account (it was Domain with Local Admin)
I deleted encryption key in Reporting Services Configuration (last tab on the list)
and THEN it worked.
Open internet explorer as administrator.
Open the reports url http://machinename/reportservername
then in 'folder settings' give permission to required user-groups.
Old but relevant issue. I solved for 2012 by logging in to the reporting server and:
browse to http://localhost/reports/
Click 'Site Settings' in the top-right (was only available when logging in to the report server)
Go to the 'Security' tab and click 'New Role Assignment'
Added my DOMAIN\USERNAME as a System Administrator
Can't say that I'm comfortable with this solution, but I needed something that worked and it worked. Hope this helps someone else.
After setting up SSRS 2016, I RDP'd into the server (Windows Server 2012 R2), navigated to the reports URL (https://reports.fakeserver.net/Reports/browse/) and created a folder title FakeFolder; everything appeared to be working fine. I then disconnected from the server, browsed to the same URL, logged in as the same user, and encountered the error below.
The permissions granted to user 'fakeserver\mitchs' are insufficient
for performing this operation.
Confused, I tried pretty much every solution suggested on this page and still could not create the same behavior both locally and externally when navigating to the URL and authenticating. I then clicked the ellipsis of FakeFolder, clicked Manage, clicked Security (on the left hand side of the screen), and added myself as a user with full permissions. After disconnecting from the server, I browsed to https://reports.fakeserver.net/Reports/browse/FakeFolder, and was able to view the folder's contents without encountering the permissions error. However, when I clicked home I received the permissions error.
For my purposes, this was good enough as no on else will ever need to browse to the root URL, so I just made a mental note whenever I need to make changes in SSRS to first connect to the server and then browse to the Reports URL.
Problem:
Error rsAccessDenied : The permissions granted to user 'User\User' are insufficient for performing this operation.
Solution:
Click "Folder Setting" > "New Role Assignment"
Then type "User\User" in the 'Group or user name text box'.
Check the Roles check boxes that you would want the user to have.
What Worked for me was:
Open localhost/reports
Go to properties tab (SSRS 2008)
Security->New Role Assignment
Add DOMAIN/USERNAME or DOMAIN/USERGROUP
Check Report builder
This worked for me-
-go to the report manager, check site settings-> Security -> New Role Assignment-> add the user
-Also, go to Datasets in report manager -> your report dataset -> Security -> New Role Assignment -> add the user with the required role.
Thanks!
I know it's for a long time ago but may be helpful to any other new comers,
I decided to pass user name,password and domain while requesting SSRS reports, so I created one class which implements IReportServerCredentials.
public class ReportServerCredentials : IReportServerCredentials
{
#region Class Members
private string username;
private string password;
private string domain;
#endregion
#region Constructor
public ReportServerCredentials()
{}
public ReportServerCredentials(string username)
{
this.Username = username;
}
public ReportServerCredentials(string username, string password)
{
this.Username = username;
this.Password = password;
}
public ReportServerCredentials(string username, string password, string domain)
{
this.Username = username;
this.Password = password;
this.Domain = domain;
}
#endregion
#region Properties
public string Username
{
get { return this.username; }
set { this.username = value; }
}
public string Password
{
get { return this.password; }
set { this.password = value; }
}
public string Domain
{
get { return this.domain; }
set { this.domain = value; }
}
public WindowsIdentity ImpersonationUser
{
get { return null; }
}
public ICredentials NetworkCredentials
{
get
{
return new NetworkCredential(Username, Password, Domain);
}
}
#endregion
bool IReportServerCredentials.GetFormsCredentials(out System.Net.Cookie authCookie, out string userName, out string password, out string authority)
{
authCookie = null;
userName = password = authority = null;
return false;
}
}
while calling SSRS Reprots, put following piece of code
ReportViewer rptViewer = new ReportViewer();
string RptUserName = Convert.ToString(ConfigurationManager.AppSettings["SSRSReportUser"]);
string RptUserPassword = Convert.ToString(ConfigurationManager.AppSettings["SSRSReportUserPassword"]);
string RptUserDomain = Convert.ToString(ConfigurationManager.AppSettings["SSRSReportUserDomain"]);
string SSRSReportURL = Convert.ToString(ConfigurationManager.AppSettings["SSRSReportURL"]);
string SSRSReportFolder = Convert.ToString(ConfigurationManager.AppSettings["SSRSReportFolder"]);
IReportServerCredentials reportCredentials = new ReportServerCredentials(RptUserName, RptUserPassword, RptUserDomain);
rptViewer.ServerReport.ReportServerCredentials = reportCredentials;
rptViewer.ServerReport.ReportServerUrl = new Uri(SSRSReportURL);
SSRSReportUser,SSRSReportUserPassword,SSRSReportUserDomain,SSRSReportFolder are defined in web.config files.
The report might want to access a DataSource or DataView where the AD user (or AD group) has insuficcient access rights.
Make sure you check out the following URLs:
http://REPORTSERVERNAME/Reports/Pages/Folder.aspx?ItemPath=%2fDataSources
http://REPORTSERVERNAME/Reports/Pages/Folder.aspx?ItemPath=%2fDataSets
Then choose Folder Settings
(or the appropriate individual DataSource or DataSet) and select Security. The user group needs to have the Browser permission.
What worked for me was:
Go to Site Setting
Click on "Configure site-wide security"
Click "New Role Assignment" button in top bar
Give the new role the following name "Everyone"
Of the available roles, grant it "System User" only
Click "Apply"
That should do it,
Good luck!
Just like Nasser, I know this was a while ago but I wanted to post my solution for anyone who has this problem in the future.
I had my report setup so that it would use a data connection in a Data Connection library hosted on SharePoint. My issue was that I did not have the data connection 'approved' so that it was usable by other users.
Another thing to look for would to make sure that the permissions on that Data Connection library also allows read to the select users.
Hope this helps someone sooner or later!
For SQL Reporting Services 2012 - SP1 and SharePoint 2013.
I got the same issue:
The permissions granted to user '[AppPoolAccount]' are insufficient for performing this operation.
I went into the service application settings, clicked Key Management, then Change key and had it regenerate the key.
Thanks for Sharing. After struggling for 1.5 days, noticed that Report Server was configured with wrong domain IP. It was configured with backup domain IP which is offline. I have identified this in the user group configuration where Domain name was not listed. Changed IP and reboot the Report server. Issue resolved.
Run BIDS as administrator despite of existing membership of Administrators group.