• Replies 3 replies
  • Subscribers 338 subscribers
  • Views 31 views
  • Users 0 members are here
Related

SSRS 2008 Security

Nick Insell
$organization

Hi Guys

I'm hoping to get some advise from about the Setup of SSRS 2008, especially inside consoritia.

We have managed to setup SSRS 2008 and it works great in our main company domain but we have hit a bit of stumbling block when getting other untrusted Domains from accessing it.  In 2005 this was simple as we could just setup anonymous access to the reports through IIS.  In 2008 security is no longer handled by IIS and this is causing us a massive headache.

Has anyone got any suggestions on how to get around this.  I know it is a requriement for version 11 so keen to get setup very soon.

Thanks

Nick

  • $organization

    Yep, Microsoft has done it again.

    There are a few elaborate options...see this excerpt: http://searchsystemschannel.techtarget.com/feature/SQL-Server-2008-Reporting-Services-for-Internet-deployment

    Also see this: http://blogs.msdn.com/b/jameswu/archive/2008/07/15/anonymous-access-in-sql-rs-2008.aspx

    Or

    1. Create a new user in Windows 2008 server. (i.e. ReportingServices)
    2. Created a classic application pool, and assigned the identity execution to my new ReportingServices account in the server
    3. Associated the ReportingServices credential to a browser role inside the report server (http://localhost/Reports) for the report being rendered inside my asp.net application using the report viewer. (Folders above reports are still locked, so no browsing allowed)
    4. Disabled prompting for report parameters and disabled default values for parameters (can't render report from portal now)
    5. Set default parameter values via the parameter array of my report viewer.
    6. associated ASP.Net application to application pool being ran by my ReportingSevices credentials

    I have actual done something similar in SSRS 2005 but I created a .NET skin because I wanted more robust parameter functionality for one of my reports. However, this method obviously requires more overhead because you need to deploy a report and an application (the skin). Good Luck.

  • $organization


    Thanks for the tips Matt.  I have tried going through setting up anonymous access as a pre cursor for maybe setting up my own custom authentication problem.  Wasn’t too successful first time but will have another go soon.  I seem to be hitting problems with the actual compiled authentication dll as the instruction aren’t completely clear.

     

    Might have to think about deploying two SSRS servers as at the moment to get around this problem.  According to the tessitura documentation the SSRS paths can be organisation specific.  So might be possible to deploy SSRS on more than one server.  Will need to test this out though!

     

    Thanks

     

    Nick

     

    From: Tessitura Technical Forum [mailto:forums-technical@tessituranetwork.com] On Behalf Of Matt Winchester
    Sent: 09 September 2011 19:17
    To: Nick Insell
    Subject: Re: [Tessitura Technical Forum] SSRS 2008 Security

     

    Yep, Microsoft has done it again.

    There are a few elaborate options...see this excerpt: http://searchsystemschannel.techtarget.com/feature/SQL-Server-2008-Reporting-Services-for-Internet-deployment

    Also see this: http://blogs.msdn.com/b/jameswu/archive/2008/07/15/anonymous-access-in-sql-rs-2008.aspx

    Or

    1. Create a new user in Windows 2008 server. (i.e. ReportingServices)
    2. Created a classic application pool, and assigned the identity execution to my new ReportingServices account in the server
    3. Associated the ReportingServices credential to a browser role inside the report server (http://localhost/Reports) for the report being rendered inside my asp.net application using the report viewer. (Folders above reports are still locked, so no browsing allowed)
    4. Disabled prompting for report parameters and disabled default values for parameters (can't render report from portal now)
    5. Set default parameter values via the parameter array of my report viewer.
    6. associated ASP.Net application to application pool being ran by my ReportingSevices credentials

    I have actual done something similar in SSRS 2005 but I created a .NET skin because I wanted more robust parameter functionality for one of my reports. However, this method obviously requires more overhead because you need to deploy a report and an application (the skin). Good Luck.

    From: Nick Insell <bounce-nicholasinsell2570@tessituranetwork.com>
    Sent: 9/5/2011 9:50:53 AM

    Hi Guys

    I'm hoping to get some advise from about the Setup of SSRS 2008, especially inside consoritia.

    We have managed to setup SSRS 2008 and it works great in our main company domain but we have hit a bit of stumbling block when getting other untrusted Domains from accessing it.  In 2005 this was simple as we could just setup anonymous access to the reports through IIS.  In 2008 security is no longer handled by IIS and this is causing us a massive headache.

    Has anyone got any suggestions on how to get around this.  I know it is a requriement for version 11 so keen to get setup very soon.

    Thanks

    Nick




    This message was sent automatically to you by www.tessituranetwork.com because you subscribed to the Tessitura Technical Forum. You may reply to this message to post to the Technical forum or visit the site to search, read and post to the forums. In the interest of keeping the forum posts from becoming cluttered, we encourage you to delete previous message text from your reply before sending. Thank you!



    Mae’r ohebiaeth hon at ddefnydd y derbynnydd/derbynyddion bwriadedig yn unig. Os nad chi yw’r derbynnydd/derbynyddion bwriadedig, nodwch fod dosbarthu, copïo neu ddefnyddio’r ohebiaeth hon neu’r wybodaeth ynddi mewn unrhyw ffordd wedi ei wahardd yn gyfangwbl a gall fod yn anghyfreithlon. Os ydych wedi derbyn yr ohebiaeth hon trwy gamgymeriad a fyddech cystal â’i ddychwelyd i’r anfonwr. Yn yr achos hwn byddem yn ddiolchgar pe gallech hefyd anfon yr ohebiaeth at administrator@wmc.org.uk ac yna dileu’r e-bost a dinistrio unrhyw gopïau ohono. Cwmni cyfyngedig dan warrant, cofrestrwyd yng Nghymru a Lloegr. Rhif Cwmni 3221924. Rhif Elusen 1060458. Swyddfa gofrestredig: Plas Bute, Bae Caerdydd, Caerdydd CF10 3AL

    This communication is for the exclusive use of the intended recipient(s). If you are not the intended recipient(s) please note that any form of distribution, copying or use of this communication or the information in it is strictly prohibited and may be unlawful.If you have received this communication in error please return it to the sender. In this event would be grateful if you would also copy the communication to administrator@wmc.org.uk then delete the email and destroy any copies of it. A company limited by guarantee, registered in England and Wales. Company number 3221924. Charity number 1060458. Registered office: Bute Place, Cardiff Bay, Cardiff CF10 5AL
  • $organization

    In v11, the new Tessitura WebReports web application is essentially a front end for SSRS reporting used in the Tessitura application.  It uses OAuth authentication to handle the standard Tessitura security credentials.  The WebReports application uses an application user defined in its config file to connect directly to the RS Report Server.  This is similar to how the API works and is geared for internal and external deployment.  Matt is correct in that out of the box Windows Integrated Security is the default auth mechanism, and you’d have to switch to basic or custom auth to get direct access to SSRS without using an intermediary means of authentication.

     

    +Ryan Creps

    +Tessitura Network

     

    From: Tessitura Technical Forum [mailto:forums-technical@tessituranetwork.com] On Behalf Of Nick Insell
    Sent: Thursday, September 15, 2011 4:16 AM
    To: Ryan Creps
    Subject: RE: [Tessitura Technical Forum] SSRS 2008 Security

     

     

    Thanks for the tips Matt.  I have tried going through setting up anonymous access as a pre cursor for maybe setting up my own custom authentication problem.  Wasn’t too successful first time but will have another go soon.  I seem to be hitting problems with the actual compiled authentication dll as the instruction aren’t completely clear.

     

    Might have to think about deploying two SSRS servers as at the moment to get around this problem.  According to the tessitura documentation the SSRS paths can be organisation specific.  So might be possible to deploy SSRS on more than one server.  Will need to test this out though!

     

    Thanks

     

    Nick

     

    From: Tessitura Technical Forum [mailto:forums-technical@tessituranetwork.com] On Behalf Of Matt Winchester
    Sent: 09 September 2011 19:17
    To: Nick Insell
    Subject: Re: [Tessitura Technical Forum] SSRS 2008 Security

     

    Yep, Microsoft has done it again.

    There are a few elaborate options...see this excerpt: http://searchsystemschannel.techtarget.com/feature/SQL-Server-2008-Reporting-Services-for-Internet-deployment

    Also see this: http://blogs.msdn.com/b/jameswu/archive/2008/07/15/anonymous-access-in-sql-rs-2008.aspx

    Or

    1. Create a new user in Windows 2008 server. (i.e. ReportingServices)
    2. Created a classic application pool, and assigned the identity execution to my new ReportingServices account in the server
    3. Associated the ReportingServices credential to a browser role inside the report server (http://localhost/Reports) for the report being rendered inside my asp.net application using the report viewer. (Folders above reports are still locked, so no browsing allowed)
    4. Disabled prompting for report parameters and disabled default values for parameters (can't render report from portal now)
    5. Set default parameter values via the parameter array of my report viewer.
    6. associated ASP.Net application to application pool being ran by my ReportingSevices credentials

    I have actual done something similar in SSRS 2005 but I created a .NET skin because I wanted more robust parameter functionality for one of my reports. However, this method obviously requires more overhead because you need to deploy a report and an application (the skin). Good Luck.

    From: Nick Insell <bounce-nicholasinsell2570@tessituranetwork.com>
    Sent: 9/5/2011 9:50:53 AM

    Hi Guys

    I'm hoping to get some advise from about the Setup of SSRS 2008, especially inside consoritia.

    We have managed to setup SSRS 2008 and it works great in our main company domain but we have hit a bit of stumbling block when getting other untrusted Domains from accessing it.  In 2005 this was simple as we could just setup anonymous access to the reports through IIS.  In 2008 security is no longer handled by IIS and this is causing us a massive headache.

    Has anyone got any suggestions on how to get around this.  I know it is a requriement for version 11 so keen to get setup very soon.

    Thanks

    Nick




    This message was sent automatically to you by www.tessituranetwork.com because you subscribed to the Tessitura Technical Forum. You may reply to this message to post to the Technical forum or visit the site to search, read and post to the forums. In the interest of keeping the forum posts from becoming cluttered, we encourage you to delete previous message text from your reply before sending. Thank you!



    Mae’r ohebiaeth hon at ddefnydd y derbynnydd/derbynyddion bwriadedig yn unig. Os nad chi yw’r derbynnydd/derbynyddion bwriadedig, nodwch fod dosbarthu, copïo neu ddefnyddio’r ohebiaeth hon neu’r wybodaeth ynddi mewn unrhyw ffordd wedi ei wahardd yn gyfangwbl a gall fod yn anghyfreithlon. Os ydych wedi derbyn yr ohebiaeth hon trwy gamgymeriad a fyddech cystal â’i ddychwelyd i’r anfonwr. Yn yr achos hwn byddem yn ddiolchgar pe gallech hefyd anfon yr ohebiaeth at administrator@wmc.org.uk ac yna dileu’r e-bost a dinistrio unrhyw gopïau ohono. Cwmni cyfyngedig dan warrant, cofrestrwyd yng Nghymru a Lloegr. Rhif Cwmni 3221924. Rhif Elusen 1060458. Swyddfa gofrestredig: Plas Bute, Bae Caerdydd, Caerdydd CF10 3AL

    This communication is for the exclusive use of the intended recipient(s). If you are not the intended recipient(s) please note that any form of distribution, copying or use of this communication or the information in it is strictly prohibited and may be unlawful.If you have received this communication in error please return it to the sender. In this event would be grateful if you would also copy the communication to administrator@wmc.org.uk then delete the email and destroy any copies of it. A company limited by guarantee, registered in England and Wales. Company number 3221924. Charity number 1060458. Registered office: Bute Place, Cardiff Bay, Cardiff CF10 5AL




    This message was sent automatically to you by www.tessituranetwork.com because you subscribed to the Tessitura Technical Forum. You may reply to this message to post to the Technical forum or visit the site to search, read and post to the forums. In the interest of keeping the forum posts from becoming cluttered, we encourage you to delete previous message text from your reply before sending. Thank you!