Refer Source: SSRS 2012 Forms Authentication
Single sign on to ssrs reports from wpf application.
Reports would be deployed to Report Server, WPF application can access reports without asking for logon.
Forms authentication set up:
ssrs supports windows authentication mode. To access other domain need forms authentication.
Important:
Make backup copies , before making changes.
<InstallationLocation> is "C:\Program Files\Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services"
Report Server Files Modification:
To modify RSReportServer.config file:
"RSReportServer.config" file can be found in <InstallationLocation>\ReportServer.
1.Locate <AuthenticationType> element, change as mentioned in the source article.
2.Within <Extensions> element, locate <Security> and <Authentication> , change as mentioned in the source article.
3.Locate <UI> element
To modify "RSSrvPolicy.config":
Add a Code group for custom security extension that grants "FullTrust" permission to your extension.
Located in <InstallLocation>\ReportServer directory.
To modify the Web.config file for Report Server :
Located in <InstallLocation>\ReportServer directory.
In ssrs authentication begins when request connect to report server is required also occurs when report server itself want to access application database server or any external data source.
To modify the Web.config file for Report Server :
Located in <InstallLocation>\ReportServer directory.
CREATING USER ACCOUNTS IN DATABASE:
....
Fig1. authentication when SSRS running in native mode.
Client:
Client ->
custom security
Client authentication
SSRS:
SSRS
Windows Integrated Security
User-Supplied Credentials
Stored Credentials
No Credentials ( none attended credential account)
Windows Sql Server Service Account
Reporting Services
Service Authentication
External Data Sources:
External data source authentication
Client Authentication ( Native Mode ):
User activities that require connection to report server
User connect to report server by opening a browser & connects to report manager to view report or manage server properties for report.
User may need to deploy report using BIDS or Server administration using SSMS or to use
command line utility and report rendering using url access.
If a custom application can access the report server using reporting services web service.
Before getting access to report server, it requires "client" to authenticate the user or process
which wants to have access.
Client passes the information to report server using HTTP authentication request.
Report server in turn send the request to windows authentication extension ( which is default ) or custom security extension.
If authentication fails it shows the message 401 access denied to client application.
Windows Authentication Extension:
User need to have a windows account as a local account or a trusted domain user
account and that need to be in report server as an individual account having access to report server or it can be part of a group account that has access to report server.
The client application should support the windows integrated security.
Windows authentication extension supports many types of authentication, SSRS it is
specified in the RSReportServer.config file, under ReportServer in the installation directory.
RSWindowsNegotiate:
If you set up windows service account for the report server to networkservice or
localsystem in the reporting services manager, RSWindowsNegotiate is added to
the the RSReportServer.config file as the default setting.
....refer source
No comments:
Post a Comment