Tuesday, March 20, 2012

Custom Security for Reportserver with some ISAPI Filter in progress

hi,

I am new to report server custom security.

I face the following problem and want to ask if there is a simple way to solve.

we have already running an IS API Filter which handles the authentication for all websites. The fiter is built to secure all websites. It verfies access to URLs and authrize users against an LDAP Directory. Affer the user has authenticated he can connect to the website. The ISAPI Filter sets the LOGONUSER Severvariable so the website can do userspecific filtering.

With the same ISAPI Filter we want to secure report server.

We want to setup roles with usernames to allow or deny specific reports. (this usernames should be validated against the servervariable LOGONUser - by String Comparison).

We do not have any windows authenitcation - and do not need.

The ReportServer User Variable should return this LOGON User to allow report secific data filtering

Is this possible - and explanation how?

Best Regards,

HANNES

Nobody an idea?

I really need to know if its possible or how and a hint in howto.

Is it possible with an custom security extension to reportserver?

Best regards,

HANNES

|||

I gathered some references together for a user in a different forum... here they are:

1. this article will help you think about implementing a custom security extension http://www.devx.com/dotnet/Article/27133

2. this article (on a hosting provider) will show you how you might do it if you don't care much about security <g> http://www.webhost4life.com/kb/question.php?qstId=209 -- seriously, it will give you some perspective on how-all this works

3. here is a short post about why it may not be a great idea to write security extensions using forms authentication (basically, I think this might be your "login user" scenario, not sure, so want to mention it) http://msmvps.com/blogs/anguslogan/archive/2004/10/03/14772.aspx

4. I think there is a sample of doing forms-based authentication here
http://blogs.msdn.com/bimusings/archive/2005/12/05/500195.aspx -- if you
can't find the sample read this blog post
http://weblogs.asp.net/plip/archive/2006/09/21/Microsoft-Documentation-_2D00_-Where-is-the-sample-code_3F00_.aspx

5. here is an article (with source) doing something like what you need
http://www.sqlmag.com/Articles/ArticleID/93830/93830.html

6. here is a good overview of writing extensions for RS from an MS blog -- it's another useful perspective
http://blogs.msdn.com/bryanke/archive/2004/03/16/90797.aspx

Hope this helps,

>L<

No comments:

Post a Comment