Dear Anyone,
We are trying to create our own custom security extension for rs2005. We are wondering how will then security extension will manage the authenticated users and how will it be mapped to an existing RS2005 group or role?
Thanks,
Joseph
It completely depends on how you write the extension itself.
I'd recommend that you use the forms auth extension as a start: C:\Program Files\Microsoft SQL Server\90\Samples\Reporting Services\Extension Samples\FormsAuthentication Sample
Change the parts of it that handle authentication, and then leave the parts alone which do authorization for you.
If you go this route, you will continue to use all the same roles you did before: Browser, Content Manager, etc.
|||How would this dovetail with using Custom roles within the custom authentication database?
I've already implemented a version of the custom authentication extension and have the basic SSRS Forms auth working.
For example, users of my application log in with a companycode and would be put into one or many custom application roles that would ostensibly control the visibility of various folders and reports (you can imagine the various scenarios). Would I have to intercept the ASP.NET authentication pipeline and insert a custom Principal/Identity into the HTTP context? Would SSRS use the "User.IsInRole" construct to determine if the user is in a role that can "see" the restricted SSRS objects?
Just in case I confused anyone...I want to be able to add application-domain roles to the SSRS built-in (and possibly custom) roles and use those to restrict visibility to the SSRS objects.
Thanks,
Matthew Belk
|||Did you ever find an answer to this question? We're wanting to do the same thing (use roles from our custom application DB).|||You can do this by assigning security within RS using the role names (just like windows groups). To get this to work though you will need to:
1. make your implementation of IAuthenticationExtension.IsValidPrincipalName check against the roles in your custom database
2. Implement IAuthorisationExtension.CheckAccess and in there look up the roles the user belongs to and check the access based on the username and his roles.
A good sample of this is located at:
http://www.devx.com/dotnet/Article/26759 - Part 1
http://www.devx.com/dotnet/Article/27133 - Part 2
Incidentally, I would like to take this further by using the Membership and Role Management Application Services of ASP.NET 2.0 to manage my users and roles.
So far I've been able to get the Forms Authentication working and I've set up the Membership and Role Management features, but when I try to use the 2 together i.e. make my logon.aspx page call Membership.ValidateUser the report server stops working and returns:
An internal error occurred on the report server. See the error log for more details. (rsInternalError) Get Online Help
Object reference not set to an instance of an object.sql
No comments:
Post a Comment