Custom Authorization user confusion

hi,
I have read a lot of other posts here about using custom Forms
Authentication, but am still having trouble comprending some points. I
understand the custom authentication piece (LogonUser) and understand how
CheckAccess() works.
Its setting up users that confuses me. Do users have to be defined and
assigned roles with ReportManager? (My users are defined in a custom
database)
If I don't use ReportManager, how can I (programmatically) create users
dynamically and associate these users with a newly defined role? I know I
can use the CreateRole() method for to define a new role - just don't see any
methods that deal with users.
I assume there has to be a way because (again another assumption) I think
ReportManager uses the same interfaces available to me (through the
ReportingService class).
Thanks,
Matt> Its setting up users that confuses me. Do users have to be defined and
> assigned roles with ReportManager? (My users are defined in a custom
> database)
The users can be defined in any datastore. In this case, it's your
database.
> If I don't use ReportManager, how can I (programmatically) create users
> dynamically and associate these users with a newly defined role?
You develop some process to create users. ReportManager doesn't create
users. For example, your application may have a Manage Users screen.
Using Forms Auth you can assign roles to users. For example, the below
function takes a username (valid user from your data store) and a
Report Server folder. Then it assigns the user the Browser role. So if a
valid user in your database is 'TestUser' and you want to add 'TestUser' as
a Browser to 'TestFolder'...
AddUserToFolderPolicy("TestFolder", "TestUser", ref string errMessage)
private bool AddUserToFolderPolicy(string folder, string user, ref string
errMessage)
{
try
{
//Get the Browser role
Role[]roles = m_ReportingService.ListRoles();
Role browserRole = new Role();
foreach (Role r in roles)
{
if (r.Name == "Browser") browserRole = r;
break;
}
Role[] policyRoles = new Role[1];
policyRoles[0] = new Role();
policyRoles[0] =browserRole;
//Get the current policies of the folder in question
string path = "/" + folder;
bool inheritParent = false;
Policy[] currentPolicies = m_ReportingService.GetPolicies(path, out
inheritParent);
//If the user is currently in the current policy set just return
for(int i=0;i<currentPolicies.Length;i++)
if(currentPolicies[i].GroupUserName == user)
return true;
//Create the new policy array and add the new user
ArrayList arrPolicies = new ArrayList(currentPolicies);
Policy p = new Policy();
p.GroupUserName = user;
p.Roles = policyRoles;
arrPolicies.Add(p);
Policy[] finalPolicies = (Policy[])arrPolicies.ToArray(typeof(Policy));
//Set the policies
m_ReportingService.SetPolicies(path,finalPolicies);
}
catch (Exception e)
{
errMessage = e.Message;
return false;
}
return true;
}
HTH|||Yes, this helps - so I can set access to folders by using the SetPolicies()
method. This makes sense now. The user doesn't already have to be defined
in ReportManager, it can be any name (that makes sense - in this case a name
from my user database). And you're right about the ReportManager - I went
back and now I see it works in exactly the same way. This was the missing
piece for me.
I assume I can follow the same procedure for individual reports (and linked
reports) - I just have to specify the full path to the report.
Thanks for your help.
Matt
"FNDS" wrote:
>
> > Its setting up users that confuses me. Do users have to be defined and
> > assigned roles with ReportManager? (My users are defined in a custom
> > database)
> The users can be defined in any datastore. In this case, it's your
> database.
> >
> > If I don't use ReportManager, how can I (programmatically) create users
> > dynamically and associate these users with a newly defined role?
> You develop some process to create users. ReportManager doesn't create
> users. For example, your application may have a Manage Users screen.
> Using Forms Auth you can assign roles to users. For example, the below
> function takes a username (valid user from your data store) and a
> Report Server folder. Then it assigns the user the Browser role. So if a
> valid user in your database is 'TestUser' and you want to add 'TestUser' as
> a Browser to 'TestFolder'...
> AddUserToFolderPolicy("TestFolder", "TestUser", ref string errMessage)
>
> private bool AddUserToFolderPolicy(string folder, string user, ref string
> errMessage)
> {
> try
> {
> //Get the Browser role
> Role[]roles = m_ReportingService.ListRoles();
> Role browserRole = new Role();
> foreach (Role r in roles)
> {
> if (r.Name == "Browser") browserRole = r;
> break;
> }
> Role[] policyRoles = new Role[1];
> policyRoles[0] = new Role();
> policyRoles[0] =browserRole;
> //Get the current policies of the folder in question
> string path = "/" + folder;
> bool inheritParent = false;
> Policy[] currentPolicies = m_ReportingService.GetPolicies(path, out
> inheritParent);
> //If the user is currently in the current policy set just return
> for(int i=0;i<currentPolicies.Length;i++)
> if(currentPolicies[i].GroupUserName == user)
> return true;
> //Create the new policy array and add the new user
> ArrayList arrPolicies = new ArrayList(currentPolicies);
> Policy p = new Policy();
> p.GroupUserName = user;
> p.Roles = policyRoles;
> arrPolicies.Add(p);
> Policy[] finalPolicies = (Policy[])arrPolicies.ToArray(typeof(Policy));
> //Set the policies
> m_ReportingService.SetPolicies(path,finalPolicies);
> }
> catch (Exception e)
> {
> errMessage = e.Message;
> return false;
> }
> return true;
> }
> HTH
>
>|||There is a vocabulary clarification to make. The roles are merely RS roles
(browser, content manager, etc.) that specify sets of permissions. If you
want to have user groups, for what is commonly called "role-based security",
you need to modify the Forms Authentication sample code to support both
users and groups (in CheckAccess, IsValidPrincipal, etc.), and you maintain
the groups alongside the users in your security database -- completely
outside reporting services. Then, you can assign Forms Auth groups to RS
roles as well, just like you do with Windows Authentication.
--
Cheers,
'(' Jeff A. Stucker
\
Business Intelligence
www.criadvantage.com
---
"mshumaker" <mshumaker@.discussions.microsoft.com> wrote in message
news:772301D2-6836-4219-A40B-23DDFB562A9E@.microsoft.com...
> hi,
> I have read a lot of other posts here about using custom Forms
> Authentication, but am still having trouble comprending some points. I
> understand the custom authentication piece (LogonUser) and understand how
> CheckAccess() works.
> Its setting up users that confuses me. Do users have to be defined and
> assigned roles with ReportManager? (My users are defined in a custom
> database)
> If I don't use ReportManager, how can I (programmatically) create users
> dynamically and associate these users with a newly defined role? I know I
> can use the CreateRole() method for to define a new role - just don't see
> any
> methods that deal with users.
> I assume there has to be a way because (again another assumption) I think
> ReportManager uses the same interfaces available to me (through the
> ReportingService class).
> Thanks,
> Matt
>|||Hi,
Was reading through thiis post. I am trying this out currently. m_ReportingService is the webService right? If so, I am getting an error " ListRoles() take 0 Arguements"!
Am I missing something
From http://www.developmentnow.com/g/115_2005_1_0_0_454650/Custom-Authorization-user-confusion.ht
Posted via DevelopmentNow.com Group
http://www.developmentnow.com