My PC is in the domain group of SQL Server 2005 Reporting Service, so I can publish the reports. After the reports were published, I can viw the reports from ASP.NET application on the web server, but everyone else was prompted for login. Only my login can view the reports. What can I do to let others to open the reports with the same web application? Thanks.
DanYeung
Have you tried allowing anonomous access to the reports?
If you go this route, you probably will want to create a secured login page in your .NET application.
Dear dany,
Could you mention the path to which reports are being published.
Check this kb article to see if it helps.
HTH,
Suprotim Agarwal
Thanks for the responds.
(1) If I enter "Machinename\ASPNET", will it allow only that machine to access without prompting login?
(2) The Microsoft link Suprotim Agarwal provided is for SQL Server 2000. I am using SQL Server 2005 Reporting Service.
Thanks again.
DanYeung
danyeungw wrote:
(1) If I enter "Machinename\ASPNET", will it allow only that machine to access without prompting login?
You do that on the server. It is somewhat of a "web access" user.
Can I pass the user id and password to the report server when I run the report? It so, how do I pass the info and how the report server receives the info? Thanks.
DanYeung
Dear dan,
Create a class that implements IReportServerCredentials and overload the methods. Check this post.
In C# the code given by CodeSalad would look like this :
using
Microsoft.Reporting.WebForms;using
System.Net;public
class ReportServerCredentials : IReportServerCredentials{
private string _userName;
private string _password;
private string _domain;
public ReportServerCredentials(string userName, string password, string domain)
{
_userName = userName;
_password = password;
_domain = domain;
}
public System.Security.Principal.WindowsIdentity ImpersonationUser
{
get
{
return null;
}
}
public ICredentials NetworkCredentials
{
get
{
return new NetworkCredential(_userName, _password, _domain);
}
}
public bool GetFormsCredentials(ref System.Net.Cookie authCookie, ref string userName, ref string password, ref string authority)
{
userName = _userName;
password = _password;
authority = _domain;
return false;
}
}
HTH,
Suprotim Agarwal
prompting. Here (http://www.microsoft.com/downloads/details.aspx?FamilyId=E90FE777-4A21-4066-BD22-B931F7572E9A&displaylang=en) is a link to Access Control Diagnostics 1.0, a tool that will help you troubleshoot the credential prompting.
Next, to allow other users to view reports that you publish, go to http://<server name>/Reports and click on the [Properties] tab. Now click [New Role Assignment] and add BUILTIN\Users as the Group or user name: and check the box beside Browser and click [OK]. You have just granted browse (run) rights to any authenticated user.
Good luck! Please let us know how it turns out.
Larry Smithmier
Hmm... code that passes around usernames and passwords...
I wouldn't recommend this approach. Any code that does this (no matter how well written) is a red flag for trouble. And certainly do NOT permit annonymous access to reporting services if you can avoid it.
Here's what I do. First, I setup my reports on reporting services the way I want them to look and all. When I'm happy with that I then setup my web app to run within a security context that is restricted to accessing those reports. I use the report viewer control on a web form to pass it through ASP.NET. This is for an Internet-facing deployment.
On a corporate Intranet you should be able to setup access to reports by assigning them to the appropriate groups/users. I tend to avoid using things like BUILTIN\Users since I have no clue who that could be.
Doesn't Group\Users still need to add each user who access the report? I am looking for creating a generic user for all users. Please advise.
DanYeung
BUILTIN\Users is all authenticated users. It is the least restrictive short of changing the site to use anonymous access rather than Windows Integrated. If you want to fully open the reports, with no limits on who views them, change your site to use anonymous access. If you want to keep the list down to domain users, keep the authentication method Windows Integrated and add BUILTIN\Users to the authorization list.
Larry Smithmier
An aditional note of clarification, if you use anonymous access by setting the account to Machinename\ASPNET, you will need to add authorization for Machinename\ASPNET to view the reports.
Larry Smithmier
