Hi,
We use a cisco point-to-point VPN to allow employees to connect to the
corporate network from their remote computers that are not members of the
corporate Active Directory domain.
When VPN connected from my non-domain member computer, I open the Windows'
"Run" dialog box and type the path of a shared folder on the corporate
network. After a brief delay I get the "Connect to <path>" dialog box that
requests a User name and Password that I would like to use to connect to the
share. I provide suitable credentials, and after another brief delay I am
connected to the share, and I can open documents and copy files to and from
the share (as folder permissions allow).
So far, however, when I write .NET desktop applications that use the
SqlConnection class to connect to SQL Server via domain authentication, I
cannot get an application to connect through the VPN*. Is there any way to
get a database application to pop up a "Connect to <SqlInstance>" dialog box
so that users can provide their domain credentials to get a connection to
SQL Server from a computer that is not a domain member? I'm interested in
both the SQL 2000 and SQL 2005 cases.
* I get "Login failed for user ''. The user is not associated with a trusted
SQL Server connection..."
Thank you,
Daniel Jameson
SQL Server DBA
Children's Oncology Group
www.childrensoncologygroup.orgHi Daniel,
I understand that when your .NET application tried to connect to your SQL
Server in your coporate domain from a non-domain member computer via VPN,
it failed with the error "Login failed for user ''".
If I have misunderstood, please let me know.
Please check the authentication mode of your SQL Server in Enterprise
Manager or SSMS (SQL Server 2005 Management Studio). If it is Windows
Authentication mode, please change it to Mixed mode and create a SQL login
for the connection of the non-domain computer.
For the client connection string, I recommend that you refer to this
article:
How To: Connect to SQL Server Using SQL Authentication in ASP.NET 2.0
http://msdn2.microsoft.com/en-us/library/ms998300.aspx
Hope this helps. If you have any other questions or concerns, please feel
free to let me know.
Have a good day!
Best regards,
Charles Wang
Microsoft Online Community Support
========================================
=============
Get notification to my posts through email? Please refer to:
http://msdn.microsoft.com/subscript...ault.aspx#notif
ications
If you are using Outlook Express, please make sure you clear the check box
"Tools/Options/Read: Get 300 headers at a time" to see your reply promptly.
Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscript...t/default.aspx.
========================================
==============
When responding to posts, please "Reply to Group" via
your newsreader so that others may learn and benefit
from this issue.
========================================
==============
This posting is provided "AS IS" with no warranties, and confers no rights.
========================================
==============|||"Daniel Jameson" <danjam47@.newsgroup.nospam> wrote in message
news:%23d5h3kFqHHA.196@.TK2MSFTNGP05.phx.gbl...
> Hi,
> We use a cisco point-to-point VPN to allow employees to connect to the
> corporate network from their remote computers that are not members of the
> corporate Active Directory domain.
> When VPN connected from my non-domain member computer, I open the Windows'
> "Run" dialog box and type the path of a shared folder on the corporate
> network. After a brief delay I get the "Connect to <path>" dialog box
> that requests a User name and Password that I would like to use to connect
> to the share. I provide suitable credentials, and after another brief
> delay I am connected to the share, and I can open documents and copy files
> to and from the share (as folder permissions allow).
> So far, however, when I write .NET desktop applications that use the
> SqlConnection class to connect to SQL Server via domain authentication, I
> cannot get an application to connect through the VPN*. Is there any way
> to get a database application to pop up a "Connect to <SqlInstance>"
> dialog box so that users can provide their domain credentials to get a
> connection to SQL Server from a computer that is not a domain member? I'm
> interested in both the SQL 2000 and SQL 2005 cases.
Try using Run As to execute the app, with the right-click->Run As... menu,
or by creating a shortcut to the EXE and setting the "Run with different
credentials" checkbox (properties->shortcut [tab]->Advanced [button]
.) The
former is a one-off way to do it; the latter causes a login prompt when the
shortcut is used to run the app.
When prompted, specify domain credentials (in domain\user, or user@.domain
format) for the impersonation context. If that works, a Win32 app could
call LoginAsUser to internally provide a seamless login facility... not sure
what the .net equivilent is -- but if the Run As login prompt is adequate,
it's a moot point.
-Mark
> * I get "Login failed for user ''. The user is not associated with a
> trusted SQL Server connection..."
> --
> Thank you,
> Daniel Jameson
> SQL Server DBA
> Children's Oncology Group
> www.childrensoncologygroup.org
>
>
>|||Hi Daniel,
I am interested in this issue. Would you mind letting me know the result of
the suggestions? If you need further assistance, feel free to let me know.
I am very glad to work with you for further research.
Charles Wang
Microsoft Online Community Support
========================================
==============
When responding to posts, please "Reply to Group" via
your newsreader so that others may learn and benefit
from this issue.
========================================
==============
This posting is provided "AS IS" with no warranties, and confers no rights.
========================================
==============|||Charles,
Thank you. We are currently using an encrypted connection string approach
similar to that described in your MSDN reference. I was hoping to get
around having to maintain those SQL Server logins and the user ambiguity
that comes with using a common login for all users.
Thank you,
Daniel Jameson
SQL Server DBA
Children's Oncology Group
www.childrensoncologygroup.org
"Charles Wang[MSFT]" <changliw@.online.microsoft.com> wrote in message
news:FCq36SQrHHA.2300@.TK2MSFTNGHUB02.phx.gbl...
> Hi Daniel,
> I am interested in this issue. Would you mind letting me know the result
> of
> the suggestions? If you need further assistance, feel free to let me know.
> I am very glad to work with you for further research.
> Charles Wang
> Microsoft Online Community Support
> ========================================
==============
> When responding to posts, please "Reply to Group" via
> your newsreader so that others may learn and benefit
> from this issue.
> ========================================
==============
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
> ========================================
==============
>|||Hi Daniel,
Did you mean that you wanted to have each of your desktop .NET application
impersonating a different user which could be used for SQL login?
If so, I recommend that you refer to this KB article for adding the
impersonation code:
How to implement impersonation in an ASP.NET application
(Impersonate a Specific User in Code)
http://support.microsoft.com/kb/306158
Hope this helps. Please feel free to let me know if you have any other
questions or concerns.
Have a nice day!
Best regards,
Charles Wang
Microsoft Online Community Support
========================================
=============
Get notification to my posts through email? Please refer to:
http://msdn.microsoft.com/subscript...ault.aspx#notif
ications
If you are using Outlook Express, please make sure you clear the check box
"Tools/Options/Read: Get 300 headers at a time" to see your reply promptly.
Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscript...t/default.aspx.
========================================
==============
When responding to posts, please "Reply to Group" via
your newsreader so that others may learn and benefit
from this issue.
========================================
==============
This posting is provided "AS IS" with no warranties, and confers no rights.
========================================
==============|||Hi Daniel,
What is everything going on? If you have any questions or concerns, please
feel free to post back.
Best regards,
Charles Wang
Microsoft Online Community Support
========================================
=============
Get notification to my posts through email? Please refer to:
http://msdn.microsoft.com/subscript...ault.aspx#notif
ications
If you are using Outlook Express, please make sure you clear the check box
"Tools/Options/Read: Get 300 headers at a time" to see your reply promptly.
Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscript...t/default.aspx.
========================================
==============
When responding to posts, please "Reply to Group" via
your newsreader so that others may learn and benefit
from this issue.
========================================
==============
This posting is provided "AS IS" with no warranties, and confers no rights.
========================================
==============
Showing posts with label domain. Show all posts
Showing posts with label domain. Show all posts
Sunday, February 19, 2012
Tuesday, February 14, 2012
Cross Domain Windows Endpoint Authentication?
Hi There
I have service broker working 100% with an initiator - forwarder - target, all in the same domain using windows authentication on the endpoints, for all instances' the sql server service run under the same domain account, which in turn is granted connect on the various endpoints. This all works 100%
However i have a scenario where the initiator will be in a different trusted domain.
I need to know if i am correct in thinking that the initiator sql server servcie account can run under DomainA\sqlservice, the target instance sql server servcie can run under DomainB\sqlservice, then on the forwarder i simply grant connect on the forwarder endpoint to both DomainA\sqlservice and DomainB\sqlservice.
Is this correct, will this work?
Thanx
The initiator and acceptor both authenticate each other. There have to be a mutual trust relationship between domainA and domainB. Often this is not possible in practice, this is when certificate based authentication can be used instead as an alternative. Note that an endpoint can support both types of authentications simultaneously.
HTH,
~ Remus
Hi Remus
Thank you for the response.
So the forwarder simply forwards the message and credentials between initiator and target, correct?
The fact that the forwarder can connect to either does not resolve the matter?
Thanx
|||The forwarder forwards messages and messages have all the necessary means to authenticate services using certificates (the service owner and remote service binding stuff). No windows authnetication is required, nor possible, at the message level, so no real Windows credential forwarding occurs (in the terms of Kerberos delegation and such).
The endpoint authentication (the GRANT CONNECT ON ENDPOINT::... and SQL Service account stuff) refers to allowing two processes (SQL Server) to authenticate each other in order to exchange messages. This can be Windows or certificate based (to be precise, is TLS as provided by schannel SSPI)
So if a forwarder F (in DomainF) sits between two machines A (in DomainA) and B (in DomainB) then the forwarder has to be able to connect to both A and B, it can use Windows or Certificate based authentication for either of these connections. So, if Windows authentication is used, DomainA and DomainF must have a trust relationship and DomainF and DomainB must also have a trust relationship. However, absolutely no requirement exists between DomainA and DomainB directly, since A and B never directly connect. The only 'authentication' between A and B happens only at the higher level of the SSB services and is always based on certificates.
BTW, to be absolutely accurate (and just to complicate things in case were too easy to understand), when a SQL Server SSB in DomainA whishes to connect to a SQL Server instance in DomainB (and viceversa) mututal trust is not required, one way trust is enough. But if one way trust is used (say DomainB trusts DomainA but not viceversa) the SQL Server instance in the untrusted domain (DomainB in our case) must be installed to run as an user in the trusted domain (DomainA\user)
HTH,
~ Remus
Hi Remus
Thank You for the reply.
I must admit though i am a bit more lost.
Either way i cannot even get the first thing to work. We have Domain A and Domain B, i 1 way trust relationship exists between DOmainA and DomainB, that is DomainB trusts DomainA.
BUT, if you go onto the sql server instance in DomainB, i can go to Users ANd groups and add a DomainA user, so the instance in DomainB can authenticate DomainB accounts, HOWEVER when i go into sql server management studio and create a new login, DomainA\user , it says that it cannot find sucha user or group, i can click the search by the login name navigate to domainA and find the user but when i click ok i get the same error message, so i really dont know whats going on, since at a windows level i can add DomainA users but not in sql server?
So obviously there ar emore issues than simply this.
Just to clarify the scenario is as follows.
Initiator - DomainA
Forwarder DomainB
Target DomainB
- 1 way trust relationship between DomainA - DomainB, DomainB trusts DomainA.
Intiator sql service account runs under DomainB user, i want to make the forwarder service account run under a Domain B account but like i said i cannot add the login in sql server even though i can add the user ont he server innormal windows?
ANyway thanx for the help , this is a serious issue, i think we may open a microsoft case to resolve it today, or move a bunch of servers to the other domain, either way lots of fun awaits.
Cheers
|||What happens is that the SQL Server process running in DomainB cannot authenticate itself with DomainA to interogate the Active Directory (because its service account is in DomaniB and DomainA does not trust it). Open a query window to the SQL instance in DomainB and run this statement:
EXECUTE AS USER = 'DomainA\SomeUserName';
It will give an error with an OS error code, that code is the explanation why you cannot create users of DomainA on the instance on DomainB.
One way would be, as I mentioned above, to run the instance in DomainB (say the Forwarder) as an user in DomainA (that, specify the service account). But once you do this, you will ot be able to authenticate the Forwarder with the Target (for the same reasons). If you cannot establish mutual trust your only way out is certificate based authentication between Initiator and Forwarder.
HTH,
~ Remus
Cross Domain report authentication
Hi all,
I have a reporting server(with reports) on "domain1". and the users who
login into web applications which is on a different domain say
"domain2" to access the reports.
I used to have a url access to the reporting server. but when the user
tries to generate a report it ask for authentication (the login dialog
window ). As the user is not on the same domain as the reports server I
created a user on the reports server machine and passed on the user
name and password, so that users can login with that id/password. It
worked fine but with the login dialog window popping up.
Now they want to get rid of the pop up login dialog window.
I looked at some books and tried to use a web service instead of a url
access to run reports. but it throws me some soap exception.
Exception below:
--
System.Web.Services.Protocols.SoapException: The requested
functionality is currently not supported -->
Microsoft.ReportingServices.Diagnostics.Utilities.NotYetSupportedException:
The requested functionality is currently not supported at
Microsoft.ReportingServices.Library.Soap.ParameterValue.ThisArrayToNameValueCollection(ParameterValue[]
parameters) at
Microsoft.ReportingServices.WebServer.ReportingService.Render(String
Report, String Format, String HistoryID, String DeviceInfo,
ParameterValue[] Parameters, DataSourceCredentials[] Credentials,
String ShowHideToggle, Byte[]& Result, String& Encoding, String&
MimeType, ParameterValue[]& ParametersUsed, Warning[]& Warnings,
String[]& StreamIds) -- End of inner exception stack trace -- at
Microsoft.ReportingServices.WebServer.ReportingService.Render(String
Report, String Format, String HistoryID, String DeviceInfo,
ParameterValue[] Parameters, DataSourceCredentials[] Credentials,
String ShowHideToggle, Byte[]& Result, String& Encoding, String&
MimeType, ParameterValue[]& ParametersUsed, Warning[]& Warnings,
String[]& StreamIds)
---
I have tried changing the settings on the IIS for the reportserver but
of no use.
I was thinking if I had to implement Custom Secuirty Extenstions.
Do I have to do that'
I am trying to figure out how easy would that be to do.
Can anyone guide me step by step procedure to get wat I am trying to
achieve. I just dont need the login dialog window to come up and need
to pre authenticate the user whenever he logs into the web application
some way.
Any code snippets/helpful links or insight on how to workaround this
problem will be greatly appreciated.
Thanks a lot in advance.
Klayan.Can anyone Help me here please...I need this very badly.
Thanks,
Kalyan.|||I am also trying to use the method LogonUser to authenticate the user
but it gives me an
Error: "The request failed with HTTP status 403: Forbidden." message. I
checked the permission on all the folders, they have read/write, and
also IIS authentication set to "enabled anonymous access".
I am not able to figure out how else to preauthenticate the reporting
server..
Please Help.
Thank you|||Kalyan wrote:
> Hi all,
> I have a reporting server(with reports) on "domain1". and the users who
> login into web applications which is on a different domain say
> "domain2" to access the reports.
> I used to have a url access to the reporting server. but when the user
> tries to generate a report it ask for authentication (the login dialog
> window ). As the user is not on the same domain as the reports server I
> created a user on the reports server machine and passed on the user
> name and password, so that users can login with that id/password. It
> worked fine but with the login dialog window popping up.
> Now they want to get rid of the pop up login dialog window.
> I looked at some books and tried to use a web service instead of a url
> access to run reports. but it throws me some soap exception.
> Exception below:
> --
> System.Web.Services.Protocols.SoapException: The requested
> functionality is currently not supported -->
> Microsoft.ReportingServices.Diagnostics.Utilities.NotYetSupportedException:
> The requested functionality is currently not supported at
> Microsoft.ReportingServices.Library.Soap.ParameterValue.ThisArrayToNameValueCollection(ParameterValue[]
> parameters) at
> Microsoft.ReportingServices.WebServer.ReportingService.Render(String
> Report, String Format, String HistoryID, String DeviceInfo,
> ParameterValue[] Parameters, DataSourceCredentials[] Credentials,
> String ShowHideToggle, Byte[]& Result, String& Encoding, String&
> MimeType, ParameterValue[]& ParametersUsed, Warning[]& Warnings,
> String[]& StreamIds) -- End of inner exception stack trace -- at
> Microsoft.ReportingServices.WebServer.ReportingService.Render(String
> Report, String Format, String HistoryID, String DeviceInfo,
> ParameterValue[] Parameters, DataSourceCredentials[] Credentials,
> String ShowHideToggle, Byte[]& Result, String& Encoding, String&
> MimeType, ParameterValue[]& ParametersUsed, Warning[]& Warnings,
> String[]& StreamIds)
> ---
> I have tried changing the settings on the IIS for the reportserver but
> of no use.
> I was thinking if I had to implement Custom Secuirty Extenstions.
> Do I have to do that'
> I am trying to figure out how easy would that be to do.
> Can anyone guide me step by step procedure to get wat I am trying to
> achieve. I just dont need the login dialog window to come up and need
> to pre authenticate the user whenever he logs into the web application
> some way.
> Any code snippets/helpful links or insight on how to workaround this
> problem will be greatly appreciated.
> Thanks a lot in advance.
> Klayan.
>
You may implement custom authentication if you want to get rid of
windows one at all.
I tryed few ways:
1) using windows account as a type of transport to identify real person
mapped onto it. (then you need some kind of lookup mechanism to
impersonate windows user on server side)
2) using IP dinamically mapped to some kind of authority.
this may sound unsecure, but works excellent in certain environments
(for small intranets with unique IPs and proxy forbidden).
I used second approach with Domino server particularly,where notes user
IP being used to identify person on RS side.No bloody popups,-no nothing :)|||Hey Pisla,
Thanks a lot for the insight.
Can you tell me how to do the step 2 you have mentioned. I am really
clueless of wat you are talking.
Like your step 1, I tried to pass the windows credentials in the
LogonUser method ...hardcoded them ...but still it doesnt authenticate
the cookie on the rs server.
I very badly need to get this popup thing go.HELP.
Thanks a lot,
Kalyan.|||Kalyan wrote:
> Hey Pisla,
> Thanks a lot for the insight.
> Can you tell me how to do the step 2 you have mentioned. I am really
> clueless of wat you are talking.
> Like your step 1, I tried to pass the windows credentials in the
> LogonUser method ...hardcoded them ...but still it doesnt authenticate
> the cookie on the rs server.
> I very badly need to get this popup thing go.HELP.
> Thanks a lot,
> Kalyan.
>
Kalyan, we're about to sell this solution so i'm afraid i may not just
give it to you for free.
You may play thou with custom authentication example to implement the
same stuff.|||Hi Pisla,
Can you tell me when you will be ready with the solution.
May be I can buy it from you guys. I have given up on the problem.
Its driving me crazy..
Please let me know if I can buy the solution and also the price.
Thanks a lot for the Help.
Kalyan.|||Kalyan,
I presume you are using SQL 2000 RS. By default the SQLRS supports only
windows authentication so you woudn't be able to display the reports outside
your domain using ReportViewer control which internally uses URL invocation
mechanism.
To get rid of this, you need to use Reporting Services Web Service which is
provided as part of SQL2000 RS installation. Just create a proxy and request
the type of format you want by creating a Network Crenditials class of your
choice of user. The render method call will return you the byte array, which
you can write to response object or whatever you need to do with that. The
flip side of it is you need to code for all the pagination, formatting using
webservice calls. So more programming.
Thanks,
Live_Love_Laugh
"Kalyan" wrote:
> Hi Pisla,
> Can you tell me when you will be ready with the solution.
> May be I can buy it from you guys. I have given up on the problem.
> Its driving me crazy..
> Please let me know if I can buy the solution and also the price.
> Thanks a lot for the Help.
> Kalyan.
>
I have a reporting server(with reports) on "domain1". and the users who
login into web applications which is on a different domain say
"domain2" to access the reports.
I used to have a url access to the reporting server. but when the user
tries to generate a report it ask for authentication (the login dialog
window ). As the user is not on the same domain as the reports server I
created a user on the reports server machine and passed on the user
name and password, so that users can login with that id/password. It
worked fine but with the login dialog window popping up.
Now they want to get rid of the pop up login dialog window.
I looked at some books and tried to use a web service instead of a url
access to run reports. but it throws me some soap exception.
Exception below:
--
System.Web.Services.Protocols.SoapException: The requested
functionality is currently not supported -->
Microsoft.ReportingServices.Diagnostics.Utilities.NotYetSupportedException:
The requested functionality is currently not supported at
Microsoft.ReportingServices.Library.Soap.ParameterValue.ThisArrayToNameValueCollection(ParameterValue[]
parameters) at
Microsoft.ReportingServices.WebServer.ReportingService.Render(String
Report, String Format, String HistoryID, String DeviceInfo,
ParameterValue[] Parameters, DataSourceCredentials[] Credentials,
String ShowHideToggle, Byte[]& Result, String& Encoding, String&
MimeType, ParameterValue[]& ParametersUsed, Warning[]& Warnings,
String[]& StreamIds) -- End of inner exception stack trace -- at
Microsoft.ReportingServices.WebServer.ReportingService.Render(String
Report, String Format, String HistoryID, String DeviceInfo,
ParameterValue[] Parameters, DataSourceCredentials[] Credentials,
String ShowHideToggle, Byte[]& Result, String& Encoding, String&
MimeType, ParameterValue[]& ParametersUsed, Warning[]& Warnings,
String[]& StreamIds)
---
I have tried changing the settings on the IIS for the reportserver but
of no use.
I was thinking if I had to implement Custom Secuirty Extenstions.
Do I have to do that'
I am trying to figure out how easy would that be to do.
Can anyone guide me step by step procedure to get wat I am trying to
achieve. I just dont need the login dialog window to come up and need
to pre authenticate the user whenever he logs into the web application
some way.
Any code snippets/helpful links or insight on how to workaround this
problem will be greatly appreciated.
Thanks a lot in advance.
Klayan.Can anyone Help me here please...I need this very badly.
Thanks,
Kalyan.|||I am also trying to use the method LogonUser to authenticate the user
but it gives me an
Error: "The request failed with HTTP status 403: Forbidden." message. I
checked the permission on all the folders, they have read/write, and
also IIS authentication set to "enabled anonymous access".
I am not able to figure out how else to preauthenticate the reporting
server..
Please Help.
Thank you|||Kalyan wrote:
> Hi all,
> I have a reporting server(with reports) on "domain1". and the users who
> login into web applications which is on a different domain say
> "domain2" to access the reports.
> I used to have a url access to the reporting server. but when the user
> tries to generate a report it ask for authentication (the login dialog
> window ). As the user is not on the same domain as the reports server I
> created a user on the reports server machine and passed on the user
> name and password, so that users can login with that id/password. It
> worked fine but with the login dialog window popping up.
> Now they want to get rid of the pop up login dialog window.
> I looked at some books and tried to use a web service instead of a url
> access to run reports. but it throws me some soap exception.
> Exception below:
> --
> System.Web.Services.Protocols.SoapException: The requested
> functionality is currently not supported -->
> Microsoft.ReportingServices.Diagnostics.Utilities.NotYetSupportedException:
> The requested functionality is currently not supported at
> Microsoft.ReportingServices.Library.Soap.ParameterValue.ThisArrayToNameValueCollection(ParameterValue[]
> parameters) at
> Microsoft.ReportingServices.WebServer.ReportingService.Render(String
> Report, String Format, String HistoryID, String DeviceInfo,
> ParameterValue[] Parameters, DataSourceCredentials[] Credentials,
> String ShowHideToggle, Byte[]& Result, String& Encoding, String&
> MimeType, ParameterValue[]& ParametersUsed, Warning[]& Warnings,
> String[]& StreamIds) -- End of inner exception stack trace -- at
> Microsoft.ReportingServices.WebServer.ReportingService.Render(String
> Report, String Format, String HistoryID, String DeviceInfo,
> ParameterValue[] Parameters, DataSourceCredentials[] Credentials,
> String ShowHideToggle, Byte[]& Result, String& Encoding, String&
> MimeType, ParameterValue[]& ParametersUsed, Warning[]& Warnings,
> String[]& StreamIds)
> ---
> I have tried changing the settings on the IIS for the reportserver but
> of no use.
> I was thinking if I had to implement Custom Secuirty Extenstions.
> Do I have to do that'
> I am trying to figure out how easy would that be to do.
> Can anyone guide me step by step procedure to get wat I am trying to
> achieve. I just dont need the login dialog window to come up and need
> to pre authenticate the user whenever he logs into the web application
> some way.
> Any code snippets/helpful links or insight on how to workaround this
> problem will be greatly appreciated.
> Thanks a lot in advance.
> Klayan.
>
You may implement custom authentication if you want to get rid of
windows one at all.
I tryed few ways:
1) using windows account as a type of transport to identify real person
mapped onto it. (then you need some kind of lookup mechanism to
impersonate windows user on server side)
2) using IP dinamically mapped to some kind of authority.
this may sound unsecure, but works excellent in certain environments
(for small intranets with unique IPs and proxy forbidden).
I used second approach with Domino server particularly,where notes user
IP being used to identify person on RS side.No bloody popups,-no nothing :)|||Hey Pisla,
Thanks a lot for the insight.
Can you tell me how to do the step 2 you have mentioned. I am really
clueless of wat you are talking.
Like your step 1, I tried to pass the windows credentials in the
LogonUser method ...hardcoded them ...but still it doesnt authenticate
the cookie on the rs server.
I very badly need to get this popup thing go.HELP.
Thanks a lot,
Kalyan.|||Kalyan wrote:
> Hey Pisla,
> Thanks a lot for the insight.
> Can you tell me how to do the step 2 you have mentioned. I am really
> clueless of wat you are talking.
> Like your step 1, I tried to pass the windows credentials in the
> LogonUser method ...hardcoded them ...but still it doesnt authenticate
> the cookie on the rs server.
> I very badly need to get this popup thing go.HELP.
> Thanks a lot,
> Kalyan.
>
Kalyan, we're about to sell this solution so i'm afraid i may not just
give it to you for free.
You may play thou with custom authentication example to implement the
same stuff.|||Hi Pisla,
Can you tell me when you will be ready with the solution.
May be I can buy it from you guys. I have given up on the problem.
Its driving me crazy..
Please let me know if I can buy the solution and also the price.
Thanks a lot for the Help.
Kalyan.|||Kalyan,
I presume you are using SQL 2000 RS. By default the SQLRS supports only
windows authentication so you woudn't be able to display the reports outside
your domain using ReportViewer control which internally uses URL invocation
mechanism.
To get rid of this, you need to use Reporting Services Web Service which is
provided as part of SQL2000 RS installation. Just create a proxy and request
the type of format you want by creating a Network Crenditials class of your
choice of user. The render method call will return you the byte array, which
you can write to response object or whatever you need to do with that. The
flip side of it is you need to code for all the pagination, formatting using
webservice calls. So more programming.
Thanks,
Live_Love_Laugh
"Kalyan" wrote:
> Hi Pisla,
> Can you tell me when you will be ready with the solution.
> May be I can buy it from you guys. I have given up on the problem.
> Its driving me crazy..
> Please let me know if I can buy the solution and also the price.
> Thanks a lot for the Help.
> Kalyan.
>
Cross Domain replication using non-static subscriber end points.
in viewing the demo about Sql Server 2005 Express Edition (SS2K5EE). One of the frames states "With SQL Server Express, you can now host information on a server and multiple users can easily access your data." My question is IF I have SQL SERVER 2005 Standard Edition (SS2K5SE) servicing subscribers SS2K5EEs Does the new achitecture between SS2K5SE and SS2K5EE support cross domain replication? I see that SS2K5EE only supports subscription replication. Can the express editions exist on stand alone computers where they are separated from SS2K5SE by the internet?
If installations of my application (each uses a SS2K5EE) are each on a computer on the internet (not static IPs) can each update itself via subsciption replication to the SS2K5SE without me having to write the plumbing code that gets the information to and from the SS2K5SE? (((Such as web service call with a big xml payload that represents data to the SS2K5SE and a whole messaging infrastructure that accomplishes inserts updates deletes, etc. )
If this is possible now with the new products can someone point to any white paper(s) that detail the how to?
I think web sync merge replication may fit into your scenario. Please refer to Books On line,
ms-help://MS.SQLCC.v9/MS.SQLSVR.v9.en/rpldata9/html/21f8e4d4-cd07-4856-98f0-9c9890ebbc82.htm
Cross Domain access
Hello,
I need to allow user outside the domain to access reporting services reports.
Can you please let me know how I need to configure reporting Services for
this? and what user accounts should be set up?
thank you
--
Message posted via SQLMonster.com
http://www.sqlmonster.com/Uwe/Forums.aspx/sql-server-reporting/200510/1tarana h via SQLMonster.com wrote:
> Hello,
> I need to allow user outside the domain to access reporting services reports.
> Can you please let me know how I need to configure reporting Services for
> this? and what user accounts should be set up?
> thank you
>
the only way i guess is to extend RS with custom authentication extension.
I need to allow user outside the domain to access reporting services reports.
Can you please let me know how I need to configure reporting Services for
this? and what user accounts should be set up?
thank you
--
Message posted via SQLMonster.com
http://www.sqlmonster.com/Uwe/Forums.aspx/sql-server-reporting/200510/1tarana h via SQLMonster.com wrote:
> Hello,
> I need to allow user outside the domain to access reporting services reports.
> Can you please let me know how I need to configure reporting Services for
> this? and what user accounts should be set up?
> thank you
>
the only way i guess is to extend RS with custom authentication extension.
Subscribe to:
Posts (Atom)