User impersonation between asp.net and ssrs - asp.net

I have a web application that has application pool configured using domain account. In SSRS, domain account is given the browser access to the folder and SSRS report is configured with proper credentials.
My question is if SSRS report is launched from the web application, will SSRS report be opened under domain account or my account. Currently, it is giving error message as \ doesn't have sufficient permissions to access the report location.

You just need to set a fixed user in the web config along with the SSRS address. This way you set a default for the site to use instead of depending on the user running the site:
Example from a WPF app but very similar to ASP.NET in code behind.
<Button x:Name="btnGetViewerRemoteData" Content="Remote" Click="ReportViewerRemote_Load"/>
Reference name of element in code behind, ensure you import Namespace for 'Microsoft.Reporting.WinForms' (or ASP.NET equivalent).
private void ResetReportViewer(ProcessingMode mode)
{
this.reportViewer.Clear();
this.reportViewer.LocalReport.DataSources.Clear();
this.reportViewer.ProcessingMode = mode;
}
private ICredentials giveuser(string aUser, string aPassword, string aDomain)
{
return new NetworkCredential(aUser, aPassword, aDomain);
}
private void ReportViewerRemoteWithCred_Load(object sender, EventArgs e)
{
ResetReportViewer(ProcessingMode.Remote);
var user = giveuser("User", "Password", "Domain");
reportViewer.ServerReport.ReportServerCredentials.ImpersonationUser = (System.Security.Principal.WindowsIdentity)user;
;
reportViewer.ServerReport.ReportServerUrl = new Uri(#"http:// (server)/ReportServer");
reportViewer.ServerReport.ReportPath = "/Test/ComboTest";
DataSourceCredentials dsCrendtials = new DataSourceCredentials();
dsCrendtials.Name = "DataSource1";
dsCrendtials.UserId = "User";
dsCrendtials.Password = "Password";
reportViewer.ServerReport.SetDataSourceCredentials(new DataSourceCredentials[] { dsCrendtials });
reportViewer.RefreshReport();
}
I hard coded my example but you can have the server, user and password be in a config file. Although security of password may be a concern so depending on your organization so it may be preferable to hard code it or mask it first.

Related

SharePoint High trust provider hosted app - user impersonation - Site minder

We are using SiteMinder to authenticate user but all we get from site minder is user identity in header:
ASP.NET Authentication with Siteminder
However since we are using high trust provider hosted SharePoint app we have access to tokenHelper.cs but impersonating a user requires System.Security.Principal.WindowsIdentity
My questions are:
How to get WindowsIdentity in this case?
OR
How to extend tokenHelper to impersonate user just with user identity(without windowsIdentity)?
Check this blog by Steve Peschka. I have set up provider hosted app in SiteMinder protected SharePoint 2013 using that blog. To impersonate a user you need to create a ClaimsIdentity of the user and insert it to the HttpContext as current user. Sample code for that below:
var identity = new ClaimsIdentity(AuthenticationTypes.Federation, "http://schemas.xmlsoap.org/claims/useridentifier", String.Empty);
identity.AddClaim(new Claim("http://schemas.xmlsoap.org/claims/useridentifier", userId, "http://www.w3.org/2001/XMLSchema#string"));
identity.AddClaim(new Claim(ClaimTypes.Email, smtp, "http://www.w3.org/2001/XMLSchema#string"));
identity.AddClaim(new Claim("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/sip", nameIdentifier, "http://www.w3.org/2001/XMLSchema#string"));
ClaimsPrincipal principal = new ClaimsPrincipal(identity);
Set this ClaimsPrincipalas the Httpcontext user.
The claim values to be passed are smtp= email of user , nameidentifier=loginname of user , userId= Account name of user
I will explain above scenario with my SP+Siteminder environment.
First of all you cant get the ClientContext of the site which is protected by site-minder.
You can only get clientContext of the site using internal url of site [http://hostname:port/sites/xyz].
To get the currenct user :-
var spContext = SharePointContextProvider.Current.GetSharePointContext(HttpContext);
// We store internal url of webapplication in web.config
string strAdminSiteURL = ConfigurationManager.AppSettings["AdminSiteURL"].ToString();
// We have written one function to convert site-minder url to internal url
string webUrl = Helper.Helper.GetInternalSiteUrl(strAdminSiteURL, spContext.SPHostUrl.ToString());
// Use internal url to create client-context
using (ClientContext clientContext = new ClientContext(webUrl))
{
clientContext.AuthenticationMode = ClientAuthenticationMode.FormsAuthentication;
clientContext.FormsAuthenticationLoginInfo = new FormsAuthenticationLoginInfo(uName, pswd);
Web web = clientContext.Web;
clientContext.Load(web);
clientContext.ExecuteQuery();
// Load SP user from login name found from httpcontext
string currentSPUser = string.Concat("<<FBAIdentity>>", User.Identity.Name);
var currentUser = clientContext.Web.EnsureUser(currentSPUser);
clientContext.Load(currentUser);
clientContext.ExecuteQuery();
}
above code will work fine if authentication mode is FBA and will help you in getting current user.

Angular SPA cannot open remote SSRS report

thanks to all for your time and efforts trying to help me solve this.
Now lets get to it... I have an AngularJS SPA. I would like to provide links on my view page, that when clicked, open a new tab and launch pre-existing SSRS reports in PDF format. Technically what I am trying to do: Render an SSRS report in my Repository, pass that through my WEB API then on to my SPA for display in a new tab.
One important note before I go any further: This setup, method, approach works flawlessly on my local machine within Visual Studio. It's when I move my SPA to a remote Web server (the same server that hosts SSRS) that I have a problem.
My Landscape:
Local Development Machine (Windows 7 Pro, VS2015 Pro)
Server1 (Win Server 2012R2): Hosts IIS (8), SPA, SQL (2014) and SSRS
Server2 (Win Server 2012R2). Hosts SSRS (SQL 2012) source of data (happens to be SSAS cubes, but I don't think that matters).
On My Local Development Machine:
As stated above the solution works fine through Visual Studio. The only part of the solution on my local machine is the SPA. The SSRS and SQL portion are located remotely. I can launch my SPA, click on a link and new tab opens containing the PDF report. I can also make a call directly to the web API and display a PDF report (http://localhost:3040/api/dataservice/ProductivityReportH/)
Problem 1
Browsing to the deployed version of my SPA on Server1, the application displays fine. But, if I click on a report hyperlink I get a the following message:
Do you want to open or save ProductivityReportH/ (3.28KB) from Server1?
No matter what I click (Open, Save, Cancel) nothing happens.
If I try and launch the report directly through the API, I get the same message. There are no errors displayed in the console window. I could find no errors in the Server1 log files.
On Server1: I can display the report via the SSRS report viewer.
Problem 1A
Using a browser on Server1, I can display the application just fine. But, if I click on a report hyperlink I get the same message as Problem 1. If I try to launch the report directly through the web API (http://Server1/projecttracker/api/dataservice/ProductivityReportH/)
on Server1, I get the same message.
Any ideas would be greatly appreciated
My SPA Setup:
View Page:
<div class="view indent">
<div class="container">
<h2>Productivity Reports Method 1</h2>
<a ng-href='#here' ng-click="hproductivityreport()">Launch</a><br>
</div>
My Controller:
(function () {
var ProjectsController = function ($scope, $window) {
$scope.hproductivityreport = function () {
$window.open('api/dataservice/ProductivityReportH/', '_blank');
};
}
ProjectsController.$inject = ['$scope', '$window'];
angular.module('ReportTracker').controller('ProjectsController', ProjectsController)
}());
The WEB API:
using ProjectTracker.Repository;
using System.IO;
using System.Net;
using System.Net.Http;
using System.Net.Http.Headers;
using System.Web;
using System.Web.Http;
namespace ProjectTracker.Model
{
[Authorize]
public class DataServiceController : ApiController
{
IProjectTracker _ProjectTrackerRepository;
public DataServiceController()
: this(null)
{
}
public DataServiceController(IProjectTracker Repo)
{
_ProjectTrackerRepository = Repo ?? new ProjectTrackerRepository ();
}
[HttpGet]
public HttpResponseMessage ProductivityReportH()
{
var result = new HttpResponseMessage(HttpStatusCode.OK);
byte[] bytes = _ProjectTrackerRepository.RenderProductivityReport("Hibble, Norman");
Stream stream = new MemoryStream(bytes);
result.Content = new StreamContent(stream);
result.Content.Headers.ContentType = new MediaTypeHeaderValue("application/pdf");
return result;
}
}
}
The Respository:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Data;
namespace ProjectTracker.Repository
{
public class ProjectTrackerRepository : RepositoryBase<ProjectTrackerContext>, IProjectTracker
{
ProjectTrackerContext _Context;
public ProjectTrackerRepository()
{
_Context = new ProjectTrackerContext();
}
public Byte[] RenderProductivityReport(string _sManager)
{
Server1.ReportExecutionService rs = new Server1.ReportExecutionService();
rs.Credentials = System.Net.CredentialCache.DefaultCredentials;
rs.Url = "http://Server1/reportserver/ReportExecution2005.asmx";
// Render arguments
byte[] result = null;
string reportPath = "/Staff Client Services/StaffProductivity";
string format = "PDF";
string historyID = null;
string devInfo = #"<DeviceInfo><Toolbar>False</Toolbar></DeviceInfo>";
//Create the list of parameters that will be passed to the report
List<Server1.ParameterValue> lstParameterValues = new List<Server1.ParameterValue>();
Server1.ParameterValue aParameter = new Server1.ParameterValue();
aParameter.Name = "SupervisorSupervisorName";
aParameter.Value = "[Supervisor].[Supervisor Name].&[" + _sManager + "]";
lstParameterValues.Add(aParameter);
Server1.ParameterValue bParameter = new Server1.ParameterValue();
bParameter.Name = "PayPeriodPayPeriodYear";
bParameter.Value = "[Pay Period].[Pay Period Year].&[2015]";
lstParameterValues.Add(bParameter);
int index = 0;
Server1.ParameterValue[] parameterValues = new Server1.ParameterValue[lstParameterValues.Count];
foreach (Server1.ParameterValue parameterValue in lstParameterValues)
{
parameterValues[index] = parameterValue;
index++;
}
string encoding;
string mimeType;
string extension;
Server1.Warning[] warnings = null;
string[] streamIDs = null;
Server1.ExecutionInfo execInfo = new Server1.ExecutionInfo();
Server1.ExecutionHeader execHeader = new Server1.ExecutionHeader();
rs.ExecutionHeaderValue = execHeader;
execInfo = rs.LoadReport(reportPath, historyID);
rs.SetExecutionParameters(parameterValues, "en-us");
String SessionId = rs.ExecutionHeaderValue.ExecutionID;
try
{
result = rs.Render(format, devInfo, out extension, out encoding, out mimeType, out warnings, out streamIDs);
execInfo = rs.GetExecutionInfo();
}
catch (Exception e)
{
Exception Errr = e.InnerException;
}
return result;
}
}
}
Finally! For those that are interested...
Found this from nearly two years ago.
AppPool Permission Issue with Accessing Report Server
In particular the comment below:
Almost the same situation here except IIS and Report Server running on Windows Server 2008 R2. I used to have the asp.net application running with it's own application pool and everything worked. When I changed the application to the DefaultAppPool (due to a different problem), I got the permissions problem. I changed the Identity of the DefaultAppPool from ApplicationPoolIdentity to LocalSystem (in IIS, Advanced Settings) and it worked again.
Changed web server default app pool to LocalSystem and wha-la, I am rendering PDF reports from an SSAS cube through my AngularJS SPA.

Limitation on using PrincipalContext & DomainContext, to retrive Active directory users

I have added the following code inside my asp.net mvc web application model class, to retrive the current AD users:-
public List<DomainContext> GetADUsers(string term=null)
{
List<DomainContext> results = new List<DomainContext>();
string ADServerName = System.Web.Configuration.WebConfigurationManager.AppSettings["ADServerName"];
using (var context = new PrincipalContext(ContextType.Domain, ADServerName))
using (var searcher = new PrincipalSearcher(new UserPrincipal(context)))
{
var searchResults = searcher.FindAll();
foreach (Principal p in searchResults)
{
if (term == null || p.SamAccountName.ToString().ToUpper().StartsWith(term.ToUpper()))
{
DomainContext dc = new DomainContext();
dc.DisplayName = p.DisplayName;
dc.UserPrincipalName = p.UserPrincipalName;
dc.Name = p.Name;
dc.SamAccountName = p.SamAccountName ;
dc.DistinguishedName = p.DistinguishedName;
results.Add(dc);
}
}
}
return results;
}
I am now on the development machine , where AD is on the same machine as the asp.net mvc web application runs. And there is no need to provide username or password to access the AD. But I have the following questions about using my above approach on production server :-
Will the same approach work well if the AD and the asp.net mvc (deployed on IIS ) are not on the same machine?
Will I be able to provide username and password to access the active directory?
What are the general requirements I should achieve to be able to allow the Domaincontext class to access AD on remote servers ?
Thanks I advance for any help.
Regards
I think you're asking if you're able to use the same code if the web server is not apart of the Active Directory domain. PrincipalContext does have an overload for username and password to allow for credentials to be used to connect, instead of relying on the machine having enough permissions to read from the directory.
As for permissions, grant as few as possible. I would get your system administrator involved to create a the account. You maybe able to use Service Accounts which were introduced in Windows Server 2008 to allow for the authentication to happen.

How to pass data from Silverlight OOB application to asp.net website?

I created silver-light 4.0 application in that user can enter their username and password.
After submit this secret data(username, password ) from SL application,
it submitted to website with query string..
I want to pass as below URL string
for ex: -
http://testsite.com/mypage.aspx?<encrypted string>
I want to pass username and password in encrypted format from SL to Aspx page..
How I pass those information from SL application to asp.net website..
So you could just use the WebClient class and GET the page.
(I'm assuming your doing asp.net WebForms NOT MVC)
Your asp.net page should be a blank page, in your code behind you read your query string and do what you need with it, depending on success or failure you write the appropriate response with Response.Write();.
In your silverlight code, you will just need to request for your page, and you can then read the response from your asp.net page.
Asp.net:
var encyString = Request.QueryString["str"];
//some logic
Response.Write("Success");
Silverlight:
WebClient client = new WebClient();
client.DownloadStringCompleted +=
new DownloadStringCompletedEventHandler(
client_DownloadStringCompleted);
In Button1_Click, I call DownloadStringAsync, passing the complete URL that includes the number specified by the user.
private void Button1_Click(object sender, RoutedEventArgs e)
{
string encryptedString = "example";
client.DownloadStringAsync
(new Uri("http://testsite.com/mypage.aspx?"+encryptedString));
}
In the DownloadStringCompleted event-handler, I check that the Error property of the event args is null, and either output the response or the error message to the text block.
void client_DownloadStringCompleted(object sender,
DownloadStringCompletedEventArgs e)
{
if (e.Error == null)
resultBlock.Text = "Using WebClient: "+ e.Result;
//will be Response.Write();
else
resultBlock.Text = e.Error.Message;
}
Above code was plagiarized from this blog.
Remember, a sniffer can read your request. You may want to use SSL if you need better security. Possibly a more secure way to send this data would be to POST it to your asp.net page.
This article describes how to POST from silverlight to a page.
HTH
What I understood from the question is that you are authenticating user twice – First in SL app and then in ASP.Net app. Instead can you just authenticate user in SL and pass the result (True/False or token may be) to ASP.Net app? This is the safe way I feel.
You can use like HtmlPage.Window.Eval("window.location.href='"+ YOURURL +"'");

Changing Databases in Crystal Reports for .NET

I have a problem which is perfectly described here (http://www.bokebb.com/dev/english/1972/posts/197270504.shtml):
Scenario:
Windows smart client app and the CrystalReportViewer for windows.
Using ServerFileReports to access reports through a centralized and disconnected folder location.
When accessing a report which was designed against DB_DEV and attempting to change its LogonInformation through the CrystalReportViewer to point against DB_UAT, it never seems to actually use the changed information.
It always goes against the DB_DEV info.
Any idea how to change the Database connection and logon information for a ServerFileReport ????
Heres code:
FROM A PRESENTER:
// event that fires when the views run report button is pressed
private void RunReport(object sender, EventArgs e)
{
this.view.LoadReport(Report, ConnectionInfo);
}
protected override object Report
{
get
{
ServerFileReport report = new ServerFileReport();
report.ObjectType = EnumServerFileType.REPORT;
report.ReportPath = #"\Report2.rpt";
report.WebServiceUrl = "http://localhost/CrystalReportsWebServices2005/ServerFileReportService.asmx";
return report;
}
}
private ConnectionInfo ConnectionInfo
{
get
{
ConnectionInfo info = new ConnectionInfo();
info.ServerName = servername;
info.DatabaseName = databasename;
info.UserID = userid;
info.Password = password;
return info;
}
}
ON THE VIEW WITH THE CRYSTAL REPORT VIEWER:
public void LoadReport(object report, ConnectionInfo connectionInfo)
{
viewer.ReportSource = report;
SetDBLogon(connectionInfo);
}
private void SetDBLogon(ConnectionInfo connectionInfo)
{
foreach (TableLogOnInfo logOnInfo in viewer.LogOnInfo)
{
logOnInfo.ConnectionInfo = connectionInfo;
}
}
Does anyone know how to solve the problem?
I know this isn't the programatic answer you're looking for, but:
One thing that helps with this sort of thing is not creating your reports connected to the database directly, but first you create a "Data Dictionary" for Crystal Reports (this is done in the Report Designer). Then you link all of your reports to this dictionary which maps the fields to the proper databases.
Done this way, you only have one place to change the database schema/connection info for all reports.
Also, in your report designer set the report to not cache the results (sorry I don't remember the exact option). Reports can either have their initial results included or not.
Don't you have to browse all the "databaseTable" objects of the report to redirect the corresponding connections? You'll find here my VB version of the 'database switch' problem ...
In your CrystalReportViewer object you should set
AutoDataBind="true"

Resources