December 29, 2009 at 4:00 pm
Hi,
I have installed SQL Server 2005 SSRS with SP3 and configured the reporting services using Report services configuration manager and then created a User "Scott" in report manager using http://servername/reports and given content manager rights for "Scott" and deployed the reports
Now the Developer, used the below in the web.config of their application
<add key="ReportServerURl" value="http://servername/ReportServer" />
<add key="User" value="scott" />
<add key="Password" value="xxxxxxx" />
<add key="Domain" value="abc" />
But, my boss DONOT want to see the password in plain text like above and want to encrypt the password.
How can we achive this(as SQL Server DBA, what should I do?)
many thanks
thanks
December 30, 2009 at 12:36 pm
Could you please advice me..
December 30, 2009 at 3:53 pm
Hi,
I'm eagerly waiting for a response to this question. Because we also using username & password in web.config file of the application. It would be great to know if there is a way to encrypt the password.
thanks
December 30, 2009 at 4:30 pm
rambilla (12/30/2009)
Hi,I'm eagerly waiting for a response to this question. Because we also using username & password in web.config file of the application. It would be great to know if there is a way to encrypt the password.
thanks
I understand the confusion in SSRS Web.Config but SSRS uses Windows Authentication by default so all you need is to define an authorization section in the Web.Config and add the names of the allowed. The most important thing with authorization don't define a deny because if you define deny for everybody there is a default everybody group in Windows and Asp.net runtime is also a member of that group. That means your reports will stop working. Check the link below for details about authorization.
http://msdn.microsoft.com/en-us/library/wce3kxhd.aspx
Kind regards,
Gift Peddie
December 30, 2009 at 5:13 pm
understand the confusion in SSRS Web.Config but SSRS uses Windows Authentication by default so all you need is to define an authorization section in the Web.Config and add the names of the allowed. The most important thing with authorization don't define a deny because if you define deny for everybody there is a default everybody group in Windows and Asp.net runtime is also a member of that group. That means your reports will stop working. Check the link below for details about authorization.
Thanks,
Here I'm talking about the web.config of the application (we have web application and inthat we have menu called reports, where all the reports list will be displayed) NOT the SSRS web.cinfig file
December 30, 2009 at 5:25 pm
rambilla (12/30/2009)
understand the confusion in SSRS Web.Config but SSRS uses Windows Authentication by default so all you need is to define an authorization section in the Web.Config and add the names of the allowed. The most important thing with authorization don't define a deny because if you define deny for everybody there is a default everybody group in Windows and Asp.net runtime is also a member of that group. That means your reports will stop working. Check the link below for details about authorization.
Thanks,
Here I'm talking about the web.config of the application (we have web application and inthat we have menu called reports, where all the reports list will be displayed) NOT the SSRS web.cinfig file
If your application is intranet and using Windows authentication you can still use authorization sections if you are using Forms authentication then you need to use Asp.net membership and roles if your application is .NET 2.0 and above.
Kind regards,
Gift Peddie
December 31, 2009 at 9:40 am
There are a lot of good articals on encrypting connection strings. Try looking at some of these.
http://www.codeguru.com/csharp/.net/net_security/encryption/article.php/c9699__1/
http://groups.google.com/group/a-c-net/browse_thread/thread/cab3d7cf6d778057
December 31, 2009 at 9:51 am
mforbes (12/31/2009)
http://www.codeguru.com/csharp/.net/net_security/encryption/article.php/c9699__1/
http://groups.google.com/group/a-c-net/browse_thread/thread/cab3d7cf6d778057%5B/quote%5D
It is not related to connection string this is defining user permissions in IIS and adding that definition to your Web.Config
IIS 6
<authorization>
<allow users="User1"/>
<allow users="User2"/>
<deny users="*"/>
<deny users="?"/>
</authorization>
IIS 7 and IIS 7.5
<configuration>
<system.webServer>
<security>
<authorization>
<clear />
<add accessType="Allow" users="User 1"/>
</authorization>
</security>
</system.webServer>
</configuration>
Kind regards,
Gift Peddie
Viewing 8 posts - 1 through 7 (of 7 total)
You must be logged in to reply to this topic. Login to reply