September 24, 2010 at 10:40 am
Hi all,
Having spent some time getting Forms Authentication working with 2008 (R2) I have one final problem left that is causing intense frustration...
The working bits:
a) Built and tested the required extension - thanks to a combination of the old Microsoft example supplemented by the one from chapter 19 of Teo Lachev's book, supplemented by Brian Lawson's.
b) used existing user/group structures in the db to implement role level permissions
c) Can now grant rights to usernames and the usernames validated against our db, they can log in fine and run reports.
d) Nice customised login screens that login across the application and Reporting Services with a single login - which was the primary aim after all!
e) can grant rights to folders at group level and granting/revoking those rights adds or removes the folders in ReportManager - all looking wonderful
The last hurdle:
If I grant permissions to a specific username (we use email address as the username) then that user can log in to ReportManager fine and see what they should see.
If I grant the exact same permission to a role, and make a login a member of that role (removing the specific username permission) then they can access the reportmanager home page but can see no child folders from it.
The crazy thing is even if I force every CheckAccess method in the Authorization extension to return true, they STILL cannot see anything in ReportManaager unless their username is granted permissions specifically, however access to the ReportServer url seems to be correctly honouring the permissions I have set up, which makes me think the right permissions are being returned from the extension, but we have hit a ReportManager problem.
It is almost as though something in ReportManager is checking the access at the username level before it even calls the CheckAccess overloads in the Authorization extension.
Now I can work round this by putting the usernames in roles AND adding them specifically to the home page permission but that partially defeats the purpose of the role-based authorisation.
If anyone has successfully got this working it would be great to know, it is obviously difficult to post the entire code of this one due to the large number of steps needed to set it all up. Similarly if anyone can confirm they also cannot make this last bit work that would confirm I have not gone crazy, and stop me worrying about it!
Many Thanks
Mike John
March 11, 2011 at 6:55 am
Hi,
I am desperatly looking for good documentation in order to implement Form authentication in my Reporting Services 2008 R2 and didn't find any article with all the necessary instruction. Can you give me that please?
Thanks
Michaël
Viewing 2 posts - 1 through 1 (of 1 total)
You must be logged in to reply to this topic. Login to reply