This Blog

Home

Syndication

News

Visit prologika.com for information about Teo's publications, the latest on the Microsoft Business Intelligence initiative, and more...

Prologika (Teo Lachev's Weblog)

Teo Lachev is a consultant, mentor, and author focusing on the design and development of Microsoft .NET business intelligence solutions. Read about Teo's work and life. Registered users can post comments.

Forms Authentication and RS Web Service

Often, report enabling Internet-facing applications require replacing the default RS Windows-based security with Forms Authentication. This allows clients to request reports by URL with the all the goodies that URL addressability entail, namely support for interactive features and the HTML Viewer toolbar. While RS Forms Authentication is well-documented (see the Forms Authentication whitepaper by Microsoft), something which may not be so obvious is that Forms Authentication can be used not only with URL addressability but also with the RS web service.

Let's say you want most of your reports to be requested by URL but some to be generated on the server-side of the application by SOAP. Or, you need to manage a Report Server installation configured for Forms Authentication from a WinForm client by calling the management SOAP APIs. The RS Forms Authentication model supports all these scenarios. All in all, it boils down to to storing the authentication ticket (cookie) received from the LogonUser call on the client side and passing it back with each request.

I whipped out a simple WinForm app (sorry C# only, but they are free converters out there for C#->VB ) to show how this could be done. This sample doesn't have any bugs! Common, we all know this is not true :-). Please let me know if something buggy raises its ugly head. Usual disclaimers apply also...you are on your own basically.

DISCLAIMER: One thing that you may need definitely to change if you are planning to retrofit my code to a web app is way the app stores the cookie. You will notice that the sample app stores the cookie in a static class member. This is all fine with WinForm apps running on single thread by definitely no-no for web applications where you need to be aware of multi-threading and multi-user issues. If the web app is the same one that requests reports by URL, the simplest solution may be not to store the cookie at all but to get it from the current HTTP context, similar to the original implementation of the overridden proxy class that comes with the MS sample.

For time being, the sample Forms Authenticator app can be downloaded from here.

Only published comments... Aug 27 2004, 05:17 PM by admin

Filed under: Reporting Services

Comments

	admin said: The forms authentication works fine. However, after the prescribed timeout period specified in the report server web.conifg report server autmatically logs you off even when you are constantly using the report server. To reproduce: 1. Set the forms auth timeout to a small number say 5 min 2. log on and access the reports every minute 3. After 5 minutes from logging in the report server rejects the cookie although you have been actively using it. Any suggestions? Jana September 24, 2004 12:12 PM
	admin said: When I run the program, the following error is shown. Do I need to do some setting first ??? Thanks a lot !!! (A first chance exception of type 'System.IO.FileNotFoundException' occurred in mscorlib.dll Additional information: Could not find file "Form1".) September 26, 2004 10:55 PM
	admin said: You need to set the cookie slidingExpiration property to extend the cookie lifetime with each request. Look up the MSDN documentation the <forms> element for the cookie syntax. About the second problem, you may need to recompile the application. September 29, 2004 6:46 PM
	admin said: Thanks for your help. I was thrown off because, I was able to work with reports fine without setting the sliding timeout in IE. This was an issue only when using the ReportingService webservice. The slidingexpiration is true by default (I am using 1.1 framework. The document says it is true for 1.0). The fix I need to make is to update my cookie each time I receive a new cookie from report server. The server returns a new cookie only when a request is made after 1/2 the time out after login. September 30, 2004 5:08 PM
	admin said: Did you have a web app version??? I need consume RS Web service to create some applications. Thanks. October 21, 2004 8:07 PM
	admin said: Looks like there is a bug in the ReportingServices with forms authentication. There seems to be an issue with listSubscriptions method and forms authentication. When I call the ListSubscriptions method with a valid owner the application throws an UnknownUserName error. However, When I list subscriptions without owner, It lists all the subscription and I can see the owner in the subscription. When I tried calling the ListSubscriptions with a owner who is a local window user and is not a valid user for forms authentication, the method returns zero subscriptions without raising an exception. November 25, 2004 12:44 PM
	admin said: Hi, I'm using standard edition of SQL Server. I make changes as per article and give permission for all .dll. I'm able to register new user but when i try to Logon into system i get following error: ----------------------------------------------------------------------------------------------------------------------------- Server Error in '/Reports' Application. -------------------------------------------------------------------------------- Client found response content type of 'text/html; charset=utf-8', but expected 'text/xml'. The request failed with the error message: -- <html> <head> <title> Microsoft Reporting Services </title><meta name="Generator" content="Microsoft SQL Server Reporting Services 8.00.878.00" /> <meta name="HTTP Status" content="500" /> <meta name="ProductLocaleID" content="9" /> <meta name="CountryLocaleID" content="1033" /> <meta name="StackTrace" content=" at Microsoft.ReportingServices.Diagnostics.Globals.ThrowUnsupportedOnStandardOperation() at Microsoft.ReportingServices.Diagnostics.AuthenticationExtensionFactory.get_AuthenticationExtension() at Microsoft.ReportingServices.Diagnostics.UserUtil.GetUserNameFromExtension() at Microsoft.ReportingServices.Diagnostics.UserUtil.GetCurrentUserName() at Microsoft.ReportingServices.WebServer.Global.ShouldRejectAntiDos() at Microsoft.ReportingServices.WebServer.Global.Application_AuthenticateRequest(Object sender, EventArgs e)" /> <style> BODY {FONT-FAMILY:Verdana; FONT-WEIGHT:normal; FONT-SIZE: 8pt; COLOR:black} H1 {FONT-FAMILY:Verdana; FONT-WEIGHT:700; FONT-SIZE:15pt} LI {FONT-FAMILY:Verdana; FONT-WEIGHT:normal; FONT-SIZE:8pt; DISPLAY:inline} .ProductInfo {FONT-FAMILY:Verdana; FONT-WEIGHT:bold; FONT-SIZE: 8pt; COLOR:gray} A:link {FONT-SIZE: 8pt; FONT-FAMILY:Verdana; COLOR:#3366CC; TEXT-DECORATION:none} A:hover {FONT-SIZE: 8pt; FONT-FAMILY:Verdana; COLOR:#FF3300; TEXT-DECORATION:underline} A:visited {FONT-SIZE: 8pt; FONT-FAMILY:Verdana; COLOR:#3366CC; TEXT-DECORATION:none} A:visited:hover {FONT-SIZE: 8pt; FONT-FAMILY:Verdana; color:#FF3300; TEXT-DECORATION:underline} </style> </head><body bgcolor="white"> <h1> Reporting Services Error<hr width="100%" size="1" color="silver" /> </h1><ul> <li>This operation is not supported in this edition of Reporting Services (rsOperationNotSupported) <a href="http://go.microsoft.com/fwlink/?LinkId=20476&EvtSrc=Microsoft.ReportingServices.Diagnostics.Utilities.ErrorStrings.resources.Strings&EvtID=rsOperationNotSupported&ProdName=Microsoft%20SQL%20Server%20Reporting%20Services&ProdVer=8.00"">http://go.microsoft.com/fwlink/?LinkId=20476&EvtSrc=Microsoft.ReportingServices.Diagnostics.Utilities.ErrorStrings.resources.Strings&EvtID=rsOperationNotSupported&ProdName=Microsoft%20SQL%20Server%20Reporting%20Services&ProdVer=8.00"">http://go.microsoft.com/fwlink/?LinkId=20476&EvtSrc=Microsoft.ReportingServices.Diagnostics.Utilities.ErrorStrings.resources.Strings&EvtID=rsOperationNotSupported&ProdName=Microsoft%20SQL%20Server%20Reporting%20Services&ProdVer=8.00"">http://go.microsoft.com/fwlink/?LinkId=20476&EvtSrc=Microsoft.ReportingServices.Diagnostics.Utilities.ErrorStrings.resources.Strings&EvtID=rsOperationNotSupported&ProdName=Microsoft%20SQL%20Server%20Reporting%20Services&ProdVer=8.00" target="_blank">Get Online Help</a></li> </ul><hr width="100%" size="1" color="silver" /><span class="ProductInfo">Microsoft Reporting Services</span> </body> </html> --. Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. Exception Details: System.InvalidOperationException: Client found response content type of 'text/html; charset=utf-8', but expected 'text/xml'. The request failed with the error message: -- <html> <head> <title> Microsoft Reporting Services </title><meta name="Generator" content="Microsoft SQL Server Reporting Services 8.00.878.00" /> <meta name="HTTP Status" content="500" /> <meta name="ProductLocaleID" content="9" /> <meta name="CountryLocaleID" content="1033" /> <meta name="StackTrace" content=" at Microsoft.ReportingServices.Diagnostics.Globals.ThrowUnsupportedOnStandardOperation() at Microsoft.ReportingServices.Diagnostics.AuthenticationExtensionFactory.get_AuthenticationExtension() at Microsoft.ReportingServices.Diagnostics.UserUtil.GetUserNameFromExtension() at Microsoft.ReportingServices.Diagnostics.UserUtil.GetCurrentUserName() at Microsoft.ReportingServices.WebServer.Global.ShouldRejectAntiDos() at Microsoft.ReportingServices.WebServer.Global.Application_AuthenticateRequest(Object sender, EventArgs e)" /> <style> BODY {FONT-FAMILY:Verdana; FONT-WEIGHT:normal; FONT-SIZE: 8pt; COLOR:black} H1 {FONT-FAMILY:Verdana; FONT-WEIGHT:700; FONT-SIZE:15pt} LI {FONT-FAMILY:Verdana; FONT-WEIGHT:normal; FONT-SIZE:8pt; DISPLAY:inline} .ProductInfo {FONT-FAMILY:Verdana; FONT-WEIGHT:bold; FONT-SIZE: 8pt; COLOR:gray} A:link {FONT-SIZE: 8pt; FONT-FAMILY:Verdana; COLOR:#3366CC; TEXT-DECORATION:none} A:hover {FONT-SIZE: 8pt; FONT-FAMILY:Verdana; COLOR:#FF3300; TEXT-DECORATION:underline} A:visited {FONT-SIZE: 8pt; FONT-FAMILY:Verdana; COLOR:#3366CC; TEXT-DECORATION:none} A:visited:hover {FONT-SIZE: 8pt; FONT-FAMILY:Verdana; color:#FF3300; TEXT-DECORATION:underline} </style> </head><body bgcolor="white"> <h1> Reporting Services Error<hr width="100%" size="1" color="silver" /> </h1><ul> <li>This operation is not supported in this edition of Reporting Services (rsOperationNotSupported) <a href="http://go.microsoft.com/fwlink/?LinkId=20476&EvtSrc=Microsoft.ReportingServices.Diagnostics.Utilities.ErrorStrings.resources.Strings&EvtID=rsOperationNotSupported&ProdName=Microsoft%20SQL%20Server%20Reporting%20Services&ProdVer=8.00"">http://go.microsoft.com/fwlink/?LinkId=20476&EvtSrc=Microsoft.ReportingServices.Diagnostics.Utilities.ErrorStrings.resources.Strings&EvtID=rsOperationNotSupported&ProdName=Microsoft%20SQL%20Server%20Reporting%20Services&ProdVer=8.00"">http://go.microsoft.com/fwlink/?LinkId=20476&EvtSrc=Microsoft.ReportingServices.Diagnostics.Utilities.ErrorStrings.resources.Strings&EvtID=rsOperationNotSupported&ProdName=Microsoft%20SQL%20Server%20Reporting%20Services&ProdVer=8.00"">http://go.microsoft.com/fwlink/?LinkId=20476&EvtSrc=Microsoft.ReportingServices.Diagnostics.Utilities.ErrorStrings.resources.Strings&EvtID=rsOperationNotSupported&ProdName=Microsoft%20SQL%20Server%20Reporting%20Services&ProdVer=8.00" target="_blank">Get Online Help</a></li> </ul><hr width="100%" size="1" color="silver" /><span class="ProductInfo">Microsoft Reporting Services</span> </body> </html> --. Source Error: An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below. Stack Trace: [InvalidOperationException: Client found response content type of 'text/html; charset=utf-8', but expected 'text/xml'. The request failed with the error message: -- <html> <head> <title> Microsoft Reporting Services </title><meta name="Generator" content="Microsoft SQL Server Reporting Services 8.00.878.00" /> <meta name="HTTP Status" content="500" /> <meta name="ProductLocaleID" content="9" /> <meta name="CountryLocaleID" content="1033" /> <meta name="StackTrace" content=" at Microsoft.ReportingServices.Diagnostics.Globals.ThrowUnsupportedOnStandardOperation() at Microsoft.ReportingServices.Diagnostics.AuthenticationExtensionFactory.get_AuthenticationExtension() at Microsoft.ReportingServices.Diagnostics.UserUtil.GetUserNameFromExtension() at Microsoft.ReportingServices.Diagnostics.UserUtil.GetCurrentUserName() at Microsoft.ReportingServices.WebServer.Global.ShouldRejectAntiDos() at Microsoft.ReportingServices.WebServer.Global.Application_AuthenticateRequest(Object sender, EventArgs e)" /> <style> BODY {FONT-FAMILY:Verdana; FONT-WEIGHT:normal; FONT-SIZE: 8pt; COLOR:black} H1 {FONT-FAMILY:Verdana; FONT-WEIGHT:700; FONT-SIZE:15pt} LI {FONT-FAMILY:Verdana; FONT-WEIGHT:normal; FONT-SIZE:8pt; DISPLAY:inline} .ProductInfo {FONT-FAMILY:Verdana; FONT-WEIGHT:bold; FONT-SIZE: 8pt; COLOR:gray} A:link {FONT-SIZE: 8pt; FONT-FAMILY:Verdana; COLOR:#3366CC; TEXT-DECORATION:none} A:hover {FONT-SIZE: 8pt; FONT-FAMILY:Verdana; COLOR:#FF3300; TEXT-DECORATION:underline} A:visited {FONT-SIZE: 8pt; FONT-FAMILY:Verdana; COLOR:#3366CC; TEXT-DECORATION:none} A:visited:hover {FONT-SIZE: 8pt; FONT-FAMILY:Verdana; color:#FF3300; TEXT-DECORATION:underline} </style> </head><body bgcolor="white"> <h1> Reporting Services Error<hr width="100%" size="1" color="silver" /> </h1><ul> <li>This operation is not supported in this edition of Reporting Services (rsOperationNotSupported) <a href="http://go.microsoft.com/fwlink/?LinkId=20476&EvtSrc=Microsoft.ReportingServices.Diagnostics.Utilities.ErrorStrings.resources.Strings&EvtID=rsOperationNotSupported&ProdName=Microsoft%20SQL%20Server%20Reporting%20Services&ProdVer=8.00"">http://go.microsoft.com/fwlink/?LinkId=20476&EvtSrc=Microsoft.ReportingServices.Diagnostics.Utilities.ErrorStrings.resources.Strings&EvtID=rsOperationNotSupported&ProdName=Microsoft%20SQL%20Server%20Reporting%20Services&ProdVer=8.00"">http://go.microsoft.com/fwlink/?LinkId=20476&EvtSrc=Microsoft.ReportingServices.Diagnostics.Utilities.ErrorStrings.resources.Strings&EvtID=rsOperationNotSupported&ProdName=Microsoft%20SQL%20Server%20Reporting%20Services&ProdVer=8.00"">http://go.microsoft.com/fwlink/?LinkId=20476&EvtSrc=Microsoft.ReportingServices.Diagnostics.Utilities.ErrorStrings.resources.Strings&EvtID=rsOperationNotSupported&ProdName=Microsoft%20SQL%20Server%20Reporting%20Services&ProdVer=8.00" target="_blank">Get Online Help</a></li> </ul><hr width="100%" size="1" color="silver" /><span class="ProductInfo">Microsoft Reporting Services</span> </body> </html> --.] System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall) +1488 System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters) +218 Microsoft.SqlServer.ReportingServices.ReportingService.LogonUser(String userName, String password, String authority) in c:\program files\microsoft sql server\mssql\reporting services\samples\extensions\formsauthenticationsample\reportingservice.cs:2301 Microsoft.Samples.ReportingServices.CustomSecurity.UILogon.BtnLogon_Click(Object sender, EventArgs e) in c:\program files\microsoft sql server\mssql\reporting services\samples\extensions\formsauthenticationsample\uilogon.aspx.cs:116 System.Web.UI.WebControls.Button.OnClick(EventArgs e) +108 System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument) +57 System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) +18 System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData) +33 System.Web.UI.Page.ProcessRequestMain() +1277 -------------------------------------------------------------------------------- Version Information: Microsoft .NET Framework Version:1.1.4322.573; ASP.NET Version:1.1.4322.573 ----------------------------------------------------------------------------------------------------------------------------- Thanks in Advance.. Looking for help. Gaurav. December 7, 2004 1:30 AM

Prologika Forums

This Blog

Syndication

Recent Posts

Tags

News

Reporting Services Links

Analysis Services Links

Blog Roll

Archives

Prologika (Teo Lachev's Weblog)

Forms Authentication and RS Web Service

Comments

admin said:

admin said:

admin said:

admin said:

admin said:

admin said:

admin said: