The authentication/authorization within the app will be with custom classes implementing IPrincipal and IIdentity and leveraging the built-in .NET security framework. Because of this, I have come to the conclusion that we will have to author a custom security extension for SSRS.
Now, none of this is rocket science, but we would like to use the Windows Forms ReportViewer control within our app, in conjunction with the Reporting Services Web Service and I have yet to find a decent example that illustrates how to utilize custom security extensions with the web service and the reportviewer.
Any suggestions, tips, tricks, pitfalls?
Thanks,
Matthew Belk
This stuff is in BOL, but it's not very discoverable.
Here's an example of using the SSRS Forms Auth security extension in conjunction with the ReportViewer:
http://blogs.msdn.com/bimusings/archive/2005/11/04/489100.aspx
Here's an example of using the Forms Auth Security extension with the SSRS webservice (basically, just calling LoginUser(): implemented in the security extension)
http://blogs.msdn.com/bimusings/archive/2005/08/04/447939.aspx
Hope this helps
|||Thanks for the blog pointers.Now, the next logical question is how to leverage the custom security extensions to restrict access to various items within the SSRS space so that the custom "CheckAccess" routines from the sample code will work properly.
I'd love to let SSRS handle this, but if the answer is "You have to do that from your app," then that's OK, too.
Thanks,
Matthew Belk
|||
Have you explored the Forms Auth security extension sample yet? If not, I would -- You could pretty much use 60-70% of it for your purposes (authorization included)...The only changes you'd have to make is how LogonUser gets handled, etc.
No comments:
Post a Comment