Wrox Programmer Forums

Need to download code?

View our list of code downloads.

| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read
BOOK: Professional SQL Server Reporting Services ISBN: 0-7645-6878-7
This is the forum to discuss the Wrox book Professional SQL ServerReporting Services by Paul Turley, Todd Bryant, James Counihan, George McKee, Dave DuVarney; ISBN: 9780764568787
Welcome to the p2p.wrox.com Forums.

You are currently viewing the BOOK: Professional SQL Server Reporting Services ISBN: 0-7645-6878-7 section of the Wrox Programmer to Programmer discussions. This is a community of tens of thousands of software programmers and website developers including Wrox book authors and readers. As a guest, you can read any forum posting. By joining today you can post your own programming questions, respond to other developers’ questions, and eliminate the ads that are displayed to guests. Registration is fast, simple and absolutely free .
DRM-free e-books 300x50
 
 
Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old June 22nd, 2004, 02:02 PM
qa qa is offline
Registered User
 
Join Date: Jun 2004
Location: , , USA.
Posts: 9
Thanks: 0
Thanked 0 Times in 0 Posts
Default Security

I have integrated reporting services into the web application using the reporting web services. My web application has it's security model.
What is the best to implement security in this integrated scenario?

  #2 (permalink)  
Old June 23rd, 2004, 12:06 AM
Authorized User
 
Join Date: May 2004
Location: , , .
Posts: 24
Thanks: 0
Thanked 0 Times in 0 Posts
Default

I would love to help you, but I need more information. What is the security model of the application? What is your environment? ( standalone servers, domain, etc...) What kind of security do you want?

  #3 (permalink)  
Old June 23rd, 2004, 12:25 PM
qa qa is offline
Registered User
 
Join Date: Jun 2004
Location: , , USA.
Posts: 9
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Our web application is an intranet application with Role Based Security model. I am thinking about ignoring the security at the report server level and treating the reports as resources at the application. Then I can display the list of reports (programatically) that the user is authorized based on the role at the application level.
  #4 (permalink)  
Old June 23rd, 2004, 01:13 PM
Authorized User
 
Join Date: May 2004
Location: , , .
Posts: 24
Thanks: 0
Thanked 0 Times in 0 Posts
Default

When you say "Role" based security, I am assuming that you are using Windows authentication and authorization, and that you are using "Windows groups" to define your roles. If this is the case, you may turn impersonation on, then execute code against the Reporting Web Service. The reporting service will return resources( reports) that the current user has access to. You can then incorporate that into your app so that the users get access to what they need. You should't have to do anything special because the web service only returns reports that the user can access.

If you are using some kind of custom "role based" security then your task is more difficult, and you will have to do ALOT more work. I can point you in the right direction if you MUST take this route.

T

Todd Bryant
MCSD,MCDBA,MCSE,MCT
  #5 (permalink)  
Old June 23rd, 2004, 03:10 PM
Authorized User
 
Join Date: May 2004
Location: Cary, NC, USA.
Posts: 12
Thanks: 0
Thanked 0 Times in 0 Posts
Default

tabryant,

I have a similar queston about permissions and security. Can you take a look an this post and let me know what you think?

http://p2p.wrox.com/topic.asp?TOPIC_ID=15196

Thanks!

Chris
  #6 (permalink)  
Old June 23rd, 2004, 03:48 PM
qa qa is offline
Registered User
 
Join Date: Jun 2004
Location: , , USA.
Posts: 9
Thanks: 0
Thanked 0 Times in 0 Posts
Default

I am using 'custom' role based authorization. Authentication and Authorization is done by the home grown security module which is based on the data (user/roles) in the database.

Thanks a lot for your support.

  #7 (permalink)  
Old June 23rd, 2004, 06:09 PM
Authorized User
 
Join Date: May 2004
Location: , , .
Posts: 24
Thanks: 0
Thanked 0 Times in 0 Posts
Default

If you are using custom, then you either have to filter the content in some custom manner, or you will have to create your own security extension.

MS made some undocumented changes that I didn't discover until after the book shipped. There is a note in the "Extending" chapter that is almost right. They included support by creating an interface called "IAuthenticationExtension" that you can implement in a custom way. It can be done, but there is no documentation.

Download exploration tool "Reflector" from

http://www.aisto.com/roeder/dotnet/

This will enable you to explore the Reporting services DLLS to find out what you need to do. I will include this in the 2nd edition of the book.

Good Luck,



Todd Bryant
MCSD,MCDBA,MCSE,MCT
  #8 (permalink)  
Old June 23rd, 2004, 07:54 PM
Registered User
 
Join Date: Jun 2004
Location: , , Mexico.
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
Default

I have an application with custom security too, all users can access al reports but the information to be showed may vary depending on their permissions, how should i filter information?, ive thought of creating a custom data processing extension but it seems like a dificult task, besides the data is already in sql server.

Could i create functions similar to the ones used for custom formatting, and use them to filter data?


  #9 (permalink)  
Old June 28th, 2004, 11:00 AM
Authorized User
 
Join Date: May 2004
Location: , , .
Posts: 24
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Your only choice is to build something custom if you don't want to use Windows security. Here are some of your options.

1) Implement a custom security extension. The technique is undocumented, and I am not ready to release anything on it at this time. It is unsupported, but it can be done.

2) Do your filtering at the application level, and only provide links to reports that the user should have access to.

3) Build a custom data store that has user permissions that you filter on at runtime. Typically this would be a database table.






Todd Bryant
MCSD,MCDBA,MCSE,MCT
 


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Code Access Security & Role Based Security robzyc C# 6 April 11th, 2008 02:31 AM
System.Security.SecurityException: Security error coolcatjk Pro VB.NET 2002/2003 4 March 2nd, 2006 06:00 PM
Security deys C++ Programming 0 February 2nd, 2006 02:33 AM
security mjuliao Access 1 October 16th, 2005 12:13 AM
Security MDrumm Access 9 August 2nd, 2005 10:23 AM



All times are GMT -4. The time now is 12:09 PM.


Powered by vBulletin®
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.
© 2013 John Wiley & Sons, Inc.