locked
Pass user credentials through SSRS report URL RRS feed

  • Question

  • User1030641174 posted

    Currently I am calling accessing the SSRS report of 2005 server using below method. Now I would like to pass the user credentials to validate the user then allow to access the report.

    Public Shared Function GenerateReport(ByVal page As Page, ByVal url As String)
        Dim popupScript As String
        
        Dim reportServer As String = ConfigurationManager.AppSettings("ReportServer")
        
        Dim sUrl As String = String.Format(reportServer & url)
        popupScript = "<script language='javascript'>" &
                            "window.open('" & sUrl & "','CustomPopup', " &
                            "'width=900, height=600,top=0;left=0;menubar=no,resizable=no')" &
                        "</script>"
        
        Dim clientScript As ClientScriptManager = page.ClientScript
        clientScript.RegisterClientScriptBlock(GetType(Page), "PopupScript", popupScript, False)
        Return Nothing
    End Function

    Wednesday, November 4, 2020 8:05 AM

All replies

  • User475983607 posted

    Currently I am calling accessing the SSRS report of 2005 server using below method. Now I would like to pass the user credentials to validate the user then allow to access the report.

    Write a simple If in your code behind.  The following code allows authenticated users.  This assume you are using standard authentication/authorization in ASP.NET.  You can also check the user role. 

    Public Shared Function GenerateReport(ByVal page As Page, ByVal url As String)
        
        If(User.Identity.IsAuthenticated) Then
        
            Dim popupScript As String
        
            Dim reportServer As String = ConfigurationManager.AppSettings("ReportServer")
            
            Dim sUrl As String = String.Format(reportServer & url)
            popupScript = "<script language='javascript'>" &
                                "window.open('" & sUrl & "','CustomPopup', " &
                                "'width=900, height=600,top=0;left=0;menubar=no,resizable=no')" &
                            "</script>"
            
            Dim clientScript As ClientScriptManager = page.ClientScript
            clientScript.RegisterClientScriptBlock(GetType(Page), "PopupScript", popupScript, False)
            Return Nothing
        
        End If
        
    
    End Function

    IF you are using custom authentication then it is up to you to write the correct code for your custom authentication.

    Wednesday, November 4, 2020 12:14 PM
  • User1030641174 posted

    This is not going to solve my issue, I have a service account which has the access permission to report server, I need to pass always that user id and password to get the report.

    rocky1

    Currently I am calling accessing the SSRS report of 2005 server using below method. Now I would like to pass the user credentials to validate the user then allow to access the report.

    Write a simple If in your code behind.  The following code allows authenticated users.  This assume you are using standard authentication/authorization in ASP.NET.  You can also check the user role. 

    Public Shared Function GenerateReport(ByVal page As Page, ByVal url As String)
        
        If(User.Identity.IsAuthenticated) Then
        
            Dim popupScript As String
        
            Dim reportServer As String = ConfigurationManager.AppSettings("ReportServer")
            
            Dim sUrl As String = String.Format(reportServer & url)
            popupScript = "<script language='javascript'>" &
                                "window.open('" & sUrl & "','CustomPopup', " &
                                "'width=900, height=600,top=0;left=0;menubar=no,resizable=no')" &
                            "</script>"
            
            Dim clientScript As ClientScriptManager = page.ClientScript
            clientScript.RegisterClientScriptBlock(GetType(Page), "PopupScript", popupScript, False)
            Return Nothing
        
        End If
        
    
    End Function

    IF you are using custom authentication then it is up to you to write the correct code for your custom authentication.

    Wednesday, November 4, 2020 12:31 PM
  • User475983607 posted

    This is not going to solve my issue, I have a service account which has the access permission to report server, I need to pass always that user id and password to get the report.

    Unfortunately, you have not explained the security design....  I assume the window.open opens the report in a windows.  This approach no longer works due to the service account requirement.

    The user machines needs to run under the service account which is typically not an option.  Basic authentication might be an option because the credentials can be added to the URL and browsers know how to handle this construct.  However, this approach might not work with modern browsers. 

    Anyway, SSRS authentication is covered in the standard documentation.

    https://docs.microsoft.com/en-us/sql/reporting-services/security/authentication-with-the-report-server?view=sql-server-ver15

    I use SSRS and a service account.  The difference is, reports are generated from ASMX services on SSRS not from a URL.  I have a REST web service running under the service account which makes the calls to the ASMX service to get the reports.  The REST service is secured by OAUth/OIDC.  So, any client that wants the reports must be authenticated and authorized through OAuth/OIDC.

    You'll need to do something similar depending on your environment.  If you are not using web services then you'll create a service reference on the web server which calls the SSRS ASMX services to return the report.  Rather than calling the SSRS report directly, the request is proxied through your Web Forms application.  The JavaScript calls a URL in the web app.  This approach allows you to secure the reports.

    If window.open opens the SSRS where the users can run reports then see the following.

    https://docs.microsoft.com/en-us/sql/reporting-services/security/granting-permissions-on-a-native-mode-report-server?view=sql-server-ver15

    Wednesday, November 4, 2020 1:37 PM