none
Read HttpContext.Current header on SSRS 2016 RRS feed

  • Question

  • Hello All,

    I have a situation where i need to read the System.Web.HttpContext.Current header information in SSRS 2016. We have an authentication (which is I think custom) to authenticate a user, however we are not using a SQL table to store the credentials. I have read through various articles https://github.com/Microsoft/Reporting-Services/tree/master/CustomSecuritySample & https://social.msdn.microsoft.com/Forums/en-US/c3e11282-495b-4e2a-b422-524dba378444/custom-authentication-provider-for-ssrs-2016-?forum=SQLServer2016Preview for example, which talks about extending IAuthenticationExtension2 interface. I am not sure how to proceed.

    My scenario is:

    1. We have a custom authentication and the authenticated user will have the header populated with the user-id and employee ID of the individual. 

    2. I would like to read this header on the main page to fetch the user-id of the individual. 

    3. Our folders in SSRS have active directory security groups. So, I am thinking that when I fetch the user-id from the header and pass it along, the AD security groups should work.

    From what I understand, I don't need a forms authentication, as my authentication is being handled by the external URL (Webseal junction).

    From the above, I am not sure where should I write code to read the header. Any advice will be very appreciated. Also, if I need to extend the IAuthenticationExtension2 interface, what should be the steps I need to follow.

    Thanks so much.



    Thursday, October 17, 2019 9:14 PM

All replies

  • Hi ,

    To sum up your scenario, 1&2 did you want to utilize custom authentication ?

    For 3rd, I am not sure that AD will be automatically applied to custom APP and custom authentication. To get a clear answer of this, I suggest you to look at AD community and forum, or you could do more research on this by google.

    --"From what I understand, I don't need a forms authentication, as my authentication is being handled by the external URL (Webseal junction)."

    For the custom authentication samples I once tried they used forms authentication. Forms authentication is preferred than url authentication. Reads here: Forms Authentication Workflow & Forms Authentication. I am not familiar with WebSeal technology,  couldn't assert much about it.

     

    --"extend the IAuthenticationExtension2 interface, what should be the steps I need to follow."

    I think to utilize the interface, we need to at first know how you validation of user works. You need to find how WebSeal works with IAuthenticationExtension2 , or generally speaking, how is WebSeal integrated with C# app coding.

    OK, your question is rather big in my opinion, sorry that my post is not that helpful. But, just for discussion-wise, wanting to help to break the big pie into small pieces. 

    Hope other experts here could find more solution and offer deeper insights of this issue.

    Regards,

    Lukas


    MSDN Community Support Please remember to click Mark as Answer; the responses that resolved your issue, and to click Unmark as Answer if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Friday, October 18, 2019 8:50 AM
  • Hi Lukas,

    I think I didn't explain properly. Please see the diagram in the below URL

    https://docs.microsoft.com/en-us/sql/reporting-services/extensions/security-extension/security-extensions-overview?view=sql-server-ver15

    I don't have a logon screen inside the application. Instead I have a Webseal logon screen. After authentication, I would want to read the Http.CurrentContext header. I read through the code at 

    https://github.com/Microsoft/Reporting-Services/tree/master/CustomSecuritySample

    and I think I need to not have a Logon.aspx page and remove the LogonUser method. Only by using GetUserInfo I would be able to read the HttpContext. 

    My question is would this work. My logon screen is outside of the Logon.aspx page from Step 2 in the image in the URL. I would bypass that step and directly read Security Extension. 

    Hope I am making sense.

    Friday, October 18, 2019 3:47 PM
  • Have you tried your assumption and get anything?

    MSDN Community Support Please remember to click Mark as Answer; the responses that resolved your issue, and to click Unmark as Answer if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Monday, October 21, 2019 9:09 AM