locked
Token based Security between Apps RRS feed

  • Question

  • User-425639139 posted

    Folks,

    Looking for a quick response in terms of Authorization and Authentication with multiple .NET & Non .NET based apps :

    1. SSRS Report Viewer Project (.NET Web Appliation that renders out SSRS Reports in SSRS Report Viewer Control)
    2. Legacy .NET Application that Calls Report Viewer project in Tabbed windows or Iframe (No Security implemented apart from User Login & menu restriction based on role )
    3. Leagacy Java Application that Calls Report Viewer project in IFrame (No Security implemented apart from menu restriction based on role) 

    Questio is how can I restrict a User to start opening the SSRS Report Viewer app by just copying the URL from Iframe and pasting it ? I thoguht of making a URL Referrel restriction that if User is coming from App 2 or App 3 allow the Viewerr to render the page else just redirect to Access Denied but this obviousl is not looking like a good solution.

    I also though of implementing a Token based Authentication where I keep a Token (Appid + Username + Expiry Date) in a DB table and passing this Toekn in query string and if its a valid token let the user access else deny but this also is not looking like a full proof solution to me. Is there a better way of doing it ?

    Monday, May 19, 2014 4:54 PM

All replies