Client Certificate Custom Authentication

Question

User2053348377 posted

I'm running into an issue when trying to implement custom authentication using client certificates, with the sample forms authentication setup from https://github.com/Microsoft/Reporting-Services/tree/master/CustomSecuritySample as a base. Specifically, I am trying to access CERT_SUBJECT in logon.aspx, but I have tried multiple methods to access it and they all return an empty value:

• Request.ClientCertificate.Subject
• Context.Request.ServerVariables["CERT_SUBJECT"]
• Request.ServerVariables["CERT_SUBJECT"]

I have an IIS server that requires certificates which redirects the reports and reportserver path to the proper SSRS URL (localhost/reports and localhost/reportserver) using URL rewrite. I have also configured the rewrite rules to passthrough CERT_SUBJECT, and I can confirm that the server variable being is passed through correctly by forcing the rule to redirect to the raw variable {C:0}, which does indeed display the cert subject in the address bar.

reports/web.config:

<rules>
    <rule name="ReverseProxyInboundRule1" enabled="true" stopProcessing="true">
        <match url="(.*)" />
        <action type="Rewrite" url="http://localhost:8080/reports/{R:0}" appendQueryString="true" />
        <conditions trackAllCaptures="true">
            <add input="{CERT_SUBJECT}" pattern="(.*)" />
        </conditions>
        <serverVariables>
            <set name="CERT_SUBJECT" value="{C:0}" />
        </serverVariables>
    </rule>
</rules>

reportserver/web.config:

<rules>
    <rule name="ReverseProxyInboundRule1" enabled="true" stopProcessing="true">
        <match url="(.*)" />
        <action type="Rewrite" url="http://localhost:8080/reportserver/{R:0}" appendQueryString="true" logRewrittenUrl="false" />
        <conditions trackAllCaptures="true">
            <add input="{CERT_SUBJECT}" pattern="(.*)" />
        </conditions>
        <serverVariables>
            <set name="CERT_SUBJECT" value="{C:0}" />
        </serverVariables>
    </rule>
</rules>

So I have limited the problem to something related to SSRS's configuration files or an ASP.net setting I am unaware of. However, I am extremely inexperienced with web servers and ASP.net, so I have no idea where to look next.

I have the basic forms authentication (username/password) working fine by following the sample.

This is similar to the issue found here: https://forums.asp.net/post/6239941.aspx

Answer 1

User1535942433 posted

Hi TheAfroOfDoom,

As far as I think,you could do:

1.Open RSReportServer.config.

2.Find <Authentication>.

3.Copy the following XML structure:

<Authentication>
      <AuthenticationTypes>
             <Custom />
      </AuthenticationTypes>
      <EnableAuthPersistence>true</EnableAuthPersistence>
</Authentication>

And you need set the following elements in the RSReportServer.config file to pass Custom Authentication Cookies:

<UI>  
   <CustomAuthenticationUI>  
      ...  
      <PassThroughCookies>  
         <PassThroughCookie>cookiename1</PassThroughCookie>  
         <PassThroughCookie>cookiename2</PassThroughCookie>  
      </PassThroughCookies>  
   </CustomAuthenticationUI>  
      ...  
</UI>  

More details,you could refer to below articles:

https://stackoverflow.com/questions/57157807/ssrs-forms-authentication-how-to-pass-cookie-credentials-to-report-server

Configure Custom or Forms Authentication on the Report Server:

https://docs.microsoft.com/en-us/sql/reporting-services/security/configure-custom-or-forms-authentication-on-the-report-server?view=sql-server-ver15

Configure the Web Portal to Pass Custom Authentication Cookies:

https://docs.microsoft.com/en-us/sql/reporting-services/security/configure-the-web-portal-to-pass-custom-authentication-cookies?view=sql-server-ver15

Best regards,

Yijing Sun