locked
Client Certificate Custom Authentication RRS feed

  • Question

  • User2053348377 posted

    I'm running into an issue when trying to implement custom authentication using client certificates, with the sample forms authentication setup from https://github.com/Microsoft/Reporting-Services/tree/master/CustomSecuritySample as a base. Specifically, I am trying to access CERT_SUBJECT in logon.aspx, but I have tried multiple methods to access it and they all return an empty value:

    • Request.ClientCertificate.Subject
    • Context.Request.ServerVariables["CERT_SUBJECT"]
    • Request.ServerVariables["CERT_SUBJECT"]

    I have an IIS server that requires certificates which redirects the reports and reportserver path to the proper SSRS URL (localhost/reports and localhost/reportserver) using URL rewrite. I have also configured the rewrite rules to passthrough CERT_SUBJECT, and I can confirm that the server variable being is passed through correctly by forcing the rule to redirect to the raw variable {C:0}, which does indeed display the cert subject in the address bar.

    reports/web.config:

    <rules>
        <rule name="ReverseProxyInboundRule1" enabled="true" stopProcessing="true">
            <match url="(.*)" />
            <action type="Rewrite" url="http://localhost:8080/reports/{R:0}" appendQueryString="true" />
            <conditions trackAllCaptures="true">
                <add input="{CERT_SUBJECT}" pattern="(.*)" />
            </conditions>
            <serverVariables>
                <set name="CERT_SUBJECT" value="{C:0}" />
            </serverVariables>
        </rule>
    </rules>

    reportserver/web.config:

    <rules>
        <rule name="ReverseProxyInboundRule1" enabled="true" stopProcessing="true">
            <match url="(.*)" />
            <action type="Rewrite" url="http://localhost:8080/reportserver/{R:0}" appendQueryString="true" logRewrittenUrl="false" />
            <conditions trackAllCaptures="true">
                <add input="{CERT_SUBJECT}" pattern="(.*)" />
            </conditions>
            <serverVariables>
                <set name="CERT_SUBJECT" value="{C:0}" />
            </serverVariables>
        </rule>
    </rules>

    So I have limited the problem to something related to SSRS's configuration files or an ASP.net setting I am unaware of. However, I am extremely inexperienced with web servers and ASP.net, so I have no idea where to look next.

    I have the basic forms authentication (username/password) working fine by following the sample.

    This is similar to the issue found here: https://forums.asp.net/post/6239941.aspx

    Saturday, September 5, 2020 8:01 PM

All replies