SSRS 2016 and custom authentication

Question

I've configured my SQL Server 2016 reporting server to use custom (forms-based) authentication. I am able to log in, view and run paginated reports without any problems. However, when I view the properties of a dataset in the report web portal, the dreaded "An error has occurred / Something went wrong. Please try again" message appears, and an error is logged in the SSRS log file.



There is a rather long exception and stack trace in the Microsoft.ReportingServices.Portal.WebHost log file:

Microsoft.ReportingServices.Portal.WebHost!reportserverwebapp!19!01/16/2017-14:16:12:: e ERROR: [999zng82]: OData exception occurred: System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.Resources.MissingManifestResourceException: Could not find any resources appropriate for the specified culture or the neutral culture.  Make sure "Microsoft.SqlServer.ReportingServices.SoapExceptionStrings.resources" was correctly embedded or linked into assembly "Microsoft.ReportingServices.Portal.Services" at compile time, or that all the satellite assemblies required are loadable and fully signed.
   at System.Resources.ManifestBasedResourceGroveler.HandleResourceStreamMissing(String fileName)
   at System.Resources.ManifestBasedResourceGroveler.GrovelForResourceSet(CultureInfo culture, Dictionary`2 localResourceSets, Boolean tryParents, Boolean createIfNotExists, StackCrawlMark& stackMark)
   at System.Resources.ResourceManager.InternalGetResourceSet(CultureInfo requestedCulture, Boolean createIfNotExists, Boolean tryParents, StackCrawlMark& stackMark)
   at System.Resources.ResourceManager.InternalGetResourceSet(CultureInfo culture, Boolean createIfNotExists, Boolean tryParents)
   at System.Resources.ResourceManager.GetString(String name, CultureInfo culture)
   at Microsoft.SqlServer.ReportingServices.SoapExceptionStrings.Keys.GetString(String key)
   at Microsoft.SqlServer.ReportingServices.SoapExceptionStrings.get_MissingEndpoint()
   at Microsoft.SqlServer.ReportingServices2010.RSConnection2010.MissingEndpointException..ctor(Exception inner)
   at Microsoft.SqlServer.ReportingServices2010.RSConnection2010.SoapMethodWrapper`1.ExecuteMethod(Boolean setConnectionProtocol)
   at Microsoft.SqlServer.ReportingServices2010.RSConnection2010.SoapMethodWrapper`1.ExecuteMethod()
   at Microsoft.SqlServer.ReportingServices2010.RSConnection2010.GetItemParameters(String itemPath, String historyId, Boolean forRendering, ParameterValue[] values, DataSourceCredentials[] credentials)
   at Microsoft.ReportingServices.Portal.Services.SoapProxy.SoapRS2010Proxy.<>c__DisplayClassa.<GetItemParameters>b__9()
   at Microsoft.ReportingServices.Portal.Services.SoapProxy.SoapAuthenticationHelper.ExecuteWithCustomAuth[TReturn](SoapHttpClientProtocol soapClient, IPrincipal userPrincipal, Func`1 func)
   at Microsoft.ReportingServices.Portal.Services.SoapProxy.SoapAuthenticationHelper.ExecuteWithCorrespondingAuthMechanism[TReturn](SoapHttpClientProtocol soapClient, IPrincipal userPrincipal, Func`1 func)
   at Microsoft.ReportingServices.Portal.Services.SoapProxy.SoapRS2010Proxy.GetItemParameters(IPrincipal userPrincipal, String itemPath, String historyId, Boolean forRendering, ParameterValue[] values, DataSourceCredentials[] credentials)
   at Microsoft.ReportingServices.Portal.Repositories.CatalogItemRepository.GetReportParameterDefinitions(IPrincipal userPrincipal, String reportpath)
   at Model.DataSetRepository.LoadParameterDefinitions()
   at Model.DataSet.get_ParameterDefinitions()
   at lambda_method(Closure , DataSetRepository )
   --- End of inner exception stack trace ---
   at System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor)
   at System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(Object obj, Object[] parameters, Object[] arguments)
   at System.Delegate.DynamicInvokeImpl(Object[] args)
   at System.Web.OData.Query.Expressions.SelectExpandBinder.Bind(Object entity)
   at System.Web.OData.Query.SelectExpandQueryOption.ApplyTo(Object entity, ODataQuerySettings settings, IAssembliesResolver assembliesResolver)
   at System.Web.OData.Query.ODataQueryOptions.ApplySelectExpand[T](T entity, ODataQuerySettings querySettings)
   at System.Web.OData.Query.ODataQueryOptions.ApplyTo(Object entity, ODataQuerySettings querySettings)
   at System.Web.OData.EnableQueryAttribute.ExecuteQuery(Object response, HttpRequestMessage request, HttpActionDescriptor actionDescriptor)
   at System.Web.OData.EnableQueryAttribute.OnActionExecuted(HttpActionExecutedContext actionExecutedContext)
   at System.Web.Http.Filters.ActionFilterAttribute.OnActionExecutedAsync(HttpActionExecutedContext actionExecutedContext, CancellationToken cancellationToken)
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Web.Http.Filters.ActionFilterAttribute.<CallOnActionExecutedAsync>d__5.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Web.Http.Filters.ActionFilterAttribute.<ExecuteActionFilterAsyncCore>d__0.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Web.Http.Controllers.ActionFilterResult.<ExecuteAsync>d__2.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Web.Http.Controllers.ExceptionFilterResult.<ExecuteAsync>d__0.MoveNext().
Microsoft.ReportingServices.Portal.WebHost!reportserverwebapp!19!01/16/2017-14:16:12:: i INFO: [999zng82]: fe80::78f9:4740:3f83:410d%15: GET /api/v1.0/CatalogItemByPath%28path%3D%40path%29 - Response 500 - 0:00:06.1429265

I found a similar note on this thread, with advice to enable full control permissions on the folder C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files. However, after making these changes, the error recurred.

Anyone else have similar experience?

---

Gregory Block, PhD, MBA

Answer 1

Hi Gregory,

From your description, first, please make sure the user has permission to access the dataset.

And based on the error message "Could not find any resources appropriate for the specified culture or the neutral culture...", please try to add include the default namespace/folder when you reference the resource.

Reference: Could not find any resources appropriate for the specified culture

If none of them work, please let me know.

Best Regards,

Pirlo Zhang

---

MSDN Community Support
Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

Answer 2

Pirlo, I appreciate that you took the time to submit a reply. Unfortunately, your points and questions have nothing to do with the issues and exception I raised.

As I mentioned, I created and uploaded the dataset myself using report builder, so (needless to say) I have permission to view or execute the dataset. When I view the Security tab I see that I have all rights (BrowserAlso, the exception text pertaining to "Could not find any resources appropriate for the specified culture" is generated by the SSRS web portal when it throws the exception. It is not my code. The web portal is trying to load the data for the dataset, and then throws an exception, which get stored in the web portal log file.

Finally, this fails when using custom authentication, so I am hoping that someone with experience using custom authentication in SSRS 2016 could provide their experiences.

---

Gregory Block, PhD, MBA

Answer 3

In order to minimize any installation side-effects, I started over with a brand new SSRS 2016 instance.

I deployed my custom authentication extension as per the instructions found here:

http://msftrsprodsamples.codeplex.com/wikipage?title=SS2012%21Security%20Extension%20Sample&referringTitle=Home

I log in via the custom logon page, and am redirected to browse the SSRS 2016 report portal.

Using the report portal, I can create a dataset (via the ReportBuilder tool) and save the dataset to the Home folder. I can set security on the folder and dataset to allow me to have Content Manager permissions. I can also create a paginated report (again, via the ReportBuilder tool) that accesses the data set. I can save the report to the Home folder and run it. The report loads the dataset w/o any problems and executes w/o errors.

I can view all the properties of the dataset, including data sources, dependent items, caching and security.

However, when I click on "Data Preview" and then the "Load data" button, I see the following message:

The Microsoft.ReportingServices.Portal.WebHost_*.log file in the LogFiles folder has the following exception:

Microsoft.ReportingServices.Portal.WebHost!reportserverwebapp!11!01/17/2017-12:08:04:: e ERROR: [0vnpbb5w]: There was a problem getting data from the Report Server Web Service: Could not find any resources appropriate for the specified culture or the neutral culture.  Make sure "Microsoft.SqlServer.ReportingServices.SoapExceptionStrings.resources" was correctly embedded or linked into assembly "Microsoft.ReportingServices.Portal.Services" at compile time, or that all the satellite assemblies required are loadable and fully signed.
Microsoft.ReportingServices.Portal.WebHost!reportserverwebapp!11!01/17/2017-12:08:04:: i INFO: [0vnpbb5w]: fe80::78f9:4740:3f83:410d%15: GET /api/v1.0/catalogitems%28352fed94-f261-42e8-b830-2cd7c0d37071%29/Model.DataSet/Model.GetTable%28maxRows%3D15%29 - Response 422 - 0:00:06.423644

There are no errors in the ReportServerService_*.log file.

In conclusion, the error occurs when using custom authentication and trying to load data using the report portal for a dataset that the user has full permissions to execute. The error occurs in the portal, not in the custom security extension.

Thanks!

---

Gregory Block, PhD, MBA

Answer 4

I submitted this as a bug on MS Connect.  Two bugs, actually;

• Cannot load mobile dashboard in report portal with custom security extensions for report services 2016
• Cannot load dataset data in report portal with custom security extensions for report services 2016

So, has anyone gotten SSRS 2016 mobile reports to work when using custom authentication? If so, please post your experiences!

---

Gregory Block, PhD, MBA

Answer 5

Hi Gregory,

To clarify, is this only in the portal or when you try to pull data from Mobile Report Publisher you are hitting the same issue?

Thanks

-Boreki

---

Boreki[MSFT] - SQL Server Reporting Services

Answer 6

Hi, Boreki! Thanks for looking into this issue.

To confirm, it is only when I am in the report portal and try to load the data from a dataset (under the Manage | Data Preview | Load Data setting) or when I try to load a mobile report in the portal that is linked to the dataset.

It stands to reason that if I am unable to load data from the dataset in the report portal using Manage | Data Preview | Load Data, that the mobile report linked to the same dataset would also fail.

The funny thing is that I can launch a paginated report that is linked to the dataset, and it loads data without any problem. I assume the paginated report is directly pulling the data from the dataset using the Reporting Service process, while the report portal and the mobile report is pulling the data from the dataset indirectly through the web portal, which is then pulling the data from the Reporting Services process.

I can configure the same instance to use Windows authentication, and the dataset and mobile report loads in the report portal without any issues, so I strongly suspect the issue relates to the report portal and custom authentication.

Thanks again!

---

Gregory Block, PhD, MBA

Answer 7

I am having this same issue.

I purchased the 2016 Enterprise Edition, to take advantage of the KPIs.  That is when I noticed the issue

1. New KPI
2. Value: DataSet Field
3. Pick Dataset: select one I know works in the Paginated Reports.
4. Get the error: An error has occurred.  The data set could not be processed.  There was a problem getting data from the Report Server Web Service.
5. 
   

Playing around with the the SSRS configuration, I noticed if 

I opened  Reporting Services Configuration Manager, and changed the Web Service URL, and add the HTTP feature in addition to HTTPS, then I am able to access DataSets.

Of course, we DON'T WANT to leave it that way so I took it off.

Additional Issues, possible related :

Remoted into the server as Administrator, open web browser, type in the

https://<URL>/Reports 

address, cannot access the page.

can only access it from 

http://<IPAddress>/Reports 

Answer 8

Elainna, thanks for the extra background details.

Did you happen to notice what was written to the reporting service/web portal log files at the time you received the error?

---

Gregory Block, PhD, MBA

Answer 9

Hi Gregory Block,

After I implemented SSRS 2016 forms authentication, unfortunately I reproduced the issue. As you mentioned, when clicking load data, SSRS will throw an error:

But I can still create a paginated report with the shared dataset and worked fine.

I'm agreeing with you that the issue may caused by the SSRS 2016 forms authentication. And thanks for submitting the suggestions to Microsoft. If the suggestion mentioned by customers for many times, the product team may consider to improve it in the later SQL Server version. Your feedback is valuable for us to improve our products and increase the level of service provided.

Thanks,

Pirlo Zhang

---

MSDN Community Support
Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

Answer 10

Pirlo, thanks for taking the time to read my post and reproduce my setup so you could verify the error does indeed occur as stated.

However, this is not sufficient to resolve the issue. I'd like to know:

• What is causing the problem? Is it caused by configuration, security, or some other setting?
• Is there a workaround or fix?
• If there is a fix, what is the roadmap/timeline for the fix?

As you point out, MS documentation indicates that SSRS 2016 supports custom authentication, but obviously it does not if there is lack of support for mobile reports.

BTW I also posted an issue here:

https://github.com/Microsoft/Reporting-Services/issues/13

Thanks again!

---

Gregory Block, PhD, MBA

Answer 11

Hi Gregory,

The two configurations that would affect previewing data are the authentication keys and the passthrough cookies, please ensure that these two are correctly configured in your environment, I have an environment where this is working correctly.

The github documentation talks about these two steps:

https://github.com/Microsoft/Reporting-Services/blob/master/CustomSecuritySample/README.md

These two settings being correct, can you try previewing data with an admin user (not only permissions in the item, but in the root and System Administrator (or equivalent) Role.

Just a clarification on the support for custom athentication I want to clarify that the Mobile Apps do not yet support custom authentication, only NTLM and Basic, but publishing and viewing mobile reports through the browser is supported.

Thanks

Boreki

---

Boreki[MSFT] - SQL Server Reporting Services

Answer 12

Boreki, that is indeed excellent news. So you can view the mobile reports in a browser when custom authentication is configured?

I checked my passthru settings, and they are as follows:

rsreportserver.config:

    <CustomAuthenticationUI>
      <loginUrl>/Pages/UILogon.aspx</loginUrl>
      <UseSSL>False</UseSSL>
      <PassThroughCookies>
        <PassThroughCookie>sqlAuthCookie</PassThroughCookie>
      </PassThroughCookies>
    </CustomAuthenticationUI>

web.config:

    <authentication mode="Forms">
      <forms loginUrl="Logon.aspx" name="sqlAuthCookie" timeout="60"
      path="/"></forms>
    </authentication>
    <authorization>
      <deny users="?" />
    </authorization>

    <identity impersonate="false" />

Do I need to set any other passhthru cookie values? Do I need to set the "sqlAuthCookie" in any other configuration files?

Also, when you mention "authentication keys" I don't know what you are referring to. "Authentication key" does not appear anywhere in the article you referenced.

Maybe you could post your configuration files?

Thanks again for your diligent work!

Greg

---

Gregory Block, PhD, MBA

Answer 13

Sorry, I meant the Machine keys, Step 4 in the link below:

https://github.com/Microsoft/Reporting-Services/blob/master/CustomSecuritySample/README.md

This is needed to allow decryption across the two processes.

---

Boreki[MSFT] - SQL Server Reporting Services

Answer 14

Boreki, both the ReportServer\web.config and the RSWebApp\Microsoft.ReportingServices.Portal.WebHost.exe.config files have matching machineKey settings under system.web.

<machineKey 
validation="AES" 
decryption="AES" 
validationKey="(actual validation key)" 
decryptionKey="(actual decryption key)" 
/>

So I believe my configuration files are properly configured. If not, I would not have been able to log into the site to view the paginated reports, either!

Again, it would be really helpful if you could post your setup, including your configuration files, for me to compare against.

By the way, one further complication - I am developing on my Windows 10 desktop. Are you developing against SSRS on a Windows Server 20XX platform? If so, I wonder what role the OS plays here...

You have been very helpful!

Greg

---

Gregory Block, PhD, MBA

Answer 15

Gregory,

My files are shared below. They are using the same sample released in the github repo above.

https://1drv.ms/u/s!Al8qyOves9ELgVE00ZXFkpmITy4O

Thanks

-Boreki

---

Boreki[MSFT] - SQL Server Reporting Services

Answer 16

Thanks, everyone, for all your hard work and responsiveness. I believe I've identified the cause of the problem.

After reviewing Boreki's configuration files, I determined that mine were identical. I suspected that it was my environment that may be he problem. I was deploying the configuration changes to an SSRS instance running on my Windows 10 desktop.

Instead, I deployed the configuration changes to a Windows Server 2012 instance. I had to change the service account and reboot, but after those steps, the configuration worked as expected.

Sorry for the red herring!

Moral of the story - stick to a server platform when testing this configuration.

---

Gregory Block, PhD, MBA

Answer 17

Hi Gregory,

If your issue is solved please mark the appropriate answer as Mark as answer. This will help other members to find a solution if they face the same issue.

Thanks for your understanding and support.

If you still have any questions, please feel free to ask.

Best Regards,

Pirlo Zhang

---

MSDN Community Support
Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

Answer 18

Hi Pirlo,

I am experiencing the same issue as Greg went through. We are implementing Forms (Custom) Authentication to change the domain of user login. Mobile reports are not loaded. Do you have any suggestion / fix for this issue?

Thanks

Sriram. S

Answer 19

Just found workaround for this issue:

First, except for the OData exception error, we found that we have another error at ReportServerService__%timestamp%.log:

"e ERROR: Throwing Microsoft.ReportingServices.Diagnostics.Utilities.AuthenticationExtensionException: , Microsoft.ReportingServices.Diagnostics.Utilities.AuthenticationExtensionException: Модуль проверки подлинности создал непредвиденное исключение или вернул недопустимое значение: identity==null.;"

the issue was that we are using couple of cookies for our auth extension, and the only one was in the configuration file, as soon as all the cookies were stated in rsreportserver.config as follows:

<UI>
<CustomAuthenticationUI>
<PassThroughCookies>
<PassThroughCookie>cookie1</PassThroughCookie>
<PassThroughCookie>cookie2</PassThroughCookie>
</PassThroughCookies>
</CustomAuthenticationUI>
</UI>

the error was solved.

In other words - you can create a custom log dump for ur custom auth and look if both portal and reportserver can auth you with ur authenticationextension. Hope this helps someone