how to forward basic authentication challenge to report manager url

Question

(details on the environment in the bottom)

I am trying to build an authentication solution for reporting services.

Online costumers should be authenticated using our existing costumer database, while local administrative users could use a simple, Basic, authentication.

I have made a security extension to SSRS using the codeplex examples and the way I use to issue the basic challenge is as follows

        public void GetUserInfo(out IIdentity userIdentity, out IntPtr userId)
        {
            if (HttpContext.Current != null && HttpContext.Current.User != null)
                userIdentity = HttpContext.Current.User.Identity;
            else
            {
                HttpContext.Current.Response.AddHeader("WWW-Authenticate", "Basic realm=\"ReportServer\"");
                HttpContext.Current.Response.Status = "401 Unauthorized";
                HttpContext.Current.Response.Flush();
                HttpContext.Current.Response.Close();
                userIdentity = new GenericIdentity("not authorized");
            }

            userId = IntPtr.Zero;
        }

That way when a user that haven't passed through the LogonUser method (ie. direct url access, bids report deployment, not the regular user apps) gets challenged with a Basic logon/password response. To support this I made a httpmodule as follows

        void IHttpModule.Init(HttpApplication context)
        {
            context.AuthenticateRequest += CustomAuthenticateRequest;
        }

        void CustomAuthenticateRequest(object sender, EventArgs e)
        {
            var app = sender as HttpApplication;
            if (app == null) return;

            var basicAuth = app.Context.Request.Headers["Authorization"];
            if (!string.IsNullOrEmpty(basicAuth))
            {
                var loginpass =
                    Encoding.Default.GetString(Convert.FromBase64String(basicAuth.Replace("Basic ", ""))).Split(':');
                if (loginpass.Length == 2 && loginpass[0] == adminUser && loginpass[1] == adminPass)
                {
                    app.Context.User = new GenericPrincipal(new GenericIdentity(adminUser), null);
                }
            }
        }

This works fine when accessing /ReportServer URL, I get challenged, enter the hardcoded admin login/pass and get logged on.

The problem is when accessing /Reports I get"System.Net.WebException: The request failed with HTTP status 401: Unauthorized"

I want to know how can I pass the login/pass challenge all the way down to /Reports

I'm running SqlServer 2012 along with Reporting Services 2012

In my web.config I have

    <authentication mode="None" />
    <identity impersonate="false" />, and the entry for the httpmodule

On rssrvpolicy.config the codegroup for my httpmodule is with FullTrust

On rsreportserver.config I have

        <AuthenticationTypes>
            <Custom/>
        </AuthenticationTypes>, and the entry for the security extension

I don't have SSL configured, yet, and the bindings are at their default

Answer 1

Hello Thiago,

Thank you to post your question on TechNet Forum! The information you provided is very detail and it will be very helpful to troubleshoot this issue.

From your description, we conclude that the issue only occurs on the report manager UI, but it works well on the report server site. In order to narrow down, I hope you can answer me the following questions.

• When do you encounter this issue, on accessing the report manager site or on rendering the report?
• Can you post out the error message in the report log file? Therefore, we can see the detail information about this issue.

If you have any questions about this issue, please tell us freely.

Regards,

Edward

---

Edward Zhu

TechNet Community Support

Answer 2

Hi Edward, thanks for taking the interest.

Yes, call directly to the ReportServer web services work as expected, by browser and by web services API.

The problem is solely in the Report Manager URL (/Reports) using the browser (tried both IE 9 and Firefox)

Log below with info on the error

resourceutilities!ReportServer_0-2!cd8!06/27/2012-15:12:53:: i INFO: Reporting Services starting SKU: Enterprise
ui!ReportServer_0-2!cd8!06/27/2012-15:12:53:: i INFO: Software Usage Metrics not enabled for Enterprise edition
ui!ReportManager_0-1!1fb8!06/27/2012-15:12:55:: e ERROR: System.Net.WebException: The request failed with HTTP status 401: Unauthorized.
   at Microsoft.SqlServer.ReportingServices2010.RSConnection2010.SetConnectionProtocol()
   at Microsoft.SqlServer.ReportingServices2010.RSConnection2010.SoapMethodWrapper`1.ExecuteMethod(Boolean setConnectionProtocol)
   at Microsoft.SqlServer.ReportingServices2010.RSConnection2010.SoapMethodWrapper`1.ExecuteMethod()
   at Microsoft.SqlServer.ReportingServices2010.RSConnection2010.ListItemTypes()
   at Microsoft.ReportingServices.UI.Global.SecureAllAPI()
   at Microsoft.ReportingServices.UI.ReportingPage.EnsureHttpsLevel()
   at Microsoft.ReportingServices.UI.ReportingPage.ReportingPage_Init(Object sender, EventArgs args)
   at System.EventHandler.Invoke(Object sender, EventArgs e)
   at System.Web.UI.Control.OnInit(EventArgs e)
   at System.Web.UI.Page.OnInit(EventArgs e)
   at System.Web.UI.Control.InitRecursive(Control namingContainer)
   at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
ui!ReportManager_0-1!1fb8!06/27/2012-15:12:57:: e ERROR: System.Net.WebException: The request failed with HTTP status 401: Unauthorized.
   at Microsoft.SqlServer.ReportingServices2010.RSConnection2010.SetConnectionProtocol()
   at Microsoft.SqlServer.ReportingServices2010.RSConnection2010.SoapMethodWrapper`1.ExecuteMethod(Boolean setConnectionProtocol)
   at Microsoft.SqlServer.ReportingServices2010.RSConnection2010.SoapMethodWrapper`1.ExecuteMethod()
   at Microsoft.SqlServer.ReportingServices2010.RSConnection2010.ListItemTypes()
   at Microsoft.ReportingServices.UI.Global.SecureAllAPI()
   at Microsoft.ReportingServices.UI.GlobalLinks.Control_Init(Object sender, EventArgs args)
ui!ReportManager_0-1!1fb8!06/27/2012-15:12:57:: e ERROR: HTTP status code --> 500
-------Details--------
System.Net.WebException: The request failed with HTTP status 401: Unauthorized.

   at Microsoft.SqlServer.ReportingServices2010.RSConnection2010.SetConnectionProtocol()

   at Microsoft.SqlServer.ReportingServices2010.RSConnection2010.SoapMethodWrapper`1.ExecuteMethod(Boolean setConnectionProtocol)

   at Microsoft.SqlServer.ReportingServices2010.RSConnection2010.SoapMethodWrapper`1.ExecuteMethod()

   at Microsoft.SqlServer.ReportingServices2010.RSConnection2010.ListItemTypes()

   at Microsoft.ReportingServices.UI.Global.SecureAllAPI()

   at Microsoft.ReportingServices.UI.ReportingPage.EnsureHttpsLevel()

   at Microsoft.ReportingServices.UI.ReportingPage.ReportingPage_Init(Object sender, EventArgs args)

   at System.EventHandler.Invoke(Object sender, EventArgs e)

   at System.Web.UI.Control.OnInit(EventArgs e)

   at System.Web.UI.Page.OnInit(EventArgs e)

   at System.Web.UI.Control.InitRecursive(Control namingContainer)

   at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
ui!ReportManager_0-1!1fb8!06/27/2012-15:13:00:: e ERROR: System.Threading.ThreadAbortException: Thread was being aborted.
   at System.Threading.Thread.AbortInternal()
   at System.Threading.Thread.Abort(Object stateInfo)
   at System.Web.HttpResponse.End()
   at Microsoft.ReportingServices.UI.ReportingPage.ShowErrorPage(String errMsg)

From what I can understand, the GET to /Reports URL fails with status 500, because the internal call to /ReportServer fails with status 401. What I expected was the get to /Reports to forward the 401 status and request my login and password and forward it to the web services

Answer 3

Hello Thiago,

Thank you to share us the error message.

I want to double check whether you change the web.config file in ReportManager folder. From the error message, it seems that the authentication error occurs on rendering the UI of the report manager. Please go to the folder, c:\Program Files\Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services\ReportManager\, and find out the web.config file, and apply the following changes.

    <authentication mode="None" />
    <identity impersonate="false" />, and the entry for the httpmodule

Then, try to see whether the issue can be solved. If you have further questions, please let me know.

Regards,

Edward

---

Edward Zhu

TechNet Community Support

Answer 4

Hi Edward, I don't understand, None and false are already the way it is configured now, what should I change to?

Answer 5

Hello Thiago,

Thanks for your response.

Actually, there are two different web.config for reporting service. One is for report manager, and the other is for report server. If you can access the report server, but fail to access the report manager, then it is possible that the web.config in report manager is not configured properly. From the call stack, we found that the main issue focus on the Report Manager UI. Therefore, we need check the web.config in the ReportManager folder. Furthermore, we need apply the settings in rssrvpolicy.config to rsmgrpolicy.config as well.

I hope my explanation is helpful to you. If you have any questions about this issue, please let me know.

Regards,

Edward

---

Edward Zhu

TechNet Community Support

Answer 6

Hi Edward,

I found the correct web.config, didn't know report manager had it's own, but still the problem persists. The authentication challenge doesn't get passed down to Report Manager.

Do I have to make a security extension or a http module for report manager itself?

ui!ReportManager_0-1!1e98!07/02/2012-13:47:11:: e ERROR: System.Net.WebException: The request failed with HTTP status 401: Unauthorized.
   at Microsoft.SqlServer.ReportingServices2010.RSConnection2010.SetConnectionProtocol()
   at Microsoft.SqlServer.ReportingServices2010.RSConnection2010.SoapMethodWrapper`1.ExecuteMethod(Boolean setConnectionProtocol)
   at Microsoft.SqlServer.ReportingServices2010.RSConnection2010.SoapMethodWrapper`1.ExecuteMethod()
   at Microsoft.SqlServer.ReportingServices2010.RSConnection2010.ListItemTypes()
   at Microsoft.ReportingServices.UI.Global.SecureAllAPI()
   at Microsoft.ReportingServices.UI.ReportingPage.EnsureHttpsLevel()
   at Microsoft.ReportingServices.UI.ReportingPage.ReportingPage_Init(Object sender, EventArgs args)
   at System.EventHandler.Invoke(Object sender, EventArgs e)
   at System.Web.UI.Control.OnInit(EventArgs e)
   at System.Web.UI.Page.OnInit(EventArgs e)
   at System.Web.UI.Control.InitRecursive(Control namingContainer)
   at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
ui!ReportManager_0-1!1e98!07/02/2012-13:47:14:: e ERROR: System.Net.WebException: The request failed with HTTP status 401: Unauthorized.
   at Microsoft.SqlServer.ReportingServices2010.RSConnection2010.SetConnectionProtocol()
   at Microsoft.SqlServer.ReportingServices2010.RSConnection2010.SoapMethodWrapper`1.ExecuteMethod(Boolean setConnectionProtocol)
   at Microsoft.SqlServer.ReportingServices2010.RSConnection2010.SoapMethodWrapper`1.ExecuteMethod()
   at Microsoft.SqlServer.ReportingServices2010.RSConnection2010.ListItemTypes()
   at Microsoft.ReportingServices.UI.Global.SecureAllAPI()
   at Microsoft.ReportingServices.UI.GlobalLinks.Control_Init(Object sender, EventArgs args)
ui!ReportManager_0-1!1e98!07/02/2012-13:47:14:: e ERROR: HTTP status code --> 500
-------Details--------
System.Net.WebException: The request failed with HTTP status 401: Unauthorized.

   at Microsoft.SqlServer.ReportingServices2010.RSConnection2010.SetConnectionProtocol()

   at Microsoft.SqlServer.ReportingServices2010.RSConnection2010.SoapMethodWrapper`1.ExecuteMethod(Boolean setConnectionProtocol)

   at Microsoft.SqlServer.ReportingServices2010.RSConnection2010.SoapMethodWrapper`1.ExecuteMethod()

   at Microsoft.SqlServer.ReportingServices2010.RSConnection2010.ListItemTypes()

   at Microsoft.ReportingServices.UI.Global.SecureAllAPI()

   at Microsoft.ReportingServices.UI.ReportingPage.EnsureHttpsLevel()

   at Microsoft.ReportingServices.UI.ReportingPage.ReportingPage_Init(Object sender, EventArgs args)

   at System.EventHandler.Invoke(Object sender, EventArgs e)

   at System.Web.UI.Control.OnInit(EventArgs e)

   at System.Web.UI.Page.OnInit(EventArgs e)

   at System.Web.UI.Control.InitRecursive(Control namingContainer)

   at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
ui!ReportManager_0-1!1e98!07/02/2012-13:47:16:: e ERROR: System.Threading.ThreadAbortException: Thread was being aborted.
   at System.Threading.Thread.AbortInternal()
   at System.Threading.Thread.Abort(Object stateInfo)
   at System.Web.HttpResponse.End()
   at Microsoft.ReportingServices.UI.ReportingPage.ShowErrorPage(String errMsg)

Answer 7

Hi Thiago,

Thanks for your response. I agree on your judgement.

I think we still need to create the codegroup for my httpmodule is with FullTrust on rsmgrpolicy.config file, and see whether the issue can be solved.

If you have any questions about this issue, please let me know.

Regards,

Edward

---

Edward Zhu

TechNet Community Support