I need to set up the security on the Reporting Services such that user can
view the reports ONLY through a ReportViewer control on a asp.net web page
ie not allow to navigate all other folders or areas in the Report Manager.
Reporting services is installed on a stand alone server (not belong to any
domain, no AD set up) running on Windows 2003 server. Currently I configured
the "Report Manager" and "ReportServer" web site to allow annonyous access.
However some users know how to bypass the web application and directly enter
the IP address/reports of the stand alone server to view all the reports.
The asp.net page has built-in security to filter out the reports listed on
the page based on the user login and password. This web application is also
hosted at the stand alone server and is connected to a remote Sql server.
The web application is using the sql security.I have a similar problem and cannot find a solution provided by Microsoft.
However, I decidee to solve it by a trick. I develop an ASP.net web
application and the application have some report printing function. Whenever
a report is printed, a random key will be inserted into a database table
like this:
Key User
KE#n-asdfjk-ad33klj-kasjd WBush
The key and user are also passed in the query string. When the report is
run, the key and user will be checked again in the stored procedure to
verify that this user can print this report.
I am not sure whether this is a good solution, but I think that's what we
can do before Microsoft can provide a better solution.
"Paul" <paul_mak@.hotmail.com> wrote in message
news:eWZLuvhdGHA.2456@.TK2MSFTNGP04.phx.gbl...
> I need to set up the security on the Reporting Services such that user can
> view the reports ONLY through a ReportViewer control on a asp.net web page
> ie not allow to navigate all other folders or areas in the Report Manager.
> Reporting services is installed on a stand alone server (not belong to any
> domain, no AD set up) running on Windows 2003 server. Currently I
configured
> the "Report Manager" and "ReportServer" web site to allow annonyous
access.
> However some users know how to bypass the web application and directly
enter
> the IP address/reports of the stand alone server to view all the reports.
> The asp.net page has built-in security to filter out the reports listed on
> the page based on the user login and password. This web application is
also
> hosted at the stand alone server and is connected to a remote Sql server.
> The web application is using the sql security.
>|||Hi Paul.
The only way I know of is to have your web site's app pool use an identity
that is the only identity that is allowed to hit the reports.
For example, you might set up a service account called "WebApp1SvcAcct".
give that account and administrators group privileges in reporting services,
but not the rest of your users. This might be only half the solution. It's
been a while since we've had to deal with this.
-Tim
"Paul" <paul_mak@.hotmail.com> wrote in message
news:eWZLuvhdGHA.2456@.TK2MSFTNGP04.phx.gbl...
>I need to set up the security on the Reporting Services such that user can
>view the reports ONLY through a ReportViewer control on a asp.net web page
>ie not allow to navigate all other folders or areas in the Report Manager.
>Reporting services is installed on a stand alone server (not belong to any
>domain, no AD set up) running on Windows 2003 server. Currently I
>configured the "Report Manager" and "ReportServer" web site to allow
>annonyous access. However some users know how to bypass the web application
>and directly enter the IP address/reports of the stand alone server to view
>all the reports. The asp.net page has built-in security to filter out the
>reports listed on the page based on the user login and password. This web
>application is also hosted at the stand alone server and is connected to a
>remote Sql server. The web application is using the sql security.
>
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment