[英]SSRS Report Viewer + ASP.NET Credentials 401 Exception
I have a report saved on a SQL2005 reporting server, and I want to return a rendered PDF of this report. 我有一个保存在SQL2005报告服务器上的报告,我想返回此报告的呈现PDF。 I've figured this out when working with a local *.rdlc file ( and I've blogged about it ), but not when the *.rdl resides on a reporting server.
我在使用本地* .rdlc文件时已经想到了这一点( 我已经在博客上发表过这篇文章 ),但是当* .rdl驻留在报表服务器上时却没有。 I am getting a 401 Not Authorized error at the line...
我在线上收到401 Not Notized错误...
reportViewer.ServerReport.SetParameters(reportDefinition.ReportParameters);
Here's the method used to render the report. 这是用于呈现报告的方法。
public byte[] Render(IReportDefinition reportDefinition)
{
var reportViewer = new ReportViewer();
byte[] renderedReport;
try
{
var credentials = new WindowsImpersonationCredentials();
reportViewer.ServerReport.ReportServerUrl = new Uri("http://myssrsbox", UrlKind.Absolute);
reportViewer.ServerReport.ReportServerCredentials = credentials;
reportViewer.ServerReport.ReportPath = reportDefinition.Path;
// Exception is thrown on the following line...
reportViewer.ServerReport.SetParameters(reportDefinition.ReportParameters);
string mimeType;
string encoding;
string filenameExtension;
string[] streams;
Warning[] warnings;
renderedReport = reportViewer.ServerReport.Render(reportDefinition.OutputType, reportDefinition.DeviceInfo, out mimeType, out encoding, out filenameExtension, out streams, out warnings);
}
catch (Exception ex)
{
// log the error...
throw;
}
finally
{
reportViewer.Dispose();
}
return renderedReport;
}
The other thing that you're missing is the WindowsImpersonationCredentials class. 您缺少的另一件事是WindowsImpersonationCredentials类。
public class WindowsImpersonationCredentials : IReportServerCredentials
{
public bool GetFormsCredentials(out Cookie authCookie, out string userName, out string password, out string authority)
{
authCookie = null;
userName = password = authority = null;
return false;
}
public WindowsIdentity ImpersonationUser
{
get { return WindowsIdentity.GetCurrent(); }
}
public ICredentials NetworkCredentials
{
get { return null; }
}
public override string ToString()
{
return String.Format("WindowsIdentity: {0} ({1})", this.ImpersonationUser.Name, this.ImpersonationUser.User.Value);
}
}
Other things you may need to know... 您可能需要了解的其他事项......
http://localhost:devport
), and it does work when running on my development box ( http://localhost/myApplication
). http://localhost:devport
)在我的开发机器上运行(时,和它的工作 http://localhost/myApplication
)。 It does not work when running on our test or production servers. What am I doing wrong? 我究竟做错了什么? Is it a server setting?
它是服务器设置吗? Is it code?
是代码吗? Is it web.config?
是web.config吗?
We did finally figure out the problem. 我们终于弄明白了这个问题。 Our network administrators have disabled double-hopping, so while the impersonation was correctly connecting as
domain\\jmeyer
, the application was still attempting to connect to the SRS box with domain\\web01$
. 我们的网络管理员已禁用双跳,因此当模拟正确连接为
domain\\jmeyer
,应用程序仍尝试使用domain\\web01$
连接到SRS框。 Why is it set up like this? 为什么这样设置? Because double-hopping is a massive security hole.
因为双跳是一个巨大的安全漏洞。 (Or so I was told. Does this sound like something you would read on The Daily WTF ?)
(或者有人告诉我。这听起来像是你会在每日WTF上看到的吗?)
Our solution was to create a generic domain\\ssrs_report_services
user, and connect with that user with the following network credentials 我们的解决方案是创建一个通用
domain\\ssrs_report_services
用户,并使用以下网络凭据与该用户建立连接
public class CustomCredentials : IReportServerCredentials
{
public bool GetFormsCredentials(out Cookie authCookie, out string userName, out string password, out string authority)
{
authCookie = null;
userName = password = authority = null;
return false;
}
public WindowsIdentity ImpersonationUser
{
get { return null; }
}
public ICredentials NetworkCredentials
{
get { return new NetworkCredential("ssrs_report_services", "password", "domain") ; }
}
}
The above is the classic example solution that you can find all over the internets. 以上是您可以在整个互联网上找到的经典示例解决方案。
允许“双跳” - 开始Kerberos身份验证......(只要它正常工作!)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.