URL Rewrite of virtual directory to retrieve SSRS report
Question
Has anyone ever used reverse proxy through a URL rewrite established within a virtual directory within an IIS 7.5 ASP.NET application to retrieve an SSRS report from another server?
The SSRS report can be viewed from the web server using a web browser by browsing to the URL of the report so there is no problem with accessibility. The SSRS report does prompt for credentials so this may be a problem, but I am wondering why the credential request would not be a part of the HTTP request being sent back to the browser.
The URL rewrite config located in the "ssrs" virtual directory looks like this:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<outboundRules>
<rule name="ReverseProxyOutboundRule1" preCondition="ResponseIsHtml1">
<match filterByTags="A, Form, Img" pattern="^http(s)?://http://123.45.678.194/(.*)" />
<action type="Rewrite" value="http{R:1}://website.address.com/{R:2}" />
</rule>
<preConditions>
<preCondition name="ResponseIsHtml1">
<add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/html" />
</preCondition>
</preConditions>
</outboundRules>
<rules>
<rule name="ReverseProxyInboundRule1" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{CACHE_URL}" pattern="^(https?)://" />
</conditions>
<action type="Rewrite" url="{C:1}://http://123.45.678.194/{R:1}" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>
The error I receive when I browser to https://website.address.com/ssrs/Reports/Pages/Report.aspx?ItemPath=%2fSSRSReport is 502 - Web server received an invalid response while acting as a gateway or proxy server.
There is a problem with the page you are looking for, and it cannot be displayed. When the Web server (while acting as a gateway or proxy) contacted the upstream content server, it received an invalid response from the content server.
I appreciate any help that can be given.
1 answers
solution1
0 2013-09-17 21:59:13
I think you are overthinking this is my guess.
There are three parts to SSRS where security is concerned in getting a report to a 'viewer' object in code or on a rest URI with having credentials supplied.
- The Server that hosts SSRS. Can you get to that with the CREDENTIALS specified from the machine calling it?
- The Report runs a 'Data Source' that either needs credentials or has them specfied. If you are wanting to remote execute a report it is my understanding you will be prompted in the viewer object for these if not supplied. The easiest way to fix this is set the connection string for the data source to use supplied credentials when you set up the report. Not when you call it. I cannot remember but I believe that in remote mode the code will generate the report but you still need to authenticate to the report to get the data from it.
- The report has security access on it's domain it is running to under different levels and those levels inherit above or are explicit. If you can get to the URL than whatever machine you are on has access and you could hard code that into code to get the report.
Would it be easier to just call the report server in a 'ReportViewer' object in ASP.NET instead in your site at address A? Instead of trying a redirect? My guess is the credential account on the server that is redirecting is not authorized to run reports on the SSRS server and/or is not an adminster of that SSRS site either. I would just set up a remote mode in code behind for a report viewer object for what it is worth. This way you are not redirecting sites but merely taking an object reference to another site and implanting it in a first site. This is less parts to mess up IMHO as well as your dependencies are not as tied. I do this in WPF but I have heard it is very similar for ASP.NET. See this thread for more info: How to implement user impersonation in reporting services?
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.