Compartilhar via

Sharing Forms Authentication cookies in SQL Reporting Services

  • Artigo

It’s not uncommon for someone to want to integrate their pre-existing ASP.net app (which utilizes Forms Authentication) with Reporting Services. When doing so, we don’t want to force users to logon twice, however – The goal is to have the Forms auth cookie generated by your app work against SSRS, too.

Here’s a quick walkthrough you can use to get handy with this scenario…It will probably take you about 60 minutes to get it all set up the first time round…

  1. Create a simple web app which utilizes forms auth. Use the following KB which gives you lots of easy cut & paste code (I’ll call this app FormsApp from now on):

 

https://support.microsoft.com/kb/301240

 

  1. Setup the SSRS Forms Authentication Sample, using this link (we’ll call this sucker SSRSSamp):

https://msdn.microsoft.com/en-us/library/aa902691.aspx

WARNING! Both of these samples create a “Users” table on SQL Server, and the schema of each table is different…Make sure you create these tables in different databases or rename “Users” to “Users2” in one the scripts that you run.

  1. Make sure both applications work independently of each other, and that you’ve added a user / password to SSRSSamp that has permissions on Reporting Services per the loooong instructions in step 2.

  2. Take the username / password you added in step 3, and manually add it to the FormsApp.Users table with an INSERT statement (you’ve already added User1, User2, and User3…go ahead and add “your” user too):

INSERT INTO FormsApp.Users values('YourUser','YourPW','Admin')

  1. Modify the FormsApp by adding a command button to the default.aspx form. Add code to the button’s click event so that it does a response.redirect to your report server ala:

Response.Redirect(https://MyServer/Reports);

  1. Now, we have to make some changes to the web.config files of each application to get this all working. Read about what we’re about to do here:

https://msdn.microsoft.com/en-us/library/eb0zx8fc.aspx

  1. Open the web.config for the FormsApp, and add the following stuff inside the <system.web> element (you’ll see I’ve pretty much copied this directly from the article in step 6:)

WARNING! Backup web.config whenever we modify it, OK?

<machineKey validationKey= "C50B3C89CB21F4F1422FF158A5B42D0E8DB8CB5CDA1742572A487D9401E3400267682B202B746511891C1BAF47F8D25C07F6C39A104696DB51F17C529AD3CABE"

decryptionKey= "8A9BE8FD67AF6979E7D20198CFEA50DD3D3799C77AF2B72F" validation="SHA1"/>

The “most important” parts (for this exercise, anyway) will end up looking like this:

<authentication mode="Forms">

   <forms name=".ASPXFORMSDEMO" loginUrl="logon.aspx"

   protection="All" path="/" timeout="60" />

</authentication>

<authorization>

   <deny users ="?" />

   <allow users = "*" />

</authorization>

<machineKey validationKey= "C50B3C89CB21F4F1422FF158A5B42D0E8DB8CB5CDA1742572A487D9401E3400267682B202B746511891C1BAF47F8D25C07F6C39A104696DB51F17C529AD3CABE"

decryptionKey= "8A9BE8FD67AF6979E7D20198CFEA50DD3D3799C77AF2B72F" validation="SHA1"/>

  1. Now, it’s time to modify web.config found in the C:\Program Files\Microsoft SQL Server\MSSQL\Reporting Services\ReportServer folder…crack it open (and back it up)!

  2. Here’s what the “important” bits should look like. Note that everything in the <authentication> and <machineKey> elements exactly match what we have in the FormsApp web.config file…we’re following the instructions in the MDSN article from step 6. Yay MSDN!:

<authentication mode="Forms">

   <forms loginUrl="logon.aspx" name=".ASPXFORMSDEMO"

   protection="All" timeout="60" path="/"></forms>

</authentication>

<authorization>

   <allow users = "*" />

</authorization>

<machineKey validationKey= "C50B3C89CB21F4F1422FF158A5B42D0E8DB8CB5CDA1742572A487D9401E3400267682B202B746511891C1BAF47F8D25C07F6C39A104696DB51F17C529AD3CABE"

decryptionKey= "8A9BE8FD67AF6979E7D20198CFEA50DD3D3799C77AF2B72F" validation="SHA1"/>

Save your changes, and you’re done. I would go ahead and test each app on its own to make sure they still work, then open up FormsApp, logon, and click your command button – You should land right inside Report Manager.

Comments

  • Anonymous
    September 22, 2005
    The link to the simple web app (FormsApp) is not working. Could you please correct that? Thanks.
  • Anonymous
    September 23, 2005
    Hey Kirti -- I just tried the link again (http://support.microsoft.com/default.aspx?scid=kb;en-us;301240#XSLTH3124121122120121120120) and it is working fine for me. However, I could also find the sample by searching on the keywords "Implement Forms-Based Authentication
    " on support.microsoft.com. Hope this helps!
  • Anonymous
    September 24, 2005
    Thanks! This link works great! I think the original link would also have worked had I just copied and pasted it in the IE. Lazy me!
  • Anonymous
    September 24, 2005
    Russell,

    OK..Both the apps are working fine independently. However, after authenticating in FormsApp, when I click the command button to launch Report Manager, I am again getting prompted by the Report Manager for login. I made sure that the authentication and machinekey section of the two web.configs are identical. Any suggestions on what to look for? Thanks.

    Kirti
  • Anonymous
    September 25, 2005
    I know now what the problem was...When I launch the FormsApp in debug mode (F5), it used localhost for the website address and this does not work well with the Reporting Services authentication. Once I replace localhost with the server name in the browser, it all works fine. So, please disregard my previous message. Thanks for a great post!
  • Anonymous
    September 26, 2005
    Yes..the first time I worked with this sample,I wasted 2 hours of my life figuring out the same thing..I should have remembered to post that..must have repressed it!
  • Anonymous
    September 27, 2005
    The comment has been removed
  • Anonymous
    October 02, 2005
    The comment has been removed
  • Anonymous
    December 02, 2005
    Thanks for a great post.
    In mine case application server and report server are on difrent machines (having diffrent IPs). can cookies be shared between them. Any help is greatly appreciated.

    jainabhishek8@rediffmail.com
  • Anonymous
    December 02, 2005
    I think so... The topic http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/html/cpconformsauthenticationacrossapplications.asp says "ASP.NET supports forms authentication in a distributed environment, either across applications on a single server or in a Web farm", so to me, that means you're in good shape.
  • Anonymous
    February 27, 2006
    Is there a way to share cookies across servers with different  IPs?   I can get it working on my local machine, where both the SQL RS and application is on the same machine.  However, when i try it on production, where SQLRS and webserver are on different machines, i get a The permissions granted to user '' are insufficient for performing this operation error.  Any ideas?
  • Anonymous
    March 01, 2006
    The comment has been removed
  • Anonymous
    November 13, 2006
    Great post, along with all your other SSRS musings - they're an invaluable source for me :)I am having problems getting this to work with SSRS 2005 and ASP.NET 2005 - even when the RS and the web app are on the same machine, I still get asked to login to RM. It does not seem to want to share that cookie?! I made sure I browse to my machine, and not localhost, is there anything else I should do? Its re-directing me to the "UILogin.aspx" page, which is what the ReportManager controls ( not the report server, which is set to Login.aspx) so should I start messing around with the web.app in there too?Are there issues with 2005 versions? I was looking at other posts in the usenet groups that suggest firing off to the "LogonUser" SOAP method from the web app and doing it that way - I could get that working if both the RM and web app are local, but not for seperate machines.Anyway, any advice welcome!
  • Anonymous
    November 13, 2006
    Quick Update:I recreated my "Forms Auth App" from scratch (I had a lot of other stuff going on in the one I was using)  and managed to get it to work, but only when the RM and the FormsApp are in the same physical server. When the RM is on another machine it refuses to work. It seems that the cookie sharing will not work over different machines, even though the MSDN documentation suggests that it will.... hmmmm.
  • Anonymous
    March 06, 2007
    The link to the SSRS Forms Authentication Sample is not working. Could you please correct this. thanks.
  • Anonymous
    March 06, 2007
    oh, never mind, Just find it:http://msdn2.microsoft.com/en-us/library/aa902691(SQL.80).aspx
  • Anonymous
    June 04, 2007
    Russell, thanks for the great post. It works just fine as a redirect, however, is there any way to get it to work in the web ReportViewer control? I get an error because the cookie is not passed using the control and a redirect to the login page is the response. Thank you, Patrick
  • Anonymous
    June 04, 2007
    Russell, disregard my inquiry. For those of you implementing a web reportViewer control, you must set the viewer credentials using the IReportServerCredentials interface GetFormsCredentials method as found here http://www.devx.com/dotnet/Article/30610/0/page/4 (cut and paste URL).
  • Anonymous
    May 22, 2008
    None of the links on this page can be found.  Very frustating when I am trying to figure out how to do SSRS Froms Authentication.Paul Wellmanpwellman@gmail.com
  • Anonymous
    May 23, 2008
    Updated links (the post is almost 3 years old...)