Qui*_*ium 4 c# asp.net authentication reporting-services-2012 ssrs-2012
我是SSRS的新手,并被要求添加自定义身份验证以访问SQL Server 2012上的报表服务器和报表管理器
我一直在紧跟Microsoft安全扩展示例的指示进行操作。我所做的唯一修改是对实际的UILogin.aspx和Login.aspx以及UserAccounts数据库,并且使用了wmi名称空间v11。项目是在Debug模式下编译的(GetUserInfo已修改为不包含Assert和null引用异常)
我可以成功添加自定义登录名,并将其分配为/ReportServer/rsreportserver.config中的管理员,该用户位于<Security> <Extension> <Configuration> <AdminConfiguration> <UserName>配置元素下。该用户可以连接到报表管理器(https:// <domain> / Reports)和报表服务器视图(https:// <domain> / ReportServer)[已配置为使用https,并且似乎可以使用。使用自定义表单身份验证的想法是让我们可以远程访问报告]
然后,我在UserAccounts数据库中注册了一个新用户,并希望该用户也可以访问报表管理器。使用第一个设置用户登录到报表管理器,然后转到“ 站点设置”->“安全性”->“新角色分配”,然后添加具有“系统管理”和“系统用户”角色的新用户(不是域用户)。我希望这可以使用户访问这两种登录类型。但是尝试使用新用户登录会出现错误:
报表管理器错误:
用户“没有所需的权限。验证是否已授予足够的权限,并且已解决Windows用户帐户控制(UAC)限制
Report Server视图错误,带有(用户名被屏蔽):
授予用户“ <用户名>”的权限不足以执行此操作。(rsAccessDenied)
我已将项目调试为附加过程,并且自定义登录验证代码已按预期成功。
如果然后我修改上面提到的<Security> <Extension> <Configuration> <AdminConfiguration> <UserName>配置元素以使用新的用户登录名,那么它将起作用。
我们只能设置一个用户进行自定义身份验证,这似乎是不正确的。有没有人能够针对多个自定义用户登录名执行此操作?
报表服务器日志转储(报表管理器登录):
library!ReportServer_0-26!1524!02/26/2014-11:04:24:: i INFO: Call to GetItemTypeAction(/).
library!ReportServer_0-26!1524!02/26/2014-11:04:24:: e ERROR: Throwing Microsoft.ReportingServices.Diagnostics.Utilities.AccessDeniedException: , Microsoft.ReportingServices.Diagnostics.Utilities.AccessDeniedException: The permissions granted to user 'enp' are insufficient for performing this operation.;
library!ReportServer_0-26!17bc!02/26/2014-11:07:28:: e ERROR: Throwing Microsoft.ReportingServices.Diagnostics.Utilities.AuthenticationExtensionException: , Microsoft.ReportingServices.Diagnostics.Utilities.AuthenticationExtensionException: The Authentication Extension threw an unexpected exception or returned a value that is not valid: identity==null.;
library!ReportServer_0-26!d14!02/26/2014-11:07:58:: e ERROR: Throwing Microsoft.ReportingServices.Diagnostics.Utilities.AuthenticationExtensionException: , Microsoft.ReportingServices.Diagnostics.Utilities.AuthenticationExtensionException: The Authentication Extension threw an unexpected exception or returned a value that is not valid: identity==null.;
library!ReportServer_0-26!1518!02/26/2014-11:08:44:: i INFO: Call to GetPermissionsAction(/).
ui!ReportManager_0-25!1524!02/26/2014-11:08:44:: e ERROR: Microsoft.ReportingServices.UI.FolderPage+InsufficientPermissionsToRoot: User '' does not have required permissions. Verify that sufficient permissions have been granted and Windows User Account Control (UAC) restrictions have been addressed.
at Microsoft.ReportingServices.UI.FolderPage.Page_Init(Object sender, EventArgs e)
at System.EventHandler.Invoke(Object sender, EventArgs e)
at System.Web.UI.Control.OnInit(EventArgs e)
at System.Web.UI.Page.OnInit(EventArgs e)
at System.Web.UI.Control.InitRecursive(Control namingContainer)
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
library!ReportServer_0-26!6c0!02/26/2014-11:08:44:: i INFO: Call to GetSystemPermissionsAction().
ui!ReportManager_0-25!1524!02/26/2014-11:08:44:: e ERROR: HTTP status code --> 500
-------Details--------
Microsoft.ReportingServices.UI.FolderPage+InsufficientPermissionsToRoot: User '' does not have required permissions. Verify that sufficient permissions have been granted and Windows User Account Control (UAC) restrictions have been addressed.
at Microsoft.ReportingServices.UI.FolderPage.Page_Init(Object sender, EventArgs e)
at System.EventHandler.Invoke(Object sender, EventArgs e)
at System.Web.UI.Control.OnInit(EventArgs e)
at System.Web.UI.Page.OnInit(EventArgs e)
at System.Web.UI.Control.InitRecursive(Control namingContainer)
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
library!ReportServer_0-26!6e0!02/26/2014-11:08:44:: i INFO: Call to GetSystemPropertiesAction().
ui!ReportManager_0-25!1524!02/26/2014-11:08:44:: e ERROR: System.Threading.ThreadAbortException: Thread was being aborted.
at System.Threading.Thread.AbortInternal()
at System.Threading.Thread.Abort(Object stateInfo)
at System.Web.HttpResponse.End()
at Microsoft.ReportingServices.UI.ReportingPage.ShowErrorPage(String errMsg)
报表服务器日志转储(报表视图登录-用户名已屏蔽):
library!ReportServer_0-26!117c!02/26/2014-10:56:08:: i INFO: Call to GetItemTypeAction(/).
library!ReportServer_0-26!117c!02/26/2014-10:56:08:: e ERROR: Throwing Microsoft.ReportingServices.Diagnostics.Utilities.AccessDeniedException: , Microsoft.ReportingServices.Diagnostics.Utilities.AccessDeniedException: The permissions granted to user '<user name>' are insufficient for performing this operation.;
找到了解决方案。
还必须将新用户设置为通过报表管理器在报表主文件夹上具有角色访问权限。
我使用了一个可以登录报表管理器的用户,然后依次执行“首页”->“文件夹设置”->“安全性”->“新角色分配”,并为新用户添加了适当的角色。