I am trying to implement some custom security code into SSRS 2008 (not R2) to allow for Forms Authentication instead of Windows Authentication. I have based my solution on the Microsoft sample code and have managed to get most of it working absolutely fine. The only area where I'm having problems is when logging onto the actual Report Manager URL.
Issue 1
When using the URL http://localhost/Reports_MSSQL2008/
it doesn't pick up the UILogon.aspx
page that i've copied into the /Pages
folder (as instructed by the Microsoft example). I have amended the web.config in the ReportManager folder to contain the following:
<authentication mode="Forms">
<forms loginUrl="UILogon.aspx"
name="sqlAuthCookie"
timeout="60"
slidingExpiration="true"
path="/" />
</authentication>
I have tried changing the path to match exact path of the aspx file, but still no joy !!
Issue 2
Because of the issue above, I tried just getting into UILogon and ReportManager via the URL, http://localhost/Reports_MSSQL2008/Pages/UILogon.aspx
. This works in that I get to step into my custom code (UILogon.aspx.cs and IAuthorisation / IAuthentication code) and I can see it doing the following:
Problem is, when the response.redirect comes back into the GetUserInfo() method, the HttpContext.Current.User is null, and there is no cookie anymore. Because of this, a null IIdentity is returned (cant set it to anything else !!) and SSRS throws the error...
Microsoft.ReportingServices.Diagnostics.Utilities.AuthenticationExtensionException:
The Authentication Extension threw an unexpected exception or returned a value that is not valid: identity==null.
For info - when I launch Report Builder / Visual Studio bi proj / the Web Service URL it does exactly what I require and works fine......it's just the Report Manager thats causing the problem.
I have now resolved it....I had to add the following to the rsreportserver.config:
<UI>
<CustomAuthenticationUI>
<loginUrl>/Pages/UILogon.aspx</loginUrl>
<UseSSL>false</UseSSL>
</CustomAuthenticationUI>
<ReportServerUrl></ReportServerUrl>
<PageCountMode>Estimate</PageCountMode>
</UI>
and only have the following in the web.config:
<authentication mode="Forms" />
Also, to safe-guard against a null Identity being passed back from GetUserInfo(), I coded the following:
public void GetUserInfo(out IIdentity userIdentity, out IntPtr userId)
{
//default the userIdentity
userIdentity = new GenericIdentity(WindowsIdentity.GetCurrent().Name);
// If the current user identity is not null,
// set the userIdentity parameter to that of the current user
if (HttpContext.Current != null
&& HttpContext.Current.User != null)
{
userIdentity = HttpContext.Current.User.Identity;
}
// initialize a pointer to the current user id to zero
userId = IntPtr.Zero;
}