I'm new to SSRS and have been asked to add custom authentication for access to Report Server and Report Manager on SQL Server 2012
I have been following the instructions by Microsoft's security extension sample close to the teeth. The only modifications I have made are to the actual UILogin.aspx and Login.aspx and the UserAccounts database and that wmi namespace v11 is used. The Project is compiled in Debug mode (GetUserInfo modified to not include Assert and null reference exception)
I'm successful able to add a custom login and assign it as administrator in /ReportServer/rsreportserver.config under the <Security><Extension><Configuration><AdminConfiguration><UserName> configuration element. This user is able to connect to both Report Manager (https://<domain>/Reports) and Report Server view (https://<domain>/ReportServer) [Have configured to use https and seems to work. The idea to use custom form authentication is so we can access the reports remotely]
I then register a new user in the UserAccounts database and want the user to have access to the Report Manager as well. Login to Report Manager with the first setup user and go to Site Settings->Security->New Role Assignment and add the new user (not a domain user) with "System Administration" and "System User" roles. I expect this should give the user access to both login types. But trying to login with the new user is giving errors:
Report Manager errors with:
User '' does not have required permissions. Verify that sufficient permissions have been granted and Windows User Account Control (UAC) restrictions have been addressed
Report Server view errors with (user name masked):
The permissions granted to user '<user name>' are insufficient for performing this operation. (rsAccessDenied)
I have debugged the project to attached process and the custom login verification code is succeed as expected.
If I then modify the <Security><Extension><Configuration><AdminConfiguration><UserName> configuration element mentioned above to use the new user login, then it works.
This doesn't seems to be correct that we can only set up one user for custom authentication. Has anyone been able to do this for multiple custom user logins?
Report Server Log dump (Report Manager login):
library!ReportServer_0-26!1524!02/26/2014-11:04:24:: i INFO: Call to GetItemTypeAction(/).
library!ReportServer_0-26!1524!02/26/2014-11:04:24:: e ERROR: Throwing Microsoft.ReportingServices.Diagnostics.Utilities.AccessDeniedException: , Microsoft.ReportingServices.Diagnostics.Utilities.AccessDeniedException: The permissions granted to user 'enp' are insufficient for performing this operation.;
library!ReportServer_0-26!17bc!02/26/2014-11:07:28:: e ERROR: Throwing Microsoft.ReportingServices.Diagnostics.Utilities.AuthenticationExtensionException: , Microsoft.ReportingServices.Diagnostics.Utilities.AuthenticationExtensionException: The Authentication Extension threw an unexpected exception or returned a value that is not valid: identity==null.;
library!ReportServer_0-26!d14!02/26/2014-11:07:58:: e ERROR: Throwing Microsoft.ReportingServices.Diagnostics.Utilities.AuthenticationExtensionException: , Microsoft.ReportingServices.Diagnostics.Utilities.AuthenticationExtensionException: The Authentication Extension threw an unexpected exception or returned a value that is not valid: identity==null.;
library!ReportServer_0-26!1518!02/26/2014-11:08:44:: i INFO: Call to GetPermissionsAction(/).
ui!ReportManager_0-25!1524!02/26/2014-11:08:44:: e ERROR: Microsoft.ReportingServices.UI.FolderPage+InsufficientPermissionsToRoot: User '' does not have required permissions. Verify that sufficient permissions have been granted and Windows User Account Control (UAC) restrictions have been addressed.
at Microsoft.ReportingServices.UI.FolderPage.Page_Init(Object sender, EventArgs e)
at System.EventHandler.Invoke(Object sender, EventArgs e)
at System.Web.UI.Control.OnInit(EventArgs e)
at System.Web.UI.Page.OnInit(EventArgs e)
at System.Web.UI.Control.InitRecursive(Control namingContainer)
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
library!ReportServer_0-26!6c0!02/26/2014-11:08:44:: i INFO: Call to GetSystemPermissionsAction().
ui!ReportManager_0-25!1524!02/26/2014-11:08:44:: e ERROR: HTTP status code --> 500
-------Details--------
Microsoft.ReportingServices.UI.FolderPage+InsufficientPermissionsToRoot: User '' does not have required permissions. Verify that sufficient permissions have been granted and Windows User Account Control (UAC) restrictions have been addressed.
at Microsoft.ReportingServices.UI.FolderPage.Page_Init(Object sender, EventArgs e)
at System.EventHandler.Invoke(Object sender, EventArgs e)
at System.Web.UI.Control.OnInit(EventArgs e)
at System.Web.UI.Page.OnInit(EventArgs e)
at System.Web.UI.Control.InitRecursive(Control namingContainer)
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
library!ReportServer_0-26!6e0!02/26/2014-11:08:44:: i INFO: Call to GetSystemPropertiesAction().
ui!ReportManager_0-25!1524!02/26/2014-11:08:44:: e ERROR: System.Threading.ThreadAbortException: Thread was being aborted.
at System.Threading.Thread.AbortInternal()
at System.Threading.Thread.Abort(Object stateInfo)
at System.Web.HttpResponse.End()
at Microsoft.ReportingServices.UI.ReportingPage.ShowErrorPage(String errMsg)
Report Server Log dump (Report view login - user name masked):
library!ReportServer_0-26!117c!02/26/2014-10:56:08:: i INFO: Call to GetItemTypeAction(/).
library!ReportServer_0-26!117c!02/26/2014-10:56:08:: e ERROR: Throwing Microsoft.ReportingServices.Diagnostics.Utilities.AccessDeniedException: , Microsoft.ReportingServices.Diagnostics.Utilities.AccessDeniedException: The permissions granted to user '<user name>' are insufficient for performing this operation.;