Security Extension Sample

[This topic is pre-release documentation and is subject to change in future releases. Blank topics are included as placeholders.]

This sample works only with SQL Server 2005 and SQL Server 2008. It will not work with any version of SQL Server earlier than SQL Server 2005.
The CustomSecurity sample security extension uses Forms Authentication along with SQL Server to provide a custom security model that works with Reporting Services. This sample is not supported on Itanium-based operating systems.
The SQL Server samples are not installed automatically during setup. For instructions about how to install the samples, see Installing Samples.

Security Note:
The security extension sample should not be deployed and tested in a production environment. Reverting back to Windows Authentication after migrating to a different security extension is generally not recommended. If you do, you may experience errors when you attempt to access items in the report server database that have custom security descriptors, but no Windows Authentication security descriptors. To revert, you will have to reinstall Reporting Services and manually re-apply any role-based security for your Windows users. Before using this sample, you should backup your configuration files.




Important:
Samples are provided for educational purposes only. They are not intended to be used in a production environment and have not been tested in a production environment. Microsoft does not provide technical support for these samples. Sample applications and assemblies should not be connected to or used with your production SQL Server database or your report server without the permission of the system administrator. Microsoft does not provide technical support for these samples. Sample applications and assemblies should not be connected to or used with your production SQL Server database or your report server without the permission of the system administrator.



Requirements

You should be familiar with Visual Studio and either Visual C# or Visual Basic and you must have the following applications installed to run the CustomSecurity sample:
  • Microsoft Visual Studio 2005 or compatible development environment (for viewing the project files).
  • Microsoft .NET Framework 2.0.
  • SQL Server, including Reporting Services.
  • Reporting Services samples.
  • A report server that you have permission to access on your network, if you plan to use the sample extension to add additional data processing functionality to your server.

Location

This sample is located by default at:
C:\Program Files\Microsoft SQL Server\100\Samples\Reporting Services\ Extension Samples\FormsAuthentication Sample

Building the Sample

You must first compile and install the extension. The procedure assumes that you have installed Reporting Services to the default location: C:\Program Files\Microsoft SQL Server\MSSQL.3\Reporting Services. This location will be referred to throughout the remainder of this topic as <install>.
  1. If you have not already created a strong name key file, generate the key file using the following instructions.
To generate a strong name key file
  1. Open a Microsoft Visual Studio 2005 command prompt. Click Start, point to All Programs, point to Microsoft .NET Framework SDK 2.0, and then click SDK Command Prompt.-- or --Open a Microsoft .NET Framework command prompt. Click Start, point to All Programs, point to Microsoft .NET Framework SDK 2.0, and then click SDK Command Prompt.
  2. Use the change directory command (CD) to change the current directory of the command prompt window to the folder where the samples are installed. Note: To determine the folder where samples are located, click the Start* button, point to All Programs, point to Microsoft SQL Server, point to Documentation and Tutorials, and then click Samples Directory. If the default installation location was used, the samples are located in <system_drive>:\Program Files\Microsoft SQL Server\100\Samples.*
  3. At the command prompt, run the following command to generate the key file: sn -k SampleKey.snk Important: For more information about the strong-name key pair, see "Security Briefs: Strong Names and Security in the .NET Framework" in the .NET Development Center on MSDN.
To compile the sample using Visual Studio 2005
  1. Open CustomSecurity.sln in Microsoft Visual Studio 2005. If you installed the sample to the default location, you can access it at C:\Program Files\Microsoft SQL Server\100\Samples\Reporting Services\Extensions.
  2. In Solution Explorer, select the CustomSecurity project.
  3. On the Project menu, click Add Reference. The Add References dialog box opens.
  4. Click the .NET tab.
  5. Click Browse, and find Microsoft.ReportingServices.Interfaces on your local drive. By default, the assembly is located in the <install>\ReportServer\bin directory. Click OK. The selected reference is added to your project.
  6. On the Build menu, click Build Solution.

Deploying the Sample

After the sample is compiled, you must copy the DLLs and the ASPX pages to the appropriate subdirectories for your Report Server installation.
To deploy the sample
  1. Copy Microsoft.Samples.ReportingServices.CustomSecurity.dll and Microsoft.Samples.ReportingServices.CustomSecurity.pdb to the <install>\ReportServer\bin directory.
  2. Copy Microsoft.Samples.ReportingServices.CustomSecurity.dll and Microsoft.Samples.ReportingServices.CustomSecurity.pdb to the <install>\ReportManager\bin directory.
  3. Copy the Logon.aspx page to the <install>\ReportServer directory and copy the UILogon.aspx page to the <install>\ReportManager\Pages directory. After the assembly and logon pages are copied to the server, you need to make some modifications to the Report Server configuration file.

Important:
Make backup copies of al of your configuration files before making any changes.



To modify the RSReportServer.config file
  1. Open the RSReportServer.config file with Visual Studio 2005 or a simple text editor such as Notepad. RSReportServer.config is located in the <install>\ReportServer directory.
  2. Locate the <Security> and <Authentication> elements and modify the settings as follows: * <Security>
    <Extension Name="Forms"
    Type="Microsoft.Samples.ReportingServices.CustomSecurity.Authorization,
    Microsoft.Samples.ReportingServices.CustomSecurity" >
    <Configuration>
    <AdminConfiguration>
    <UserName>username</UserName>
    </AdminConfiguration>
    </Configuration>
    </Extension>
    </Security>
    <Authentication>
    <Extension Name="Forms"
    Type="Microsoft.Samples.ReportingServices.CustomSecurity.AuthenticationExtension,
    Microsoft.Samples.ReportingServices.CustomSecurity" />
    </Authentication> For more information regarding .NET Framework security and Reporting Services, see Understanding Code Access Security in Reporting Services*.
    1. Locate the <UI> element and update it as follows: * <UI>
      <CustomAuthenticationUI>
      <loginUrl>/Pages/UILogon.aspx</loginUrl>
      <UseSSL>True</UseSSL>
      </CustomAuthenticationUI>
      <ReportServerUrl>http://<server>/ReportServer</ReportServerUrl>
      </UI> Note* If you are running the sample security extension in a development environment that does not have a Secure Sockets Layer (SSL) certificate installed, you must change the value of the <UseSSL> element to False in the previous configuration entry. We recommend that you always use SSL when combining Reporting Services with Forms Authentication. You will need to add a code group for your custom security extension that grants FullTrust permission for your extension. You do this by adding the code group to the rssrvpolicy.config file.
      To modify the RSSrvPolicy.config file
      1. Open the rssrvpolicy.config file located the <install>\ReportServer directory.
      2. Locate the existing code group in the security policy file that has a URL membership of $CodeGen as indicated below and then add an entry as follows to the rssrvpolicy.config Note: If you have Analysis Services installed, you will need to change Url="C:\Program Files\Microsoft SQL Server\ *MSSQL.2* \Reporting Services\ReportServer\bin\Microsoft.Samples.ReportingServices.CustomSecurity.dll to *MSSQL.3* . * <CodeGroup
        class="UnionCodeGroup"
        version="1"
        PermissionSetName="FullTrust">
        <IMembershipCondition
        class="UrlMembershipCondition"
        version="1"
        Url="$CodeGen$/*"
        />
        </CodeGroup>
        <CodeGroup
        class="UnionCodeGroup"
        version="1"
        Name="SecurityExtensionCodeGroup"
        Description="Code group for the sample security extension"
        PermissionSetName="FullTrust">
        <IMembershipCondition
        class="UrlMembershipCondition"
        version="1"
        Url="C:\Program Files\Microsoft SQL Server\MSSQL.2\Reporting Services\ReportServer\bin\Microsoft.Samples.ReportingServices.CustomSecurity.dll"
        />
        </CodeGroup> *
        Note:
        For simplicity, the Forms Authentication Sample is weak-named and requires a simple URL membership entry in the security policy files. In your production security extension implementation, you should create strong-named assemblies and use the strong name membership condition when adding security policies for your assembly. For more information about strong-named assemblies, see the Creating and Using Strong-Named Assemblies topic on MSDN.



        Next, you will need to increase the permissions for the "My Computer" code group in the Report Manager policy file.
        To modify the RSMgrPolicy.config file
        1. Open the Report

Last edited Jun 5, 2007 at 6:25 PM by bonniefe, version 6

Comments

No comments yet.