I am using ReportViewer to show the reports on my windows WPF application using .Net 4.0. These reports are deployed on a separate SSRS 2008 report server and not the local machine. Right now, I am passing the credentials of the server in the following manner:
string userName = configClient.Settings.Get("UserName").Value.ValueXml.InnerText;
string password = configClient.Settings.Get("Password").Value.ValueXml.InnerText;
string domain = configClient.Settings.Get("Domain").Value.ValueXml.InnerText;
IReportServerCredentials irsc = new ReportViewerCredentials(userName, password, domain);
_reportViewer.ServerReport.ReportServerCredentials.NetworkCredentials = irsc.NetworkCredentials;
Also, I am using the following settings with the ReportViewer if it is of any use:
_reportViewer.ProcessingMode = ProcessingMode.Remote;
_reportViewer.ShowParameterPrompts = false;
_reportViewer.ServerReport.ReportServerUrl = new Uri(Properties.Settings.Default.ReportServer);
_reportViewer.ServerReport.ReportPath = Properties.Settings.Default.Reports;
I am using the config file to save and retrieve the credentials for the server access, but I do not think this is a secure way of doing it. I would like to implement this in a secure way where I do not need to take the credentials from the user or from the config file. Both the local machine and the server would be on the same network.
I am not sure how to do it, can this be done through impersonation, I am just guessing as I do not have much idea about security and impersonation. Also, if it can be done, can I get a sample or may be a link to an article through which I can get this done.
The core idea is to avoid storing the username and password on the client. I searched for solution but what I got was very vague in nature.
Please do not close this thread as it is an open question, but it is important for me, as I am approaching deadline and working on too many things at a time. Sorry for inconvenience caused if any.
I have found a way to not pass the credentials at all and still be able to retrieve the reports from the Reports Server, but not without help.
I have configured a new Role assignment in the Report Manager using the URL http://localhost/Reports/Pages/Folder.aspx. Go to Properties tab, and add a New Role Assignment and add Everyone and provide the required right to it.
This way, I would not need to pass any credentials from the client for the ReportViewer. Also, it can be used to configure the access for a selected users.
Related
I have been developing Standard Logic Apps with SQL Server successfully for some time, but suddenly can no longer connect. I'm using Azure AD Integrated as my Authentication Type, which I know is OK as I use the same credentials in SSMS. If I try to create a new credential, it is apparently successful but on save the Logic App says "The API connection reference XXX is missing or not valid". Something has changed, but I don't know what ... help!
per above, this was submitted to M/S and has been resolved as follows: the root cause is if a Logic App Parameter name includes an embedded space the problem with SQL connections is triggered. This is a pernicious problem, as the error message is quite unrelated to the root cause. Further, since embedded spaces are supported in Logic Apps e.g. in Step Names, it is easy to assume the same applies across the board.
I have been exploring Apache Shiro with Zeppelin and so far has been able to make authentication work with JdbcRealm but one thing that is not going well is giving the data source password as plain text.
Is there a way to avoid that?
My shiro.ini looks like:
[main]
dataSource = org.postgresql.ds.PGPoolingDataSource
dataSource.serverName = localhost
dataSource.databaseName = dp
dataSource.user = dp_test
dataSource.password = Password123
ps = org.apache.shiro.authc.credential.DefaultPasswordService
pm = org.apache.shiro.authc.credential.PasswordMatcher
pm.passwordService = $ps
jdbcRealm = org.apache.shiro.realm.jdbc.JdbcRealm
jdbcRealmCredentialsMatcher = org.apache.shiro.authc.credential.Sha256CredentialsMatcher
jdbcRealm.dataSource = $dataSource
jdbcRealm.credentialsMatcher = $pm
shiro.loginUrl = /api/login
[roles]
admin = *
[urls]
/** = authc
Is there a way to avoid giving data source password as plain text
dataSource.password = Password123?
Would like to give something like:
$shiro1$SHA-256$500000$YdUEhfDpsx9KLGeyshFegQ==$m+4wcq4bJZo1HqDAGECx50LcEkRZI0zCyq99gtRqZDk=
yes, there is a way, but there will still be a password lying around somewhere due to the nature of shiro needing to know the password.
Why Hashing does not work
You posted
something like: $shiro1$SHA-256[…]
This is a hash, and thus it is not reversible. There is no way shiro could log into the datasource using this String.
Container managed datasources
The best approach I can recommend at this point is to have a container managed resource. A container is referring to a (web) application server in this case, like tomcat, OpenLiberty or Wildfly.
For your use case, try looking into the following:
extend org.apache.shiro.realm.jdbc.JdbcRealm or AuthorizingRealm
Add the JPA API to your module and inject a persistence context like so:
#PersistenceContext
EntityManager entityManager;
Override the methods
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token)
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals)
… to load from your managed datasource instead.
Drawbacks of this approach:
You just delegated datasource login to your container / application server. The server is still facing the same problems. E.g. with OpenLiberty, you will still need to store a master key of an encrypted (not hashed) password somewhere, and thus liberty will do exactly this.
use another configuration source
Instead of using a shiro.ini file, you could also write your own environment loader. You could request the file from an IP-restricted web service or a cryptographic hardware device.
Always a goal: restrict the environment
You should always restrict the environment.
E.g. create a user which can install, but not run your application and who cannot read the logs (called setup-user or so).
Create another user which can start the application, read but not modify configuration files and write logs, called a run-user.
Restrict access to configurations and logs for all other users on that system.
Getting involved
If you have other needs, feel welcome to discuss other solutions on the shiro mailing lists.
I built a Java application which connects to Salesforce to access data. However, this connection only works for the sandbox account and not when I pass the production accounts credentials.
I set up the connection in the following manner,
Connector.newConnection(config)
The error I get is as follows,
[LoginFault [ApiFault exceptionCode='INVALID_LOGIN'
exceptionMessage='Invalid username, password, security token; or user locked out.'
extendedErrorDetails='{[0]}']]
Does anyone know how to solve this? Is there some sort of dependency I am forgetting?
This was an issue with the partner.jar that was used. This has the endpoint hardcoded as test.salesforce.com. Therefore would never work in the production environment as the log in wouldn't even go to the correct URL.
Therefore, you should always remember to generate the partner.jar from the partner.wsdl provided by the production environment and add it. The endpoint here is hardcoded as login.salesforce.com.
I am trying to publish sharepoint2016 website including Power View reports which created by SQL server services service (SSRS). there is top level site and bi center as sub-site; both are working fine but problem is that when I try to view the report it said the error:
"the web application at [url] could not be found. verify that you have typed the url correctly. if the url should be serving existing content, the system administrator may need to add a new request url mapping to the intended application."I search about the error but It does not reach my target.
https://forums.asp.net/t/1970799.aspx?SQL+Reporting+Service+Runtime+Error+The+item+reports+Report1+cannot+be+found+rsItemNotFound+
note that the whole site is working fine in domain.
Please help...
Thanks...
Sorry for late guys...
i found that Power shell of SP cannot execute any command related to SSRS
it just need to reinstall SSRS service compatible with SP2016. then every thing is fine.
I am using the variables to configure the same "connection string" between two applications, since the two do access the same database of users.
Can I set the same SQL Server (Nano 10GB) in more than one application to use transformation for web.config?
This is not currently possible since there is no way to have the connectionsstring injected into other applications than the one that has the add-on provisioned. Feel free to add this as a feedback suggestion.
It is possible, but requires some legwork. Basically you need to have one app with a known location (URL is fine) that the others can ask for the Connection String. The hard part is doing it securely enough. I'm partway there...
I've rigged up a system where you have a password that both of your Apps know in AppSettings, and then have the Secondary Website send a Public Key to the Primary Website with the password. Who then encodes the connection string, and sends it back.
The password CAN be injected by Appharbor when it does a deploy. And the connection string is also setup on the deploy. Ideally you'd use SSL but I don't have that setup and it makes life hard when working locally.
Proof Of Concept: https://bitbucket.org/Rangoric/database-coordination/overview
It does work, just start both of the website projects in there, and go to http://localhost:4002/Database and you will see what is in the connection String of the Primary website.
EDIT: I just realized that since you can piggyback the SSL Cert of appharbor with the free subdomain they give you, you can use that URL for added security if you don't have your own SSL cert.