I have a ASP.NET MVC project which connects to SSRS using ReportingService2010 web service endpoints to retrieve and download reports.
Connection works fine using CredentialCache.DefaultCredentials when developing locally with Visual Studio running with admin privileges
When published to virtual directory or used with NetworkCredential with domain\username it doesn't work as expected. I added the windows system user in SSRS as a system administrator.
Current syntax which only works when running locally in Visual Studio with admin privileges.
ReportingService2010 service = new ReportingService2010();
service.Credentials = CredentialCache.DefaultCredentials;
CatalogItem[] items = service.ListChildren(reportsFolderPath, true);
Is there a way to configure domain\username password with NetworkCredential
ReportingService2010 service = new ReportingService2010();
var credentials = new NetworkCredential("insharp", "abc123", "insharp-lenovo");
service.Credentials = credentials;
You can't just add a user only (e.g. insharp-lenovo\insharp in site settings, you need to give that user "browser" rights, and maybe some more - for testing, just give the user all rights, then remove them step by step)
But instead of calling the SSRS web-service, why don't you just use the ReportViewer control in your application ?
Nobody is ever going to configure SSRS for your application anyway, so don't set yourself up for failure. If configuration can be avoided, then it should be. Also then you're independent of the ReportServer installed at customer X, which is a good thing.
Also, you don't want to be at the mercy of the installed SSRS-version.
You can use it to export a report (latest version is reportviewer SSRS2016-preview):
You can find a complete example here:
https://github.com/ststeiger/ReportViewerWrapper
This is what you'll need to do for one report:
https://github.com/ststeiger/ReportViewerWrapper/blob/master/Embedded2016/Umzugsmitteilung.cs
Edit:
You only added the user in the site settings here:
Now you need to give the user permissions in the folder settings tab
Then click on "Assign New Role", or whatever it is called in English.
Locate your reportsFolderPath path in SSRS, and open Security settings for it (you can reach it through direct link or Manage > Security).
In Security tab you will see a list of users with their permissions, your user name should be here in order to give an access to list folder contents. If your user is present in the list, then click to Edit it and ensure all checkboxes are set. If user name is not present, then just add the new one, and check all checkboxes.
Related
I know this question has been asked many times before but I don't seem to be able to find a solution to my problem.
I had to rename some prototype projects I was working on, and these worked perfectly well before being renamed but since renaming them and creating a new application app pool, I can no longer access my database and keep getting the following error:
Login failed for user 'Domain\\MachineName$'
My Web API and database are on the same machine and I still want to use the AppPool rather than specifying a username and password or use the SystemLocal as it worked before and would like to figure out what's changed.
I can see that the identity of my web API is indeed my domain\me but somehow when it's trying to open the database from the injected repository, I'm getting the above error.
I've checked the following:
My connection string hasn't changed:
data source=MyMachine\SQLInstance;Initial Catalog=MyDatabase;integrated security=SSPI;
I've compared the old AppPool and the new one and they are identical.
I've added my new AppPool to SQL server and granted it access to the database with datareader/datawriter access.
I've added the new AppPool to security for the (renamed) directory folder.
All authentications are disabled in IIS except for Windows Authentication. This part must work since my web api's identity is my domain/me user. I just don't get why it is trying to use the machine name when opening the database.
I've read the following to check if I could find anything else but to no avail:
https://learn.microsoft.com/en-us/iis/manage/configuring-security/application-pool-identities
Login failed for user 'DOMAIN\MACHINENAME$'
Login failed for user 'IIS APPPOOL\ASP.NET v4.0'
Why is my MVC app trying to log into my DB as my machine, and not as the App Pool identity?
Has anyone got any other suggestions?
Thanks.
UPDATE-1:
Odd, I thought I'd try to use my username and password for the new AppPool and yet, I'm still getting the same error.
I figured out the problem. This is really odd and appears to be an issue with IIS.
As mentioned in my question, my web API was set to the new AppPool and I could clearly see it the AppPool set correcly via "Advanced Settings" from the "Action" menu in IIS, but when I right clicked on the Web Api virtual folder and selected "Manage Application|Advanced settings", the AppPool name was set to the DefaultAppPool.
The second I changed it, everything worked as it did before using my new AppPool.
Note:
I also removed the new AppPool from the Security applied on the folder as it didn't seem to have any effect once I changed the above!
It must have been a once off problem as I've just changed my website and changing the AppPool via the "Actions" also displayed correctly when I checked "Manage Application|Advanced settings".
This error is driving me crazy, had the same issue with a lambda web api, but that worked when uploaded, so that will do for now
This project however will be a NuGet package, and i need to be able to simply upload a file to S3
I have the code in place using the following : "https://docs.aws.amazon.com/AmazonS3/latest/dev/HLuploadFileDotNet.html"
im trying to run this local, but getting the Unable to get IAM security credentials from EC2 Instance Metadata Service." error
within visual studio, i can see the AWS Explorer, and i can create a bucket from here... so i have my user setup... but when i run local... there is no user???
i know its going to be a one line missing value somewhere :(
Thank you #Geeshan for your answer, it gave me some direction on where to look
However, I had my credentials file setup, but the answer to my question was you also need to have a profile setup with the name "default"
Also, now know that you dont need a matching "default" IAM user.
On the AWS IAM User page, you create your users as normal, no need to create a default user. In Visual studio, when you create a new profile, if your profile is named "default", and you enter they key and secret key for one of your IAM user, running your application will use that user (I miss understood this profile name, and was assuming it needs to match your IAM user, so initially i create a "Default" IAM user. which i now know, is not needed)
If you dont want to use the default then, you can choose a user by using "TryGetProfile and TryGetAWSCredentials in your application code (see below)
This is due to missing credentials in your local machine. Setting up the AWS Explorer will not provide the credentials to running your code.
One way to setup the credentials is to use a Credentials File in C:\users\awsuser\.aws\credentials (asuming you are using windows).
The following is an example of a profile in the credentials file.
[default]
aws_access_key_id = {accessKey}
aws_secret_access_key = {secretKey}
Here you can read more about managing credentials for .Net
I'm using the Visual Studio Team Services .NET libraries to perform source control through a class library of mine. I'm also using a personal access token for authentication, previously set through the VSTS web client.
I'm trying to perform basic actions like check in, out, adding pending changes, create folder mappings etc, and i'm getting an "attempted to perform an unauthorized operation" error when i previously add no problem doing these tasks. I was running my .dll on the server it's supposed to be running when it's done and because i was getting this error i tweaked a few lines of code and then just tested the whole thing on my machine again. It doesn't work anymore at all.
What's weird, though, is that when i try to change the working folder mapping for example, i get this error but the new local path gets assigned just fine.
Any reason why an authenticated VSTS user would have these problems?
Using PAT (personal access token) to authorize your .NET libraries, you should VssBasicCredential, such as below example:
string personalAccessToken = "bnsz6p2efh3vljhjoay4rnaznliygu9vngoqgcwel7gwlati8cxq";
VssBasicCredential credentials = new VssBasicCredential("", personalAccessToken);
More details, you can refer .NET client libraries.
Besides, you can also use Alternate authentication credentials. VSTS account -> security -> Alternate authentication credentials (https://account.visualstudio.com/_details/security/altcreds) -> Enable alternate authentication credentials -> set secondary username and password -> save.
Then you can authorize your .NET libraries by:
NetworkCredential credentials = new NetworkCredential("secondary username", "password for secondary username");
TfsTeamProjectCollection tpc = new TfsTeamProjectCollection(new Uri("https://account.visualstudio.com"), credentials);
When i do
Console.WriteLine(SPContext.Current.Web.CurrentUser.LoginName);
i get the following response:
i:0#.w|domain\\username
When i do
SPSecurity.RunWithElevatedPrivileges(delegate() {
Console.WriteLine(SPContext.Current.Web.CurrentUser.LoginName);
});
i get
domain\appPoolAccount
without i:0#.w|... within the loginname.
Is someone able to explain why this happens?
The prefix (i:0#.w|) before the username is just an internal code so that SharePoint can identity the type of authentication (w: windows auth, f: formsbased, etc...). The i in the code is to identify that it is a user. FYI if you would try to write out a group, the prefix would be c instead of i.
The fact that you don't have a prefix in elevatedprivileges is that this will always be the admin/pool-account which will always be a windows user - so no need to add the prefix...
The prefix (i:0#.w|) is for Claims Based Authentication, which is what your SharePoint 2013 Web Application is on, and without elevated privileges will resolve to the logged in account (which is claims based). But when you run with Elevated Privileges you run with the Application Pool user, which is a windows domain user in your case, which you will find in IIS on the server running SharePoint 2013.
I am working on creating a Web application, which the users in my team will use to
make changes to TFS Work Items. I am using TFS API for this..
In order to access the TFS Server , I used my credentials within the Web Application.
Now each time someone uses the application and makes changes to TFS work items, it shows
as if I have made changes to these items since my credentials are being used in the application.
Is there a way I can use the credentials of the person logging into my application to show up on TFS as the person making the changes ?
You need to use the 'make requests on behalf of others' functionality. You can impersonate another user by following:
public void Impersonation(Uri serverUri,string userToImpersonate)
{
// Read out the identity of the user we want to impersonate
TeamFoundationIdentity identity = ims.ReadIdentity(IdentitySearchFactor.AccountName,
userToImpersonate,
MembershipQuery.None,
ReadIdentityOptions.None);
tfs_impersonated = new TfsTeamProjectCollection(serverUri, identity.Descriptor);
GetAuthenticatedIdentity(tfs_impersonated);
// Use this tfs_impersonated object to communicate to TFS as the other users.
}
And make sure your account running the website has the permission to "make requests on behalf of others":
http://www.codeproject.com/Articles/104019/TFS-API-Part-TFS-Impersonation