ok, I know this topic has been covered COUNTLESS times in this group,
yet the solution is still very, very hard to come by. Has anybody
successfully published their reports (through a custom .net web
application using URL access to the report server) to an external
network / internet?
If so, how... Custom security extension? Handing out network logins
(with very restricted rights) to the report server?
A final, solid solution would be greatly appreciated...Yes, we did do it and it and there are compromises. A custom security
extension is painful but is probably most secure. The simplest way for an
Internet solution is to -
1. Permit "annonymous" accesss to a low privelege account on the
ReportServer virtual directory.
2. Everything must be https and you will need a registered FQDN server side
cert.
3. However, one still needs to authenticate the user which needs to be done
by your application. Otherwise you have to go custom+Forms authentication or
handing out network logins .. ugh!
4. In order to secure reports, we used a sessionkey generated by our app and
passed it as a hidden parameter from an embedded IE browser using url access.
5. The RDLs execute SPs and the session check is done at this point. With a
custom solution one would do the check prior to allowing access to the
ReportServer.
6. You then need to follow MBSA guidelines to lock down your IIS server
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secmod/html/secmod104.asp
P.S ... the last part is nuts & you'll wonder why not have all clients
connect over IPSec and be done with it.
"Gearoid" wrote:
> ok, I know this topic has been covered COUNTLESS times in this group,
> yet the solution is still very, very hard to come by. Has anybody
> successfully published their reports (through a custom .net web
> application using URL access to the report server) to an external
> network / internet?
> If so, how... Custom security extension? Handing out network logins
> (with very restricted rights) to the report server?
> A final, solid solution would be greatly appreciated...
>
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment