May 17, 2012 at 5:16 am
Hi,
I have come across a very very strange issue and I will try my best to explain it in detail.
We have a report server SSRS2008R2 hosted on windows 2008 server and the service is running with Network Service account(please note this).
We have deployed a lot of reports on this server and totally 3 data sources are used and each one has same login called 'domain\ssrs_virtual' to connect to the databases for reading the data and executing stored procedure.
All these reports are called by a internet webpage where user enter their credentials(common credentials stored in a table). If credentials are correct, it takes them to a list of reports, they click on it and internally the above reports are called. I also learnt that the account mentioned above domain\ssrs_virtual is mapped with this webpage also and has been given browser permissions to browse the reports.
So far so good.
Now, 2 days back a new report was deployed with the same process. A user called 'Sandy' sits on her work station and opens the webpage,types the username and password(generic ones) and she gets to see the list of reports including the new one. When she clicks on the report link, she gets an error saying :
Reporting Services Error
--------------------------------------------------------------------------------
For more information about this error navigate to the report server on the local server machine, or enable remote errors
I silently went inside reportserver logs and found an error: domain\sandy does not have sufficient permissions to perform this task.Access is denied.
I tried asking different users and report server logs shows the same or them. It does not give an error to me because I am an admin, but my question is why is the SSRS picking up account information from their workstations?
It should still use domain\ssrs_virtual account for its operations.
Please help me. Let me know if there is any other information I can provide you with.
Thanks
Chandan
May 17, 2012 at 6:57 am
impersonation gone wrong?
new data source which isnt set to use the account?
May 17, 2012 at 7:11 am
anthony.green (5/17/2012)
impersonation gone wrong?new data source which isnt set to use the account?
Thanks for replying. We are using an existing data source. This works for guys with admin access but how to make it work for users with no access to reports directly.
Thanks
Chandan
May 17, 2012 at 7:12 am
I mentioned that the users do not have to have browser permissions. We have a basic authentication setup on the internet webpage and it should use one common account to reach the SSRS report because it has got browser permissions. We cannot give all the individual users browser permissions. In that case what will happen to non-domain users?
Think it like this, when I open my bank statement report, there will be an authentication set for me. I just put my id and password. I need not have the browser permissions to bank server or read permissions on databases.
Thanks
Chandan
May 17, 2012 at 7:12 am
data source been redeployed, check the data source is still set to use the SSRS_Virtual account
May 17, 2012 at 7:19 am
anthony.green (5/17/2012)
data source been redeployed, check the data source is still set to use the SSRS_Virtual account
Nothing was redeployed. Just the report. I also added a reply just above yours few seconds earlier. Please go through that in case it helps you to understand the problem better.
Thanks
Chandan
May 17, 2012 at 7:28 am
your using impersonation then, this is out of my skill set now, if the data source the report uses is set to use that particular SSRS_Virtual account then something is overriding this back to use windows authentication to the data source
basic auth works in 1 of 2 ways
1 Network logon, intended for high performance servers to authenticate plain text passwords.
2 Cleartext logon, which preserves logon credentials in the authentication package that is sent with each HTTP request, allowing the server to impersonate the user when connecting to other servers in the network. (Default)
Viewing 7 posts - 1 through 6 (of 6 total)
You must be logged in to reply to this topic. Login to reply