What issues we face when using SSPI/trusted authentication for applications of any kinds that connect to data sources? Is there开发者_JAVA技巧 any alternative to this ... if so could you please specify?
This question has ben asked in one of the interview I attended recently.
Thanks
They probably mean, "What problems can software that calls reporting services have using trusted authentication"; and they're likely referring to the double-hop authentication issue.
If the caller, the report server and the data source are all on different computers, when the caller passes its credentials to the report server, it will have problems passing those credentials onto the data source.
It might also occur in slightly simpler scenarios; I'm not sure because I haven't come across it, though it's very common because it returns a bunch of Google results.
The traditional workaround has been to "use Kerberos authentication", and if you look up the whitepaper you'll find it extremely hard to find clear and simple guidelines on how to implement it. I mean, it's a few hundred pages long, and it's not a How-To.
Apparently there are other ways to get around it using slightly newer versions of Windows (2003+).
But good luck on finding it if you need it. It's really poorly explained and assumes a lot of understanding of Windows authentication internals that only the most hardcore Windows network administrators would understand; let alone us SSRS and DBA folk.
精彩评论