I am using a report viewer control in an ASP.net web application. The application runs in the app pool identity (impersonate="false") so it has the rights to read/write the database.
But for the report viewer control I need to impersonate the currently logged on user. So far I've only found information about setting impersonation to true for th开发者_Python百科e whole app so that the report viewer is impersonated as well. Or there's information on how to create its own credentials that are passed to the viewer (so it's not the currently logged on user).
Does anyone know how to impersonate the current user only for the report viewer but not for the whole application?
If i understand you correctly you need to implement IReportServerCredentials, here is an example ive used in the past
using System;
using System.Configuration;
using System.Web;
using Microsoft.Reporting.WebForms;
using System.Security.Principal;
using System.Net;
[Serializable]
public sealed class ReportServerNetworkCredentials : IReportServerCredentials
{
#region IReportServerCredentials Members
private string username, password;
public ReportServerNetworkCredentials(string username, string password)
{
this.username = username;
this.password = password;
}
public bool GetFormsCredentials(out System.Net.Cookie authCookie, out string userName, out string password, out string authority)
{
//throw new NotImplementedException();
userName = password = authority = null;
// The cookie name is specified in the <forms> element in Web.config (.ASPXAUTH by default)
HttpCookie cookie = HttpContext.Current.Request.Cookies[".ASPXAUTH"];
if (cookie == null)
{
authCookie = null;
return false;
}
Cookie netCookie = new Cookie(cookie.Name, cookie.Value);
if (cookie.Domain == null)
{
netCookie.Domain = HttpContext.Current.Request.ServerVariables["SERVER_NAME"].ToUpper();
}
netCookie.Expires = cookie.Expires;
netCookie.Path = cookie.Path;
netCookie.Secure = cookie.Secure;
authCookie = netCookie;
return true;
}
public WindowsIdentity ImpersonationUser
{
get
{
return null;
}
}
public System.Net.ICredentials NetworkCredentials
{
get
{
return new System.Net.NetworkCredential(this.username, this.password);
}
}
#endregion
}
And then on the aspx page with the report viewer pass in your credentials etc
ReportViewer1.ServerReport.ReportServerCredentials = new ReportServerNetworkCredentials(username, password);
ReportViewer1.ServerReport.ReportServerUrl = new Uri("http://youreportserver/ReportServer");
ReportViewer1.ServerReport.ReportPath = reportPath;
//etc
This will allow you to pass whatever username and pass you like. This works on SSRS 08 / SQL 08 and id imagine 05 too, this is using forms auth.
Hope this helps and that i understood your question properly.
Edit: Yes just retrieve the current username and password from where ever you are storing them (membership etc) into the and pass into as per my example.
The username and pass must exist in the report server itself however, if you really need accounts for every user consider creating them an account on the report server when you create the account in the applicaiton itself. You can do this via the web services SSRS exposes, see here. If the site is already in use you could easily just iterate through all your users and create them an account via the SSRS web services.
However, are you sure you need a reporting account for each individual user? You could make an account for each role in the app if your reasons are more access rights than logging.
精彩评论