i have created an mvc3 web application that uses forms based authentication. one part of the site has links to microsoft ssrs reporting services reports and these reports are launched in an iframe from one of the views.
the problem i am having is that when a user log's into the main site and then subsequently clicks on one of the reporting links, they receive a windows modal login box.
i would like to stop them from receiving this authentication step and rely on the forms based authentication they already went through. at the same time i want to prevent non-authenticated users from typing in one of the ssrs report links into their browser and viewing them without having logged in..
can this be achieved using forms based authentication alone?
thanks
grant.
Have you set up SSRS with forms authentication? If not then if you configure forms authentication on SSRS then you can share forms authentication across multiple applications.
I can't describe step for step how you would do this but hopefully the following links will help:
Authentication in Reporting Services
Forms Authentication Across Applications
Related
We have built a portal in PHP(Laravel) + Angular for a client. User Authentication is done through LDAP.
Client also has a SAS solution for Analytics and it also has LDAP Authentication (SAS Viya).
We need to redirect the user from our portal to SAS portal and the user should get logged in automatically as both portals are authenticating the users through same LDAP.
We tried a few things, but it didn't help.
I am looking for some guidance on how to implement this and if there is any programming/configuration required on our side or on SAS side.
Hard to be specific without fully understanding your use case, but you could look to handle authentication to Viya using the SASjs Adapter (disclaimer - my team built it)
https://github.com/sasjs/adapter
Just set the LoginMechanism to REDIRECTED in the config object to support SSO or alternative login flows. If you need help, my team can be contact on https://sasapps.io/contact-us, else just raise an issue on the github.
We have an implementation on Angular that may help: https://github.com/sasjs/angular-seed-app
We have integrated a VIYA Visual Analytics report into a corporate web application, using the SDK (so not realy a redirect) with single sign on.
(I don't know all the details about how we did it. my roll was in the personalization of the report, where we went further than ordinary row level security.)
I have asp.net mvc3 application with forms authentication. But the our client request AD authentication as well. But the mvc3 app is hosted outside the clients network. What are the possible solutions for this.
Get permission to access the clients network from remote server.
Get an API to access the active directory data from webserver.
If we choose opt one how could we access active directory for authentication from outside the client network. I anybody have any idea or better options please let me know. Thanks in advance.
My guess is that the Microsoft security products can support this out of the box but I'm not sure how so I suggest that you direct your question to whoever supplies your client with their Microsoft product support.
If you'd rather build a solution so that you've got more control over how it works a quick search found an interesting approach at https://support.freshservice.com/support/solutions/articles/169196-setting-up-active-directory-single-sign-on-sso-for-remote-authentication where they created a simple ASP.Net web site that used AD authentication for sign-on. MVC 5 can build a WebApi site that does that just by creating a new project in Visual Studio with the right options.
That site wouldn't have to do anything except confirm that the credentials supplied were valid or not. Your application would ask the user to enter login / password details, then send a (properly secured) web request to the authentication site to determine whether they're valid. As long as you keep the communication between your server and the client web service tightly secured this should do what you need without much fuss. That approach removes the need for your server to communicate directly with the client's AD server.
I'm working on a school project and I need to implement Role-based authorization in an ASP.NET mvc3 application. Currently the application only stores the user's role in a field in the database and there is only one login page. I need to alter the entire application in other for it to grant different content to different users including admin, supervisor and counselors (counselors are able to input new client info and edit and view client information that they inputted. Supervisors can view and edit all client info and also view and edit counselor info. Admin has crud access to everything on the application.)
I'm not sure about what other info to provide about the application but i'll really appreciate any help i can get as i am new to ASP.net mvc as a whole. Most of the tutorials i found focus on specific piece of the role based approach. I need more of a bottom-up approach to implementing the roles and its authorization.
Take a look at ASPNET configuration tool. I believe that it's what you're looking for:
Visual Studio 2013 and ASP.NET Web Configuration Tool
http://msdn.microsoft.com/en-us/library/yy40ytx0.aspx
I have an ASP.Net MVC 3 web application in which an administrator can assign tasks to individual users. Individual users monitors some stats by looking at a dashboard page built in the same application. My requirement is, I want to notify the individual user whenever a new task is assigned to the user. Is it soemthing which can be achieved in the web application built on .net technologies?
You can use jquery to auto refresh.
Auto refresh a section of the page that loads from the database
Jquery auto refresh Tutorial
We have three servers that all share the same database. One server is internet facing.
I have a web page in an IFRAME in CRM that talks to the CRM web service using the standard method of connecting for on-premise. When this IFRAME is displayed through the IFD with users logged in through the forms authentication element, you are asked for login credentials.
How do I get around this?
EDIT
The IFRAME that targets the CRM service is on four servers. Two of the servers are used for IFD and On-premise use. The other two are for on-premise only. They are all in the same domain. All of the users are internal users that can log in through the web if they are using a customer's computer or a machine in an Internet cafe and therefore can't use the VPN.
A few questions to better understand you issue. Is the iframe which targets CrmService on the same IFD server? Is the IFD server on the same domain as the rest of the servers? When you say users are logged in are you refereeing to local domain users or external users?
I suspect the problem is not the services, but the IFrame. When you authenticate to MSCRM via on-premise you are doing Windows Authentication, and when you should the IFrame that authentication request is done again. Since the browser knows everything it needs this is all handled transparently.
When using IFD, you are not using authentication on the web server level - you are doing it using forms based which is on the application level. You IFrame though is still wanting authentication, and thus the iframe prompts for authentication.
If you were having a service problem, the IFrame would display and what ever action triggers the service call would fail with a 400 or 500 error.
So the question comes in how do you build a web page that can cater for windows authentication and forms based? Well that is easy in MSCRM, first make sure you are not running authentication on the web page - set it to anonymous. That ensures no more popups, then make sure you use the CrmAuthenticationToken code to get the token and use that for all calls. You should not be setting the .Credentials property of the service itself.
Assuming you're deploying your page within the CRM website (and not its own virtual directory) then here is pointing you at the SDK article for what Robert mentioned:
See the SDK topic titled: Authentication from an ASPX Page.
In my experience you should always use the CRMImpersonator in your web pages within the CRM website.
Now if you've got your own page running on its own website:
You'll want to see the Discovery service and obtaining a CRM Ticket for accessing the services.