4

我是 SSRS 的新手,并被要求添加自定义身份验证以访问 SQL Server 2012 上的报表服务器和报表管理器

我一直在按照微软的安全扩展示例的说明进行操作。我所做的唯一修改是实际的 UILogin.aspx 和 Login.aspx 以及 UserAccounts 数据库,并且使用了 wmi 命名空间 v11。项目在 Debug 模式下编译(GetUserInfo修改为不包括 Assert 和空引用异常)

我成功地添加了自定义登录名并将其分配为 /ReportServer/rsreportserver.config 中<Security><Extension><Configuration><AdminConfiguration><UserName>配置元素下的管理员。此用户能够连接到报表管理器 ( https://<domain>/Reports ) 和报表服务器视图 ( https://<domain>/ReportServer ) [已配置为使用 https 并且似乎可以工作。使用自定义表单身份验证的想法是我们可以远程访问报告]

然后,我在 UserAccounts 数据库中注册了一个新用户,并希望该用户也可以访问报表管理器。使用第一个设置用户登录报告管理器,然后转到站点设置->安全->新角色分配并添加具有“系统管理”和“系统用户”角色的新用户(不是域用户)。我希望这应该使用户可以访问两种登录类型。但是尝试使用新用户登录会出现错误:

报告管理器错误:

用户 '' 没有所需的权限。验证是否已授予足够的权限并且已解决 Windows 用户帐户控制 (UAC) 限制

报告服务器视图错误(用户名被屏蔽):

授予用户“<用户名>”的权限不足以执行此操作。(rsAccessDenied)

我已将项目调试到附加进程,并且自定义登录验证码按预期成功。

如果我随后修改上述<Security><Extension><Configuration><AdminConfiguration><UserName>配置元素以使用新用户登录,那么它可以工作。

这似乎是不正确的,我们只能设置一个用户进行自定义身份验证。有没有人能够为多个自定义用户登录做到这一点?

报表服务器日志转储(报表管理器登录):

library!ReportServer_0-26!1524!02/26/2014-11:04:24:: i INFO: Call to GetItemTypeAction(/).
library!ReportServer_0-26!1524!02/26/2014-11:04:24:: e ERROR: Throwing Microsoft.ReportingServices.Diagnostics.Utilities.AccessDeniedException: , Microsoft.ReportingServices.Diagnostics.Utilities.AccessDeniedException: The permissions granted to user 'enp' are insufficient for performing this operation.;
library!ReportServer_0-26!17bc!02/26/2014-11:07:28:: e ERROR: Throwing Microsoft.ReportingServices.Diagnostics.Utilities.AuthenticationExtensionException: , Microsoft.ReportingServices.Diagnostics.Utilities.AuthenticationExtensionException: The Authentication Extension threw an unexpected exception or returned a value that is not valid: identity==null.;
library!ReportServer_0-26!d14!02/26/2014-11:07:58:: e ERROR: Throwing Microsoft.ReportingServices.Diagnostics.Utilities.AuthenticationExtensionException: , Microsoft.ReportingServices.Diagnostics.Utilities.AuthenticationExtensionException: The Authentication Extension threw an unexpected exception or returned a value that is not valid: identity==null.;
library!ReportServer_0-26!1518!02/26/2014-11:08:44:: i INFO: Call to GetPermissionsAction(/).
ui!ReportManager_0-25!1524!02/26/2014-11:08:44:: e ERROR: Microsoft.ReportingServices.UI.FolderPage+InsufficientPermissionsToRoot: User '' does not have required permissions. Verify that sufficient permissions have been granted and Windows User Account Control (UAC) restrictions have been addressed.
   at Microsoft.ReportingServices.UI.FolderPage.Page_Init(Object sender, EventArgs e)
   at System.EventHandler.Invoke(Object sender, EventArgs e)
   at System.Web.UI.Control.OnInit(EventArgs e)
   at System.Web.UI.Page.OnInit(EventArgs e)
   at System.Web.UI.Control.InitRecursive(Control namingContainer)
   at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
library!ReportServer_0-26!6c0!02/26/2014-11:08:44:: i INFO: Call to GetSystemPermissionsAction().
ui!ReportManager_0-25!1524!02/26/2014-11:08:44:: e ERROR: HTTP status code --> 500
-------Details--------
Microsoft.ReportingServices.UI.FolderPage+InsufficientPermissionsToRoot: User '' does not have required permissions. Verify that sufficient permissions have been granted and Windows User Account Control (UAC) restrictions have been addressed.

   at Microsoft.ReportingServices.UI.FolderPage.Page_Init(Object sender, EventArgs e)

   at System.EventHandler.Invoke(Object sender, EventArgs e)

   at System.Web.UI.Control.OnInit(EventArgs e)

   at System.Web.UI.Page.OnInit(EventArgs e)

   at System.Web.UI.Control.InitRecursive(Control namingContainer)

   at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
library!ReportServer_0-26!6e0!02/26/2014-11:08:44:: i INFO: Call to GetSystemPropertiesAction().
ui!ReportManager_0-25!1524!02/26/2014-11:08:44:: e ERROR: System.Threading.ThreadAbortException: Thread was being aborted.
   at System.Threading.Thread.AbortInternal()
   at System.Threading.Thread.Abort(Object stateInfo)
   at System.Web.HttpResponse.End()
   at Microsoft.ReportingServices.UI.ReportingPage.ShowErrorPage(String errMsg)

报表服务器日志转储(报表视图登录 - 用户名被屏蔽):

library!ReportServer_0-26!117c!02/26/2014-10:56:08:: i INFO: Call to GetItemTypeAction(/).
library!ReportServer_0-26!117c!02/26/2014-10:56:08:: e ERROR: Throwing Microsoft.ReportingServices.Diagnostics.Utilities.AccessDeniedException: , Microsoft.ReportingServices.Diagnostics.Utilities.AccessDeniedException: The permissions granted to user '<user name>' are insufficient for performing this operation.;
4

1 回答 1

5

找到了解决方案。

新用户还必须设置为通过报告管理器对报告主文件夹具有角色访问权限。

我使用了一个可以登录报告管理器的用户,然后通过主页->文件夹设置->安全->新角色分配并添加了具有适当角色的新用户。

于 2014-02-26T21:50:33.883 回答