-
Notifications
You must be signed in to change notification settings - Fork 359
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
far to many dependancies on windows users and ad auth #19
Comments
I agree it would be a good idea but it is probably a complex topic. Authentication against different services is the easy part imho, but how to do authorization? At the moment every authorization request is done directly against the active directory. To change that SSRS will need own data tables for for groups and mappings. |
From what I can see from Googling, some developers are implementing custom security for SSRS 2016 Web Portal. It is a rewrite that should support modern authentication methods. If you build a web app that incorporates a report viewer, either the VS one or custom, RS web service authentication and authorization can occur on the back end, between the web server and the RS web service, using the web app identity, and user-level authentication/authorization can be performed by the web app (without involving RS) using methods of the developer's choice. That's the way I have always done it. |
I am in the process of working out what i can modify and what i have to keep.
i think i can see how to do a JWT token to an iidentity if the request has a token in the headers. the other half , the per object permissions is more of an issue. |
As a part of a project, I had to implement custom authentication and authorization for SSRS. As said, authentication was easy part, but for authorization, I had to call RS webservice on each item, such as folder or report, depending on case, and apply authorization over it by applying policies. Authentication is called on demand, but for authorization for items is not, it should already be available as item descriptor. The point I want to make is, the authorization related information is stored with Report Server itself and it does not depend on AD. |
It is in our backlog support for new authentication mechainisms however I can't provide any date yet |
SSRS needs some re-working to make it work with modern auth systems that are not based on a windows user account or asking the user for a password. Oauth, Open ID connect, JSON Web Tokens need to be pluggable to SSRS.
The text was updated successfully, but these errors were encountered: