I am trying to allow Excel 2010 to connect to a SSAS 2008 cube via IIS 7.5. I have setup the msmdpump in IIS 7.5 and can successfully access the cube through excel with the url http://localhost/Excel/msmdpump.dll. This works for both Windows Authentication and Basic Authentication. So far so good. However, I need this to work with custom authentication since we will have potentially hundreds of users that will need access and their credentials will be stored in a SQL 2008 table.
I have tried creating a custom authentication http module however it isn't called by Excel. Is it possible to create an http module or something else that will allow me to authenticate users against a custom data store when a user tries to access a cube in Excel?
P.S. After I authenticate the user, I would use impersonation to connect to SSAS with a Windows Account.
I was able to get this to work with an http module. The code is very similar to that of the Custom Basic Authentication Module on Code Plex. The key was that I had to set the Application Pool to Integrated Mode. I set the application pool to run under a windows account. If the user credentials were ok against the SQL table, I inserted a value into the customdata property in the xmla so I could limit access to what the user could see.
Related
I have developed an application in MVC 5 which has form authentication. Now I am using azure autoscalling on the application. Form authentication is working fine when I use single instance but when I use autoscalling, form authentication stops working (user is not getting authenticated). I tried to give same machine key on all the instances but no success.
Any idea what changes I need to do in order to make form authentication working with azure autoscalling?
I am assuming, you must be using SQL server for the membership features. If Yes , then did you scale the SQL database too.
Also Have you added the application insight or some kind of logging in your application.
can you check the logs that which DB or source you are using to authenticate? Also if you find the source , can you run the query if your user is available in the DB or not?
We have created a dns for external and internal employees to visit an application website. They can both reach the website hosted in iis. they can both download the application that has been deployed using clickonce.
Issue is we want to password protect for external employees.. Internally its ok because we use windows authentication and have a group of users for specific applications.
we created an ad account and password. when i setup windows auth and restrict to this one ad account. i enter in username and password when going to the external dns. thats fine.. i click on the application to install.. and when its trying to install i get + The remote server returned an error: (401) Unauthorized.i'm getting a security error even after i put in the credentials , it somehow still fails when going to install.. what can i do to better password protect applications that will be accessed from the outside using clickonce.. or fix this issue thanks
I am stuck at the moment on trying to configure the Windows authentication on a web site.
The site is configured (in IIS 7.5) as follows:
Windows authentication and ASP.NET Impersonation - Enabled.
The 'Enable Kernel-mode authentication' is checked.
Providers section contain all 3 possible: Negotiate, NTLM, Negotiate:Kerberos.
The site connects to a SQL Server using Windows authentication as well.
The Web server is marked as trusted for delegation for the SQL server.
When I browse the site locally from the web server everything works; when I browse it from a client computer I get the well known error "Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'"
I read I should set some SPNs - but in my case - to what\whom ?...
The access to the SQL Server is done individually to users (also, the Web server, SQL server and the users accessing the site are in the same domain; the application pool also uses a domain account)
An advice would be much appreciated ...
I think you're getting "Anonymous Logon" because you have anonymous logon enabled.
Try enabling only Windows authentication and ASP.NET Impersonation and disabling the rest
Also might help to check the internet explorer security settings for the 'zone' you're in from the client computer (i'm guessing internet) at the very end set internet explorer to prompt for user name and password
All,
I have a workbook that contains an ODBC connection to an SQL Server and dumps the data from the query into a Table (VBA calls it a ListObject). Right now, everything is using Windows Authentication.
Now I am trying to get other users to be able to use this workbook. My DBA has decided it would be best to simply not use a windows account anymore, but instead to create a service account with password.
I have tried adjusting my workbook connection's authentication settings to use this service account (tried SSO and none with the actual authentication piece being in the connection string), but it still seems to be using windows authentication. Is there a way to direct Excel to use a service account instead of the Windows credentials?
Thanks.
Figured it out. Apparently, if you have TrustedConnection=yes in your connectionstring, it will ignore the UID and try authentication with Windows :-) Deleting that from my connection string seemed to work :-)
I have a server which hosts Sharepoint 2010. I have another server which hosts a SQL Server 2008 R2. SharePoint is Kerberos/Claims Based.
On my SharePoint, I installed a custom made webpart that connects to the SQL Server machine using standard connection string (Data Source=myServerAddress;Initial Catalog=myDataBase;Integrated Security=SSPI;).
The problem is that when the webpart tries to connect to the sql server, I get the following message :
Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'
What we've done :
Verify all spn/delegation/trusts things - everything seems okay.
Tried to connect directly from the sharepoint machine via a UDL file to sql server, and it works.
Tried the webpart as standalone ASPX page on a single machine server to prove the code is supposed to work, and it works.
Wireshark -> We can see a KDC_ERR_S_PRINCIPAL_UNKNOWN when ANONYMUS LOGON tries to connect to sql server (obvisously).
SharePoint Developer Dashboard shows us our current username, which is not ANONYMUS.
Traces in the webpart shows two things : The HTTPCONTEXT is set to my current user, so is the Thread.Current.
Using SQL Profiler, we can see that the request is from ANONYMUS
We tried to access a web service on another server from another custom made webpart, and it failed for the same reason (ANONYMUS).
What are we missing? The problem really seems to be that SharePoint is unable to send the current user credential to another server (sql or not).
Have you verified that Kerberos is working ?
Download the Troubleshooting Kerberos Delegation
http://www.microsoft.com/DOWNLOADS/details.aspx?familyid=99B0F94F-E28A-4726-BFFE-2F64AE2F59A2&displaylang=en