Last post Nov 25, 2014 04:30 AM by cmsesan1
Nov 24, 2014 05:48 AM|cmsesan1|LINK
We have a hosted ASP.NET Web Forms application, and this application accesses data stored in the office SQL Server database via WCF Web services. The Web services are secured with .NET 4.5 Username security.
I have been asked to produce reports for the application so users can see reports on their data. In testing I managed to display reports quite successfully using the ReportViewer control accessing data from our internal instance of Reporting Services on
the LAN, but the application would have it's own instance of Reporting Services.
My problem is that I need to report on data which is in the office, but the ReportViewer control would be in the hosted Web application elsewhere. I think I need to somehow expose an instance of Reporting Services from the office so that I can view reports
in the Web application. The instance of reporting services would need to be secured so that only the Web application could call reporting services. I could pass a unique username parameter to identify the logged in user and get their data. The application
could access Reporting Services always using the same username and password so perhaps a Windows account could be used for that?
Is there a safe way that I could expose Reporting Services from the office, and to access it using a single username and password from the Web application?
Some ideas I have had to make things more secure are as follows:
Note: I do not think that I can create local .rdlc reports using my free version of Visual Studio, although we could purchase a version if forced to report on data via the Web services.
Any help would be greatly appreciated...
*** Update: There are some settings which appear to lock Reporting Services down to some extent here
C:\Program Files\Microsoft SQL Server\MSRS10_50.SQLEXPRESS\Reporting Services\ReportServer\rsreportserver.config
So now I am wondering whether to set up a local machine account with minimal permissions and only give that user Browser access to Reporting Services.
I guess basic authentication could be used over https to view reports in the Report Viewer control?
Nov 25, 2014 02:57 AM|Michelle Ge - MSFT|LINK
I think I need to somehow expose an instance of Reporting Services from the office so that I can view reports in the Web application
So far as I know, if you want to connect Access database in the application, you can set it in the application. Please refer to the steps below:
In the Choose Data Source dialog box, select
Microsoft Access Database File, and then click OK.
If the Add Connection dialog box opens, and the
Data source is not Microsoft Access Database File, click
Change to open the Choose/Change Data Source dialog box. For more information.
Enter the path to the database file you want to access, or click the
Browse button to locate the database file.
Enter login information if required by your database.
As we know, the Access DataBase and the application are different servers. When you create connection by the above steps, we need to select the Access server.
For more information about how to connect Access DataBase, please refer to the steps below:
Hope it's useful for you.
Nov 25, 2014 04:30 AM|cmsesan1|LINK
I am not sure this was an answer to my question. I think I need to expose specific data in the ReportViewer control via Reporting Services, and to lock Reporting Services down so this can be done in a secure way. Exposing the SQL Server database (not Access)
seems like a more risky proposition.