We created a custom security extension for RS using Forms Authentication. The issue I am having is in ReportBuilder when the forms authentication ticket expires. Forms auth will attempt to redirect (send a HTTP 302) and the report builder will show the error message "Object moved to here" instead of prompt for credentials. I have been watching the IIS logs and I see the first time report builder start it attempt to connect using default windows credentials and after the FormsAuthenticationRequired exception it will prompt for credentials and invoke LogonUser method, but this only happens the first time or if change the server in the url. I was expecting ReportBuilder to consider the Forms Authentication expiration at any time.
Do you have any idea how to work around this?
Any help is really appreciated.
Thanks
Hope this helps. http://connect.microsoft.com/SQLServer/feedback/ViewFeedback.aspx?FeedbackID=278056RS using FBA deletes a cookie that is used in authenticating user. The fix is available on request( not released officially)
|||
Thanks for your response. I saw this fix before writing in this forum. (I found it here http://support.microsoft.com/kb/939942/ ) What I am concerned is that it is touching only the sharepoint dll. I am not using sharepoint. I do not even have RS configured for sharepoint integration. I am using Forms Authentication in the ReportServer and ReportBuilder displays the "object moved" error when the authentication ticket expires and gets a HTTP redirect while requesting a method in the web service after ticket expired. I suspect this is a bug. To workaround this I had to increase the timeout of the forms authentication in the web.config for ReportServer to 48 hours.
However if a user keeps a report open in the ReportBuilder application for more than 48 hours the changes will be lost because he will get the error and will not be able to save the changes. I think this is a bug. Microsoft has been saying Reporting Service 2005 supports Forms Authentication thru a custom security extension but I am not sure they have tested properly.
I have been inspecting the code for ReportBuilder application using .net Reflector and I noticed it prompts for credentials only when the main form is loaded and the first attemp using default Network Credentials fails because Forms Authentication is required. Then the LogonUser is invoked and the authentication cookie is created. However if this cookie expires they never attempt to connect again unless the server path change. In my opinion this is wrong. They should be consistent with the forms authentication and prompt for credentials again.
Increase the timeout in my opinion is a workaround but not the solution. If I am wrong and someone knows the answer to this, please, I will really appreciate it. In the other hand, I will try to get this fix for sharepoint. Maybe it will consist in more than sharepoint dll and it will "automagically" fix the issue 
Thanks for your reply.
No comments:
Post a Comment