如何调用 SSRS Rest-Api V1.0 实现了自定义安全性(非 SOAP)
How to call SSRS Rest-Api V1.0 with custom security implemented (NOT SOAP)
我已经在我的报告服务 2016 上实施了自定义安全性,一旦在浏览器 URL 栏(报告或报告服务器)上键入报告服务的 URL,它就会显示登录页面
我正在使用以下代码来传递凭据
当我在没有安全扩展的情况下使用代码时,它可以正常工作,看起来像这样
ICredentials _executionCredentials;
CredentialCache myCache = new CredentialCache();
Uri reportServerUri = new Uri(ReportServerUrl);
myCache.Add(new Uri(reportServerUri.GetLeftPart(UriPartial.Authority)),
"NTLM", new NetworkCredential(MyUserName, MyUserPassword));
_executionCredentials = myCache;
当我将代码与安全扩展一起使用时,它不起作用,看起来像这样
ICredentials _executionCredentials;
CredentialCache myCache = new CredentialCache();
Uri reportServerUri = new Uri(ReportServerUrl);
myCache.Add(new Uri(reportServerUri.GetLeftPart(UriPartial.Authority)),
"Basic", new NetworkCredential(MyUserName, MyUserPassword));
_executionCredentials = myCache;
我得到一个异常,说“对这个 POST 请求的响应不包含 'location' header。这个客户端不支持。”当我实际使用此凭据时
"basic" 选项错误吗?
有人做过吗?
更新1
好吧,事实证明我的 SSRS 需要一个授权 cookie
我无法通过(根据 fiddler 的说法,没有 cookie)
HttpWebRequest request;
request = (HttpWebRequest)HttpWebRequest.Create("http://mylocalcomputerwithRS/Reports_SQL2016/api/v1.0");
CookieContainer cookieJar = new CookieContainer();
request.CookieContainer = cookieJar;
Cookie authCookie = new Cookie("sqlAuthCookie", "username:password");
authCookie.Domain = ".mydomain.mylocalcomputerwithRS";
if (authCookie != null)
request.CookieContainer.Add(authCookie);
request.Timeout = -1;
HttpWebResponse myHttpWebResponse = (HttpWebResponse)request.GetResponse();
我就是这样得到它的(SSRS 2017;api v2.0)。我从 Fiddler 获取了 "body" 的值:
var handler = new HttpClientHandler();
var httpClient = new HttpClient(handler);
Assert.AreEqual(0, handler.CookieContainer.Count);
// Create a login form
var body = new Dictionary<string, string>()
{
{"__VIEWSTATE", "9cZYKBmLKR3EbLhJvaf1JI7LZ4cc0244Hpcpzt/2MsDy+ccwNaw9hswvzwepb4InPxvrgR0FJ/TpZWbLZGNEIuD/dmmqy0qXNm5/6VMn9eV+SBbdAhSupsEhmbuTTrg7sjtRig==" },
{"__VIEWSTATEGENERATOR", "480DEEB3"},
{ "__EVENTVALIDATION", "IS0IRlkvSTMCa7SfuB/lrh9f5TpFSB2wpqBZGzpoT/aKGsI5zSjooNO9QvxIh+QIvcbPFDOqTD7R0VDOH8CWkX4T4Fs29e6IL92qPik3euu5QpidxJB14t/WSqBywIMEWXy6lfVTsTWAkkMJRX8DX7OwIhSWZAEbWZUyJRSpXZK5k74jl4x85OZJ19hyfE9qwatskQ=="},
{"txtUserName", "User"},
{"txtPassword", "1"},
{"btnLogin","Войти"}
};
var content = new FormUrlEncodedContent(body);
// POST to login form
var response = await httpClient.PostAsync("http://127.0.0.1:777/ReportServer/Logon.aspx", content);
// Check the cookies created by server
Assert.AreEqual(HttpStatusCode.OK, response.StatusCode);
var cookies = handler.CookieContainer.GetCookies(new Uri("http://127.0.0.1:777/ReportServer"));
Assert.AreEqual("sqlAuthCookie", cookies[0].Name);
// Make new request to secured resource
var myresponse = await httpClient.GetAsync("http://127.0.0.1:777/Reports/api/v2.0/Folders");
var stringContent = await myresponse.Content.ReadAsStringAsync();
Console.Write(stringContent);
作为替代方案,您可以自定义 SSRS 自定义安全示例。
我分叉了 Microsoft 的自定义安全示例来完成您所描述的事情(很久以前客户需要该功能并在 GitHub 上作为可共享项目重新实现)。
https://github.com/sonrai-LLC/ExtRSAuth
我还创建了一个 YouTube 演练来展示如何使用此 ExtRSAuth SSRS 安全程序集扩展和调试 SSRS 安全性 https://www.youtube.com/watch?v=tnsWChwW7lA
TL;博士;只需绕过 Login.aspx.cs 中的 Microsoft 示例身份验证检查并将您的身份验证放在 Page_Load() 或 Page_Init() 事件中 Login.aspx.cs- 无论您想要执行一些自定义日志记录检查- 然后立即将经过身份验证的用户重定向到他们请求的 URI。
我已经在我的报告服务 2016 上实施了自定义安全性,一旦在浏览器 URL 栏(报告或报告服务器)上键入报告服务的 URL,它就会显示登录页面
我正在使用以下代码来传递凭据 当我在没有安全扩展的情况下使用代码时,它可以正常工作,看起来像这样
ICredentials _executionCredentials;
CredentialCache myCache = new CredentialCache();
Uri reportServerUri = new Uri(ReportServerUrl);
myCache.Add(new Uri(reportServerUri.GetLeftPart(UriPartial.Authority)),
"NTLM", new NetworkCredential(MyUserName, MyUserPassword));
_executionCredentials = myCache;
当我将代码与安全扩展一起使用时,它不起作用,看起来像这样
ICredentials _executionCredentials;
CredentialCache myCache = new CredentialCache();
Uri reportServerUri = new Uri(ReportServerUrl);
myCache.Add(new Uri(reportServerUri.GetLeftPart(UriPartial.Authority)),
"Basic", new NetworkCredential(MyUserName, MyUserPassword));
_executionCredentials = myCache;
我得到一个异常,说“对这个 POST 请求的响应不包含 'location' header。这个客户端不支持。”当我实际使用此凭据时
"basic" 选项错误吗?
有人做过吗?
更新1 好吧,事实证明我的 SSRS 需要一个授权 cookie 我无法通过(根据 fiddler 的说法,没有 cookie)
HttpWebRequest request;
request = (HttpWebRequest)HttpWebRequest.Create("http://mylocalcomputerwithRS/Reports_SQL2016/api/v1.0");
CookieContainer cookieJar = new CookieContainer();
request.CookieContainer = cookieJar;
Cookie authCookie = new Cookie("sqlAuthCookie", "username:password");
authCookie.Domain = ".mydomain.mylocalcomputerwithRS";
if (authCookie != null)
request.CookieContainer.Add(authCookie);
request.Timeout = -1;
HttpWebResponse myHttpWebResponse = (HttpWebResponse)request.GetResponse();
我就是这样得到它的(SSRS 2017;api v2.0)。我从 Fiddler 获取了 "body" 的值:
var handler = new HttpClientHandler();
var httpClient = new HttpClient(handler);
Assert.AreEqual(0, handler.CookieContainer.Count);
// Create a login form
var body = new Dictionary<string, string>()
{
{"__VIEWSTATE", "9cZYKBmLKR3EbLhJvaf1JI7LZ4cc0244Hpcpzt/2MsDy+ccwNaw9hswvzwepb4InPxvrgR0FJ/TpZWbLZGNEIuD/dmmqy0qXNm5/6VMn9eV+SBbdAhSupsEhmbuTTrg7sjtRig==" },
{"__VIEWSTATEGENERATOR", "480DEEB3"},
{ "__EVENTVALIDATION", "IS0IRlkvSTMCa7SfuB/lrh9f5TpFSB2wpqBZGzpoT/aKGsI5zSjooNO9QvxIh+QIvcbPFDOqTD7R0VDOH8CWkX4T4Fs29e6IL92qPik3euu5QpidxJB14t/WSqBywIMEWXy6lfVTsTWAkkMJRX8DX7OwIhSWZAEbWZUyJRSpXZK5k74jl4x85OZJ19hyfE9qwatskQ=="},
{"txtUserName", "User"},
{"txtPassword", "1"},
{"btnLogin","Войти"}
};
var content = new FormUrlEncodedContent(body);
// POST to login form
var response = await httpClient.PostAsync("http://127.0.0.1:777/ReportServer/Logon.aspx", content);
// Check the cookies created by server
Assert.AreEqual(HttpStatusCode.OK, response.StatusCode);
var cookies = handler.CookieContainer.GetCookies(new Uri("http://127.0.0.1:777/ReportServer"));
Assert.AreEqual("sqlAuthCookie", cookies[0].Name);
// Make new request to secured resource
var myresponse = await httpClient.GetAsync("http://127.0.0.1:777/Reports/api/v2.0/Folders");
var stringContent = await myresponse.Content.ReadAsStringAsync();
Console.Write(stringContent);
作为替代方案,您可以自定义 SSRS 自定义安全示例。
我分叉了 Microsoft 的自定义安全示例来完成您所描述的事情(很久以前客户需要该功能并在 GitHub 上作为可共享项目重新实现)。
https://github.com/sonrai-LLC/ExtRSAuth
我还创建了一个 YouTube 演练来展示如何使用此 ExtRSAuth SSRS 安全程序集扩展和调试 SSRS 安全性 https://www.youtube.com/watch?v=tnsWChwW7lA
TL;博士;只需绕过 Login.aspx.cs 中的 Microsoft 示例身份验证检查并将您的身份验证放在 Page_Load() 或 Page_Init() 事件中 Login.aspx.cs- 无论您想要执行一些自定义日志记录检查- 然后立即将经过身份验证的用户重定向到他们请求的 URI。