如何调用 SSRS Rest-Api V1.0 实现了自定义安全性(非 SOAP)

How to call SSRS Rest-Api V1.0 with custom security implemented (NOT SOAP)

我已经在我的报告服务 2016 上实施了自定义安全性,一旦在浏览器 URL 栏(报告或报告服务器)上键入报告服务的 URL,它就会显示登录页面

我正在使用以下代码来传递凭据 当我在没有安全扩展的情况下使用代码时,它可以正常工作,看起来像这样

ICredentials _executionCredentials;

CredentialCache myCache = new CredentialCache();
Uri reportServerUri = new Uri(ReportServerUrl);
myCache.Add(new Uri(reportServerUri.GetLeftPart(UriPartial.Authority)),
                 "NTLM", new NetworkCredential(MyUserName, MyUserPassword));
_executionCredentials = myCache;

当我将代码与安全扩展一起使用时,它不起作用,看起来像这样

ICredentials _executionCredentials;
CredentialCache myCache = new CredentialCache();
Uri reportServerUri = new Uri(ReportServerUrl);

myCache.Add(new Uri(reportServerUri.GetLeftPart(UriPartial.Authority)),
                "Basic", new NetworkCredential(MyUserName, MyUserPassword));
_executionCredentials = myCache;

我得到一个异常,说“对这个 POST 请求的响应不包含 'location' header。这个客户端不支持。”当我实际使用此凭据时

"basic" 选项错误吗?

有人做过吗?


更新1 好吧,事实证明我的 SSRS 需要一个授权 cookie 我无法通过(根据 fiddler 的说法,没有 cookie)

HttpWebRequest request;
request = (HttpWebRequest)HttpWebRequest.Create("http://mylocalcomputerwithRS/Reports_SQL2016/api/v1.0");
CookieContainer cookieJar = new CookieContainer();
request.CookieContainer = cookieJar;
Cookie authCookie =  new Cookie("sqlAuthCookie", "username:password");
authCookie.Domain = ".mydomain.mylocalcomputerwithRS";
if (authCookie != null)
    request.CookieContainer.Add(authCookie);
request.Timeout = -1;

HttpWebResponse myHttpWebResponse = (HttpWebResponse)request.GetResponse();

我就是这样得到它的(SSRS 2017;api v2.0)。我从 Fiddler 获取了 "body" 的值:

    var handler = new HttpClientHandler();
    var httpClient = new HttpClient(handler);

    Assert.AreEqual(0, handler.CookieContainer.Count);

    // Create a login form
    var body = new Dictionary<string, string>()
    {
        {"__VIEWSTATE", "9cZYKBmLKR3EbLhJvaf1JI7LZ4cc0244Hpcpzt/2MsDy+ccwNaw9hswvzwepb4InPxvrgR0FJ/TpZWbLZGNEIuD/dmmqy0qXNm5/6VMn9eV+SBbdAhSupsEhmbuTTrg7sjtRig==" },
        {"__VIEWSTATEGENERATOR", "480DEEB3"},
        { "__EVENTVALIDATION", "IS0IRlkvSTMCa7SfuB/lrh9f5TpFSB2wpqBZGzpoT/aKGsI5zSjooNO9QvxIh+QIvcbPFDOqTD7R0VDOH8CWkX4T4Fs29e6IL92qPik3euu5QpidxJB14t/WSqBywIMEWXy6lfVTsTWAkkMJRX8DX7OwIhSWZAEbWZUyJRSpXZK5k74jl4x85OZJ19hyfE9qwatskQ=="},
        {"txtUserName",  "User"},
        {"txtPassword", "1"},
        {"btnLogin","Войти"}
    };
    var content = new FormUrlEncodedContent(body);

    // POST to login form
    var response = await httpClient.PostAsync("http://127.0.0.1:777/ReportServer/Logon.aspx", content);

    // Check the cookies created by server
    Assert.AreEqual(HttpStatusCode.OK, response.StatusCode);
    var cookies = handler.CookieContainer.GetCookies(new Uri("http://127.0.0.1:777/ReportServer"));
    Assert.AreEqual("sqlAuthCookie", cookies[0].Name);

    // Make new request to secured resource
    var myresponse = await httpClient.GetAsync("http://127.0.0.1:777/Reports/api/v2.0/Folders");

    var stringContent = await myresponse.Content.ReadAsStringAsync();
    Console.Write(stringContent);

作为替代方案,您可以自定义 SSRS 自定义安全示例。

我分叉了 Microsoft 的自定义安全示例来完成您所描述的事情(很久以前客户需要该功能并在 GitHub 上作为可共享项目重新实现)。

https://github.com/sonrai-LLC/ExtRSAuth

我还创建了一个 YouTube 演练来展示如何使用此 ExtRSAuth SSRS 安全程序集扩展和调试 SSRS 安全性 https://www.youtube.com/watch?v=tnsWChwW7lA

TL;博士;只需绕过 Login.aspx.cs 中的 Microsoft 示例身份验证检查并将您的身份验证放在 Page_Load() 或 Page_Init() 事件中 Login.aspx.cs- 无论您想要执行一些自定义日志记录检查- 然后立即将经过身份验证的用户重定向到他们请求的 URI。