IReportServerCredentials & ReportViewer 在域内工作,但在另一个域中使用 SSRS 时得到 401

IReportServerCredentials & ReportViewer work within a domain, but get 401 when SSRS in another domain

使用 ReportViewer 控件的 IReportServerCredentials 方法在一个域中工作正常,但我在尝试调用另一个域中的 SSRS 服务器的 Web IIS 服务器时收到 401 未授权错误。我已经看到很多关于使用 IReportServerCredentials 的有用帖子,但没有任何内容为这个跨域问题提供建议。

使用 VS 2008 VB.NET 带有 ReportViewer 控件的 Web 应用 Version=8.0.0.0.

域外 Web 服务器 IIS 8。OS = Windows NT 6.2;

域A内Windows 7个桌面;域 A 内部 Windows Server 2003

SSRS 使用 windows 身份验证并在 SQL Server 2012 上。OS = Windows NT 6.2

当 Web 服务器应用 运行 在与 SSRS 服务器位于同一域的计算机上时,下面描述的处理成功生成报告。对于"same domain" web 应用程序,Win 7 桌面VS 2008 开发服务器和Windows 2003 IIS 6 均已成功测试。

当 Web 应用程序 运行 来自 windows IIS 8 计算机(向外或面向 Internet 的 Web 服务器)时,报告失败并出现错误 "The request failed with HTTP status 401: not authorized " SSRS 服务器。 ReportViewer 控件凭据(由 IReportServerCredentials 提供并取自 web.config 文件)与与 SSRS 服务器位于同一域中的域帐户匹配,并且该域帐户对报告文件夹具有浏览器权限。相同的凭据已成功用于从 SSRS 域内请求的报告。

一件有趣的事情是,在面向 Internet 的 Web 服务器上,我可以通过浏览器请求访问报告。因此,来自面向 Internet 的计算机的用户请求可以通过 SSRS windows 身份验证。只是不适用于 ReportViewer。

根据 example provided by Microsoft 使用 IReportServerCredentials 接口。

IReportServerCredentials 似乎是一个很好的方法,因为它可以传递 SSRS 服务器已知但客户端计算机不知道的 windows 帐户的凭据。顺便说一句,使用 SQL 服务器本机登录帐户对 domainA 中的 SQL 服务器的数据库调用工作正常。所以网络支持与网络服务器不属于的域通信。

<Serializable()> _
Public NotInheritable Class MyReportServerCredentials
    Implements IReportServerCredentials

    Public ReadOnly Property ImpersonationUser() As System.Security.Principal.WindowsIdentity _
        Implements IReportServerCredentials.ImpersonationUser
        Get
            'Use the default windows user.  Credentials will be
            'provided by the NetworkCredentials property.
            Return Nothing
        End Get
    End Property

    Public ReadOnly Property NetworkCredentials() As ICredentials _
            Implements IReportServerCredentials.NetworkCredentials

        Get

            'Read the user information from the web.config file.  
            'By reading the information on demand instead of storing 
            'it, the credentials will not be stored in session, 
            'reducing the vulnerable surface area to the web.config 
            'file, which can be secured with an ACL.

            'User name
            Dim userName As String = _
                ConfigurationManager.AppSettings("MyReportViewerUser")

            If (String.IsNullOrEmpty(userName)) Then
                Throw New Exception("Missing user name from web.config file")
            End If

            'Password
            Dim password As String = _
                ConfigurationManager.AppSettings("MyReportViewerPassword")

            If (String.IsNullOrEmpty(password)) Then
                Throw New Exception("Missing password from web.config file")
            End If

            'Domain
            Dim domain As String = _
                ConfigurationManager.AppSettings("MyReportViewerDomain")

            If (String.IsNullOrEmpty(domain)) Then
                Throw New Exception("Missing domain from web.config file")
            End If

            Return New NetworkCredential(userName, password, domain)

        End Get
    End Property

    Public Function GetFormsCredentials(ByRef authCookie As Cookie, _
                   ByRef userName As String, _
                   ByRef password As String, _
                   ByRef authority As String) As Boolean _
        Implements IReportServerCredentials.GetFormsCredentials
        authCookie = Nothing
        userName = Nothing
        password = Nothing
        authority = Nothing

        'Not using form credentials
        Return False

    End Function
End Class

'Set the ReportViewer values and retrieve the report from the SSRS server into a pdf file on the client machine.

ProposalRptViewer.ProcessingMode = Microsoft.Reporting.WebForms.ProcessingMode.Remote

' Set the ReportViewer ReportServerCredentials from the MyReportServerCredentials Class.
' Note the credentials are for a domain account defined in the same domain that the SSRS server belongs to and one that has browser permission on the report folder. 

ProposalRptViewer.ServerReport.ReportServerCredentials = _
     New MyReportServerCredentials()

ProposalRptViewer.ServerReport.ReportServerUrl = New Uri(System.Configuration.ConfigurationManager.AppSettings(Web.[Global].CfgKeyReportServerURL))
ProposalRptViewer.ServerReport.ReportPath = System.Configuration.ConfigurationManager.AppSettings(Web.[Global].CfgKeyReportPathProposal)
ProposalRptViewer.ShowCredentialPrompts = False     ' disable prompting for data source credentials 

Dim paramList As New Generic.List(Of ReportParameter)
Dim pInfo As ReportParameterInfoCollection
pInfo = ProposalRptViewer.ServerReport.GetParameters()
paramList.Add(New ReportParameter("ProposalID", ProposalID, True))paramList.Add(New ReportParameter("Entity", Entity, True))
paramList.Add(New ReportParameter("intRatesPage", intRatesPage1, True))
ProposalRptViewer.ServerReport.SetParameters(paramList)

' Process and render the report 
ProposalRptViewer.ServerReport.Refresh()

Dim mimeType As String = Nothing
Dim encoding As String = Nothing
Dim streams As String() = Nothing
Dim extension As String = Nothing
Dim warnings As Microsoft.Reporting.WebForms.Warning() = Nothing
Dim returnValue As Byte()

' Render the proposal Rate Page 1 report to a Byte Array output in pdf file format.
returnValue = ProposalRptViewer.ServerReport.Render("PDF", Nothing, mimeType, encoding, extension, streams, warnings)

错误仅发生在不在 SSRS 服务器域中的 Web 服务器上:

The request failed with HTTP status 401: Unauthorized. Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.Net.WebException: The request failed with HTTP status 401: Unauthorized.

Source Error: An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below. Stack Trace:

[WebException: The request failed with HTTP status 401: Unauthorized.] Microsoft.SqlServer.ReportingServices2005.Execution.RSExecutionConnection.GetSecureMethods() +236 Microsoft.SqlServer.ReportingServices2005.Execution.RSExecutionConnection.IsSecureMethod(String methodname) +58 Microsoft.SqlServer.ReportingServices2005.Execution.RSExecutionConnection.SetConnectionSSLForMethod(String methodname) +16 Microsoft.SqlServer.ReportingServices2005.Execution.RSExecutionConnection.LoadReport(String Report, String HistoryID) +226 Microsoft.Reporting.WebForms.ServerReport.GetExecutionInfo() +192 Microsoft.Reporting.WebForms.ServerReport.SetParameters(IEnumerable`1 parameters) +136 DeltaRater.Web.ViewRates.btnCreateProposal_Click(Object sender, EventArgs e) in C:\alex\~~_____Rapid_Rater\SourceDir_VS2008_Jan17_2014\DRR\ViewRates.aspx.vb:911 System.Web.UI.WebControls.Button.OnClick(EventArgs e) +115 System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) +140 System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) +29 System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +2981 ________________________________________ Version Information: Microsoft .NET Framework Version:2.0.50727.8009; ASP.NET Version:2.0.50727.8010

我在这里回答了类似的问题 -> 。

您确定为您的报告用户创建了一个本地帐户吗?