Home Dashboard Directory Help
Search

Anonymous Access With SSRS 2008 R2 Not Working by ESpigle


Status: 

Active


9
0
Sign in
to vote
Type: Bug
ID: 565010
Opened: 6/3/2010 12:18:56 PM
Access Restriction: Public
0
Workaround(s)
view
8
User(s) can reproduce this bug

Description

We are not able to get anonymous access working on a fresh install of SSRS 2008 R2. We realize it wasn't intended to work with anonymous but it is something we need for how we use SSRS. The best information we can find on getting it to work in 2008 is the article in this link:

http://blogs.msdn.com/b/jameswu/archive/2008/07/15/anonymous-access-in-sql-rs-2008.aspx

We have followed this article exactly and have tried a couple different times with different settings and cannot get anonymous access to work whatsoever. The best we can assume is that this article is meant only for 2008 (not R2). Here are the errors we see in the log file after firing it up with these changes:

=====

rshost!rshost!5e4!06/02/2010-10:13:03:: e ERROR: Invalid ExtendedProtectionPolicy specified.

servicecontroller!DefaultDomain!760!06/02/2010-10:13:03:: e ERROR: Error creating HTTP endpoint. System.ArgumentException: Value does not fall within the expected range.
at Microsoft.ReportingServices.HostingInterfaces.IRsUnmanagedCallback.CreateHttpEndpoint(RsAppDomainType application, String[] urlPrefixes, Int32 cPrefixes, String[] hosts, Int32 cHosts, Boolean wildCardPresent, String virtualDirectory, String filePath, Int32 authType, Int32 logonMethod, String authDomain, String authRealm, Boolean authPersist, Int32 extendedProtectionLevel, Int32 extendedProtectionScenario, Boolean enabled)
at Microsoft.ReportingServices.Library.ServiceAppDomainController.SetWebConfiguration(RunningApplication rsApplication, Boolean enabled, String folder)
appdomainmanager!DefaultDomain!760!06/02/2010-10:13:03:: i INFO: The UserAccountControl value for the service account is 590336
rshost!rshost!b64!06/02/2010-10:13:03:: e ERROR: Invalid ExtendedProtectionPolicy specified.

servicecontroller!DefaultDomain!760!06/02/2010-10:13:03:: e ERROR: Error creating HTTP endpoint. System.ArgumentException: Value does not fall within the expected range.
at Microsoft.ReportingServices.HostingInterfaces.IRsUnmanagedCallback.CreateHttpEndpoint(RsAppDomainType application, String[] urlPrefixes, Int32 cPrefixes, String[] hosts, Int32 cHosts, Boolean wildCardPresent, String virtualDirectory, String filePath, Int32 authType, Int32 logonMethod, String authDomain, String authRealm, Boolean authPersist, Int32 extendedProtectionLevel, Int32 extendedProtectionScenario, Boolean enabled)
at Microsoft.ReportingServices.Library.ServiceAppDomainController.SetWebConfiguration(RunningApplication rsApplication, Boolean enabled, String folder)
rshost!rshost!b64!06/02/2010-10:13:03:: e ERROR: Invalid ExtendedProtectionPolicy specified.

servicecontroller!DefaultDomain!760!06/02/2010-10:13:03:: e ERROR: Error creating HTTP endpoint. System.ArgumentException: Value does not fall within the expected range.
at Microsoft.ReportingServices.HostingInterfaces.IRsUnmanagedCallback.CreateHttpEndpoint(RsAppDomainType application, String[] urlPrefixes, Int32 cPrefixes, String[] hosts, Int32 cHosts, Boolean wildCardPresent, String virtualDirectory, String filePath, Int32 authType, Int32 logonMethod, String authDomain, String authRealm, Boolean authPersist, Int32 extendedProtectionLevel, Int32 extendedProtectionScenario, Boolean enabled)
at Microsoft.ReportingServices.Library.ServiceAppDomainController.SetWebConfiguration(RunningApplication rsApplication, Boolean enabled, String folder)

=====

The bottom line is we are looking for detailed information on getting anonymous to work in SSRS 2008 R2. While some information is out there for 2008, R2 still seems to be new enough not to have anything. We've heard that another possible way to accomplish this is with a reverse proxy, yet have seen no details whatsoever in how to set such a thing up. Details on a proxy server, if this is a viable solution, would be fantastic (especially ISA 2006). Any other solutions that work for R2 (akin to the link above) would be helpful as well.
Details
Sign in to post a comment.
Posted by TNTest on 7/29/2011 at 11:11 PM
Hi Lukasz,

We also encounter the same issue.

We'd like to know HOWTO " put a gateway device in front of the SSRS which assigns a single known lowprivilege windows identity to the incomong anonymous users."

Looking forward for your response. Thanks in advance.
Posted by Pieter Theron on 7/13/2010 at 12:23 AM
Hi Lukasz,

Were experiencing the exact same issue.

Could you point me to a documented workaround regarding the suggested solution you mentioned : "gateway device in front of the SSRS which assigns a single known lowprivilege windows identity to the incomong anonymous users".

Are you saying that allowing anonymous access to users through Security Extensions in SSRS are no longer supported in SSRS 2008 R2?

We would like to expose ReportManager through Forms Based Authentication and ReportServer to either anonymous users or passing authentication cookies from logged in users to the report server. Is this possible?



Posted by Microsoft on 6/25/2010 at 7:50 AM
Thank you for filing this bug. Reporting Services does not support anonymous authentication. As such I cannot recommend configuring the report server in the way the blog post you mention describes - a blog post is a blog post and not a statement of support.

Now, in this case, there are two problems:
1) SQL 2008 R2 has added new required configuration settings in the Authentication section of the rsreportserver.config file. These are ExtendedProtection*. It appears you copied the blog post directly and in consequence removed these settings. You will need to add these back into the configuration file.
2) It appears something is wrong with your authentication settings (leading to the system.argumentexception). If you attach your configuration file to this bug, we could look at it and see if we can spot the issue.

The recommended approach for dealing with Anonymous users is to put a gateway device in front of the SSRS which assigns a single known lowprivilege windows identity to the incomong anonymous users.

Hope this helps,
-Lukasz
Sign in to post a workaround.