SSRS reporting server 2019 customsecurity extension issue:requestcontext in getuserinfo method coming blank while accessing from client application

Question

0.00/5 (No votes)

See more:

In Microsoft SQL 2016 SSRS, in a CustomSecurity extension, this GetUserInfo method is invoked and HttpContext.Current.User contains data:

public void GetUserInfo(out IIdentity userIdentity, out IntPtr userId)  
{  
   // If the current user identity is not null,  
   // set the userIdentity parameter to that of the current user   
   if (HttpContext.Current != null  
       && HttpContext.Current.User != null)  
   {  
       userIdentity = HttpContext.Current.User.Identity;  
   }  
   else  
      userIdentity = null;  

   // initialize a pointer to the current user id to zero  
   userId = IntPtr.Zero;  
}

But in Microsoft SQL 2019 SSRS, in the same CustomSecurity extension, another GetUserInfo method (IAuthenticationExtension2) is invoked (by the same method in the client application that sends requests to this CustomSecurity extension) and HttpContext.Current and requestContext.User don’t contain data:

public void GetUserInfo(IRSRequestContext requestContext, out IIdentity userIdentity, out IntPtr userId)
{
    userIdentity = null;
    if (requestContext.User != null)
    {
        userIdentity = requestContext.User;
    }

    // initialize a pointer to the current user id to zero
    userId = IntPtr.Zero;
}

Why are HttpContext.Current and requestContext.User null in Microsoft SQL 2019 SSRS CustomSecurity extension? And how can we get userIdentity there in this case?

What I have tried:

1.Tried by checking the user credentials passing as request to destination server correctly or not
2.WebConfig and rsreportserver.config files checking for authentication and custom authentication passed or not.
3.Expecting sqlAuthCookie generation for user info details, since user authentication is not happening , exception is occurring by the source code as custom security exception is not enabled.

Posted 12-Feb-23 19:19pm

Member 12259080

Updated 23-Feb-23 20:44pm

v3

Add a Solution

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Andre Oosthuizen · Answer 1 · 2023-02-12T23:33:00

Solution 1

As per Microsoft How to install custom security extensions)[^] the following -

What changed?
A new interface was introduced that can be implemented via IRSRequestContext, which provides the more common properties used by extensions to make decisions related to authentication.

Implementation
The most generic example is accessing HttpContext.Current to read request information such as headers and cookies. In order to allow extensions to make the same decisions, we introduced a new method in the extension that provides request information and is called when authenticating from the portal.

Custom extensions have to implement the IAuthenticationExtension2 interface in order to use this new interface. The extensions will need to implement both versions of the GetUserInfo method, as one is called by the reportserver context and other used in Microsoft.ReportingServices.Portal.WebHost.exe process. The following sample shows one of the simple implementations for the portal where the identity resolved by the reportserver is the one used in C#.

public void GetUserInfo(IRSRequestContext requestContext, out IIdentity userIdentity, out IntPtr userId)
{
    userIdentity = null;
    if (requestContext.User != null)
    {
        userIdentity = requestContext.User;
    }

    // initialize a pointer to the current user id to zero
    userId = IntPtr.Zero;
}

Read more on the provided link on deployment and configurations as well as using machine keys.

Posted 12-Feb-23 23:33pm

Andre Oosthuizen

Comments

Member 12259080 27-Feb-23 22:31pm

Hi @Andre Oosthuizen

Thanks for your answer. In our code we already implemented and enabled custom security extension, but still we are experiencing the error as Custom Security is not enabled.

In SSRS 2019, Microsoft has introduced new interface as IAuthenticationExtension2 under GetUserInfo(IRSRequestContext requestContext) method, this will call from client application.

My concern/query is can't we use GetUserInfo which contain HttpContext.Current.User that Microsoft is using in 2016 SSRS server? or how can we use HttpContext.Current.User in GetUserInfo(IRSRequestContext requestContext) method.

Any knowledge in this regard is highly appreciated.

Thanks for all your sincere support

Andre Oosthuizen 28-Feb-23 4:18am

You will need to add a reference to the System.Web namespace at the beginning of your code file. To use the method, you will code similar to the following -

using System.Web;

You can access the current user's identity using the HttpContext.Current.User.Identity

using Microsoft.ReportingServices.Interfaces;

public class CustomSecurityExtension : IAuthorizationExtension2
{
    public void GetUserInfo(IRSRequestContext requestContext, out string userName, out string authenticationType, out IEnumerable<string> roles)
    {
        userName = HttpContext.Current.User.Identity.Name;
        authenticationType = HttpContext.Current.User.Identity.AuthenticationType;
        roles = HttpContext.Current.User.IsInRole("Administrators") ? new string[] { "Administrator" } : new string[] { "User" };
    }

    // Other methods omitted here if needed
}

The above gets the user name, then check if it is an administrator/role. You need to check that the naming is the same for your administrator role

Member 12259080 2-Mar-23 1:25am

Hi @Andre Oosthuizen,

Thanks for your answer. Implemented the above piece of code which you shared, but I am facing an error while building the application saying

"Error CS0535 'AuthenticationExtension' does not implement interface member 'IAuthenticationExtension2.GetUserInfo(IRSRequestContext, out IIdentity, out IntPtr)' CustomSecurity"

Also, can't be able to add Interface member "IAuthorizationExtension2"

Interface IAuthenticationExtension2 contains memebers as shown below,

public interface IAuthenticationExtension2 : IExtension
{
void GetUserInfo(out IIdentity userIdentity, out IntPtr userId);
void GetUserInfo(IRSRequestContext requestContext, out IIdentity userIdentity, out IntPtr userId);
bool IsValidPrincipalName(string principalName);
bool LogonUser(string userName, string password, string authority);
}

GetUserInfo(IRSRequestContext requestContext, out string userName, out string authenticationType, out IEnumerable<string> roles) parameters not in the member of IAuthenticationExtension2 interface.

Appreciate your help.

Andre Oosthuizen 2-Mar-23 1:51am

The error tells you where your problem lies - IEnumerable<string> roles) parameters not in the member of IAuthenticationExtension2 interface.

I will again suggest you read the link provided in the solution, follow the "next step" on each page to read-up more so you can ensure that your set-up is 100%.

The code provided above works fine, your set-up is not done correctly.

Member 12259080 23-Mar-23 4:26am

Hello @Andre Oosthuizen,

Thanks for all your support and answer, we tried to implement the code snippet which you shared, unfortunately we are experiencing above exception error that I already shared with you, and we couldn't be able to fix that.

Also, as you recommended to check the process flow (Next step) that Microsoft has been provided the link on custom security. We had cross verified the entire steps; I don't think we have missed anything from the link but still we are getting error.

We completely troubleshooted in all possible ways to fix the error (Authentication cookie).

Once again, thank you so much for providing the much-needed assistance we needed during this period.

Any other solution you could suggest is highly appreciated.

Thanks
Gurudath.R