Reporting Service 2016 匿名访问配置
环境:SQL SERVER 2016
一、修改配置文件
需要修改的配置文件目录C:\Program Files\Microsoft SQL Server\MSRS13.MSSQLSERVER\Reporting Services\ReportServer🐖,具体看自己服务器的实际路径
1、修改 web.config
找到:
<authentication mode="Windows" /> <identity impersonate="true" />
修改为:
<authentication mode="None" /> <identity impersonate="false"/>
2、修改rsreportserver.config
1.找到:
<Authentication>
<AuthenticationTypes>
<RSWindowsNTLM/>
</AuthenticationTypes>
<RSWindowsExtendedProtectionLevel>Off</RSWindowsExtendedProtectionLevel>
<RSWindowsExtendedProtectionScenario>Proxy</RSWindowsExtendedProtectionScenario>
<EnableAuthPersistence>true</EnableAuthPersistence>
</Authentication>
修改为:
<Authentication>
<AuthenticationTypes>
<Custom/>
</AuthenticationTypes>
<RSWindowsExtendedProtectionLevel>Off</RSWindowsExtendedProtectionLevel>
<RSWindowsExtendedProtectionScenario>Proxy</RSWindowsExtendedProtectionScenario>
<EnableAuthPersistence>true</EnableAuthPersistence>
</Authentication>
2.找到:
<Security>
<Extension Name="Windows" Type="Microsoft.ReportingServices.Authorization.WindowsAuthorization, Microsoft.ReportingServices.Authorization"/>
</Security>
<Authentication>
<Extension Name="Windows" Type="Microsoft.ReportingServices.Authentication.WindowsAuthentication, Microsoft.ReportingServices.Authorization"/>
</Authentication>
修改为:
<Security>
<Extension Name="None" Type="Microsoft.Samples.ReportingServices.AnonymousSecurity.Authorization, Microsoft.Samples.ReportingServices.AnonymousSecurity" />
</Security>
<Authentication>
<Extension Name="None" Type="Microsoft.Samples.ReportingServices.AnonymousSecurity.AuthenticationExtension, Microsoft.Samples.ReportingServices.AnonymousSecurity" />
</Authentication>
3、修改rssrvpolicy.config
找到最后一个codegroup标签增加:
<CodeGroup class="UnionCodeGroup" version="1" PermissionSetName="FullTrust" Name="Private_assembly" Description="This code group grants custom code full trust."> <IMembershipCondition class="UrlMembershipCondition" version="1" Url="C:\Program Files\Microsoft SQL Server\MSRS13.MSSQLSERVER\Reporting Services\ReportServer\bin\Microsoft.Samples.ReportingServices.AnonymousSecurity.dll" /> </CodeGroup>
二、添加自定义安全扩展插件
将Microsoft.Samples.ReportingServices.AnonymousSecurity.dll 放置 C:\Program Files\Microsoft SQL Server\MSRS13.MSSQLSERVER\Reporting Services\ReportServer\bin目录。
其实可以了解一下此dll的修改原理,是将登录验证的代码注释了🤔
此DLL的 Git地址
此DLL下包含两个类AuthenticationExtension、Authorization,下面提供了dll修改方式,其实挺无脑的😂
AuthenticationExtension
using Microsoft.ReportingServices.Interfaces; using System; using System.Security.Principal; namespace Microsoft.Samples.ReportingServices.AnonymousSecurity { public class AuthenticationExtension : IAuthenticationExtension, IExtension { public string LocalizedName { get { return null; } } public void SetConfiguration(string configuration) { } public bool LogonUser(string userName, string password, string authority) { return true; } public void GetUserInfo(out IIdentity userIdentity, out IntPtr userId) { userIdentity = new GenericIdentity("dummy user"); userId = IntPtr.Zero; } public bool IsValidPrincipalName(string principalName) { return true; } } }
Authorization
using Microsoft.ReportingServices.Interfaces; using System; using System.Collections; using System.Collections.Specialized; namespace Microsoft.Samples.ReportingServices.AnonymousSecurity { public class Authorization : IAuthorizationExtension, IExtension { private const int NrRptOperations = 27; private const int NrFldOperations = 10; private const int NrResOperations = 7; private const int NrDSOperations = 7; private const int NrCatOperations = 16; private const int NrModelOperations = 11; private const int NrModelItemOperations = 1; private static Hashtable m_ModelItemOperNames; private static Hashtable m_ModelOperNames; private static Hashtable m_CatOperNames; private static Hashtable m_FldOperNames; private static Hashtable m_RptOperNames; private static Hashtable m_ResOperNames; private static Hashtable m_DSOperNames; private static StringCollection m_fullPermissions; public string LocalizedName { get { return null; } } static Authorization() { Authorization.m_fullPermissions = new StringCollection(); Authorization.InitializeMaps(); } public byte[] CreateSecurityDescriptor(AceCollection acl, SecurityItemType itemType, out string stringSecDesc) { stringSecDesc = null; return null; } public bool CheckAccess(string userName, IntPtr userToken, byte[] secDesc, ModelItemOperation modelItemOperation) { return true; } public bool CheckAccess(string userName, IntPtr userToken, byte[] secDesc, ModelOperation modelOperation) { return true; } public bool CheckAccess(string userName, IntPtr userToken, byte[] secDesc, CatalogOperation requiredOperation) { return true; } public bool CheckAccess(string userName, IntPtr userToken, byte[] secDesc, CatalogOperation[] requiredOperations) { return true; } public bool CheckAccess(string userName, IntPtr userToken, byte[] secDesc, ReportOperation requiredOperation) { return true; } public bool CheckAccess(string userName, IntPtr userToken, byte[] secDesc, FolderOperation requiredOperation) { return true; } public bool CheckAccess(string userName, IntPtr userToken, byte[] secDesc, FolderOperation[] requiredOperations) { return true; } public bool CheckAccess(string userName, IntPtr userToken, byte[] secDesc, ResourceOperation requiredOperation) { return true; } public bool CheckAccess(string userName, IntPtr userToken, byte[] secDesc, ResourceOperation[] requiredOperations) { return true; } public bool CheckAccess(string userName, IntPtr userToken, byte[] secDesc, DatasourceOperation requiredOperation) { return true; } public StringCollection GetPermissions(string userName, IntPtr userToken, SecurityItemType itemType, byte[] secDesc) { return Authorization.m_fullPermissions; } private static void InitializeMaps() { Authorization.m_ModelItemOperNames = new Hashtable(); Authorization.m_ModelItemOperNames.Add(0, "Read Properties"); if (Authorization.m_ModelItemOperNames.get_Count() != 1) { throw new Exception("Model item name mismatch"); } Authorization.m_ModelOperNames = new Hashtable(); Authorization.m_ModelOperNames.Add(0, "Delete"); Authorization.m_ModelOperNames.Add(7, "Read Security Policies"); Authorization.m_ModelOperNames.Add(5, "Read Content"); Authorization.m_ModelOperNames.Add(3, "Read Data Sources"); Authorization.m_ModelOperNames.Add(9, "Read Model Item Security Policies"); Authorization.m_ModelOperNames.Add(1, "Read Properties"); Authorization.m_ModelOperNames.Add(6, "Update Content"); Authorization.m_ModelOperNames.Add(4, "Update Data Sources"); Authorization.m_ModelOperNames.Add(8, "Update Security Policies"); Authorization.m_ModelOperNames.Add(10, "Update Model Item Security Policies"); Authorization.m_ModelOperNames.Add(2, "Update Policy"); if (Authorization.m_ModelOperNames.get_Count() != 11) { throw new Exception("Model name mismatch"); } Authorization.m_CatOperNames = new Hashtable(); Authorization.m_CatOperNames.Add(0, "Create Roles"); Authorization.m_CatOperNames.Add(1, "Delete Roles"); Authorization.m_CatOperNames.Add(2, "Read Role Properties"); Authorization.m_CatOperNames.Add(3, "Update Role Properties"); Authorization.m_CatOperNames.Add(4, "Read System Properties"); Authorization.m_CatOperNames.Add(5, "Update System Properties"); Authorization.m_CatOperNames.Add(6, "Generate Events"); Authorization.m_CatOperNames.Add(7, "Read System Security Policies"); Authorization.m_CatOperNames.Add(8, "Update System Security Policies"); Authorization.m_CatOperNames.Add(9, "Create Schedules"); Authorization.m_CatOperNames.Add(10, "Delete Schedules"); Authorization.m_CatOperNames.Add(11, "Read Schedules"); Authorization.m_CatOperNames.Add(12, "Update Schedules"); Authorization.m_CatOperNames.Add(13, "List Jobs"); Authorization.m_CatOperNames.Add(14, "Cancel Jobs"); Authorization.m_CatOperNames.Add(15, "Execute Report Definition"); if (Authorization.m_CatOperNames.get_Count() != 16) { throw new Exception("Catalog name mismatch"); } Authorization.m_FldOperNames = new Hashtable(); Authorization.m_FldOperNames.Add(0, "Create Folder"); Authorization.m_FldOperNames.Add(1, "Delete"); Authorization.m_FldOperNames.Add(2, "Read Properties"); Authorization.m_FldOperNames.Add(3, "Update Properties"); Authorization.m_FldOperNames.Add(4, "Create Report"); Authorization.m_FldOperNames.Add(5, "Create Resource"); Authorization.m_FldOperNames.Add(6, "Read Security Policies"); Authorization.m_FldOperNames.Add(7, "Update Security Policies"); Authorization.m_FldOperNames.Add(8, "Create data source"); Authorization.m_FldOperNames.Add(9, "Create Model"); if (Authorization.m_FldOperNames.get_Count() != 10) { throw new Exception("Folder name mismatch"); } Authorization.m_RptOperNames = new Hashtable(); Authorization.m_RptOperNames.Add(0, "Delete"); Authorization.m_RptOperNames.Add(2, "Read Properties"); Authorization.m_RptOperNames.Add(3, "Update Properties"); Authorization.m_RptOperNames.Add(4, "Update Parameters"); Authorization.m_RptOperNames.Add(5, "Read Data Sources"); Authorization.m_RptOperNames.Add(6, "Update Data Sources"); Authorization.m_RptOperNames.Add(7, "Read Report Definition"); Authorization.m_RptOperNames.Add(8, "Update Report Definition"); Authorization.m_RptOperNames.Add(9, "Create Subscription"); Authorization.m_RptOperNames.Add(10, "Delete Subscription"); Authorization.m_RptOperNames.Add(11, "Read Subscription"); Authorization.m_RptOperNames.Add(14, "Update Subscription"); Authorization.m_RptOperNames.Add(15, "Create Any Subscription"); Authorization.m_RptOperNames.Add(16, "Delete Any Subscription"); Authorization.m_RptOperNames.Add(17, "Read Any Subscription"); Authorization.m_RptOperNames.Add(18, "Update Any Subscription"); Authorization.m_RptOperNames.Add(19, "Update Policy"); Authorization.m_RptOperNames.Add(20, "Read Policy"); Authorization.m_RptOperNames.Add(21, "Delete Report History"); Authorization.m_RptOperNames.Add(22, "List Report History"); Authorization.m_RptOperNames.Add(1, "Execute and View"); Authorization.m_RptOperNames.Add(23, "Create Resource"); Authorization.m_RptOperNames.Add(24, "Create Report History"); Authorization.m_RptOperNames.Add(12, "Read Security Policies"); Authorization.m_RptOperNames.Add(13, "Update Security Policies"); Authorization.m_RptOperNames.Add(25, "Execute"); Authorization.m_RptOperNames.Add(26, "Create Link"); if (Authorization.m_RptOperNames.get_Count() != 27) { throw new Exception("Report name mismatch"); } Authorization.m_ResOperNames = new Hashtable(); Authorization.m_ResOperNames.Add(0, "Delete"); Authorization.m_ResOperNames.Add(1, "Read Properties"); Authorization.m_ResOperNames.Add(2, "Update Properties"); Authorization.m_ResOperNames.Add(3, "Read Content"); Authorization.m_ResOperNames.Add(4, "Update Content"); Authorization.m_ResOperNames.Add(5, "Read Security Policies"); Authorization.m_ResOperNames.Add(6, "Update Security Policies"); if (Authorization.m_ResOperNames.get_Count() != 7) { throw new Exception("Resource name mismatch"); } Authorization.m_DSOperNames = new Hashtable(); Authorization.m_DSOperNames.Add(0, "Delete"); Authorization.m_DSOperNames.Add(1, "Read Properties"); Authorization.m_DSOperNames.Add(2, "Update Properties"); Authorization.m_DSOperNames.Add(3, "Read Content"); Authorization.m_DSOperNames.Add(4, "Update Content"); Authorization.m_DSOperNames.Add(5, "Read Security Policies"); Authorization.m_DSOperNames.Add(6, "Update Security Policies"); if (Authorization.m_DSOperNames.get_Count() != 7) { throw new Exception("Datasource name mismatch"); } IEnumerator enumerator = Authorization.m_CatOperNames.get_Keys().GetEnumerator(); try { while (enumerator.MoveNext()) { CatalogOperation catalogOperation = (CatalogOperation)enumerator.get_Current(); if (!Authorization.m_fullPermissions.Contains((string)Authorization.m_CatOperNames.get_Item(catalogOperation))) { Authorization.m_fullPermissions.Add((string)Authorization.m_CatOperNames.get_Item(catalogOperation)); } } } finally { IDisposable disposable = enumerator as IDisposable; if (disposable != null) { disposable.Dispose(); } } enumerator = Authorization.m_ModelItemOperNames.get_Keys().GetEnumerator(); try { while (enumerator.MoveNext()) { ModelItemOperation modelItemOperation = (ModelItemOperation)enumerator.get_Current(); if (!Authorization.m_fullPermissions.Contains((string)Authorization.m_ModelItemOperNames.get_Item(modelItemOperation))) { Authorization.m_fullPermissions.Add((string)Authorization.m_ModelItemOperNames.get_Item(modelItemOperation)); } } } finally { IDisposable disposable = enumerator as IDisposable; if (disposable != null) { disposable.Dispose(); } } enumerator = Authorization.m_ModelOperNames.get_Keys().GetEnumerator(); try { while (enumerator.MoveNext()) { ModelOperation modelOperation = (ModelOperation)enumerator.get_Current(); if (!Authorization.m_fullPermissions.Contains((string)Authorization.m_ModelOperNames.get_Item(modelOperation))) { Authorization.m_fullPermissions.Add((string)Authorization.m_ModelOperNames.get_Item(modelOperation)); } } } finally { IDisposable disposable = enumerator as IDisposable; if (disposable != null) { disposable.Dispose(); } } enumerator = Authorization.m_CatOperNames.get_Keys().GetEnumerator(); try { while (enumerator.MoveNext()) { CatalogOperation catalogOperation = (CatalogOperation)enumerator.get_Current(); if (!Authorization.m_fullPermissions.Contains((string)Authorization.m_CatOperNames.get_Item(catalogOperation))) { Authorization.m_fullPermissions.Add((string)Authorization.m_CatOperNames.get_Item(catalogOperation)); } } } finally { IDisposable disposable = enumerator as IDisposable; if (disposable != null) { disposable.Dispose(); } } enumerator = Authorization.m_RptOperNames.get_Keys().GetEnumerator(); try { while (enumerator.MoveNext()) { ReportOperation reportOperation = (ReportOperation)enumerator.get_Current(); if (!Authorization.m_fullPermissions.Contains((string)Authorization.m_RptOperNames.get_Item(reportOperation))) { Authorization.m_fullPermissions.Add((string)Authorization.m_RptOperNames.get_Item(reportOperation)); } } } finally { IDisposable disposable = enumerator as IDisposable; if (disposable != null) { disposable.Dispose(); } } enumerator = Authorization.m_FldOperNames.get_Keys().GetEnumerator(); try { while (enumerator.MoveNext()) { FolderOperation folderOperation = (FolderOperation)enumerator.get_Current(); if (!Authorization.m_fullPermissions.Contains((string)Authorization.m_FldOperNames.get_Item(folderOperation))) { Authorization.m_fullPermissions.Add((string)Authorization.m_FldOperNames.get_Item(folderOperation)); } } } finally { IDisposable disposable = enumerator as IDisposable; if (disposable != null) { disposable.Dispose(); } } enumerator = Authorization.m_ResOperNames.get_Keys().GetEnumerator(); try { while (enumerator.MoveNext()) { ResourceOperation resourceOperation = (ResourceOperation)enumerator.get_Current(); if (!Authorization.m_fullPermissions.Contains((string)Authorization.m_ResOperNames.get_Item(resourceOperation))) { Authorization.m_fullPermissions.Add((string)Authorization.m_ResOperNames.get_Item(resourceOperation)); } } } finally { IDisposable disposable = enumerator as IDisposable; if (disposable != null) { disposable.Dispose(); } } enumerator = Authorization.m_DSOperNames.get_Keys().GetEnumerator(); try { while (enumerator.MoveNext()) { DatasourceOperation datasourceOperation = (DatasourceOperation)enumerator.get_Current(); if (!Authorization.m_fullPermissions.Contains((string)Authorization.m_DSOperNames.get_Item(datasourceOperation))) { Authorization.m_fullPermissions.Add((string)Authorization.m_DSOperNames.get_Item(datasourceOperation)); } } } finally { IDisposable disposable = enumerator as IDisposable; if (disposable != null) { disposable.Dispose(); } } } public void SetConfiguration(string configuration) { } } }
三、重启report service测试
有错误的请多多指教,共同进步(๑•ᴗ•๑)
By听雨的人
By听雨的人
