Reporting Service 2016 匿名访问配置

环境:SQL SERVER 2016

 

一、修改配置文件

需要修改的配置文件目录C:\Program Files\Microsoft SQL Server\MSRS13.MSSQLSERVER\Reporting Services\ReportServer🐖,具体看自己服务器的实际路径

 

1、修改 web.config

找到:

    <authentication mode="Windows" />
    <identity impersonate="true" />

修改为:

       <authentication mode="None" />
       <identity impersonate="false"/>

 

2、修改rsreportserver.config

1.找到:

 <Authentication>
              <AuthenticationTypes>
                     <RSWindowsNTLM/>
              </AuthenticationTypes>         
        <RSWindowsExtendedProtectionLevel>Off</RSWindowsExtendedProtectionLevel>
        <RSWindowsExtendedProtectionScenario>Proxy</RSWindowsExtendedProtectionScenario> <EnableAuthPersistence>true</EnableAuthPersistence> </Authentication>

修改为:   

 <Authentication>
        <AuthenticationTypes>
            <Custom/>
        </AuthenticationTypes>              
      <RSWindowsExtendedProtectionLevel>Off</RSWindowsExtendedProtectionLevel>
      <RSWindowsExtendedProtectionScenario>Proxy</RSWindowsExtendedProtectionScenario> <EnableAuthPersistence>true</EnableAuthPersistence> </Authentication>

 

2.找到:

       <Security>
              <Extension Name="Windows" Type="Microsoft.ReportingServices.Authorization.WindowsAuthorization, Microsoft.ReportingServices.Authorization"/>
       </Security>
       <Authentication>
              <Extension Name="Windows" Type="Microsoft.ReportingServices.Authentication.WindowsAuthentication, Microsoft.ReportingServices.Authorization"/>
       </Authentication>

修改为:

    <Security>
        <Extension Name="None" Type="Microsoft.Samples.ReportingServices.AnonymousSecurity.Authorization, Microsoft.Samples.ReportingServices.AnonymousSecurity" />
    </Security>
    <Authentication>
        <Extension Name="None" Type="Microsoft.Samples.ReportingServices.AnonymousSecurity.AuthenticationExtension, Microsoft.Samples.ReportingServices.AnonymousSecurity" />
  </Authentication>

 

3、修改rssrvpolicy.config

找到最后一个codegroup标签增加:

  

<CodeGroup
              class="UnionCodeGroup" 
              version="1"                                                              
              PermissionSetName="FullTrust" 
              Name="Private_assembly"
              Description="This code group grants custom code full trust.">                           
       <IMembershipCondition
                     class="UrlMembershipCondition"      
                     version="1" 
                     Url="C:\Program Files\Microsoft SQL Server\MSRS13.MSSQLSERVER\Reporting Services\ReportServer\bin\Microsoft.Samples.ReportingServices.AnonymousSecurity.dll"
                     />
  </CodeGroup>

 

二、添加自定义安全扩展插件

将Microsoft.Samples.ReportingServices.AnonymousSecurity.dll 放置 C:\Program Files\Microsoft SQL Server\MSRS13.MSSQLSERVER\Reporting Services\ReportServer\bin目录。

MSSQL2016DLL下载

其实可以了解一下此dll的修改原理,是将登录验证的代码注释了🤔

此DLL的 Git地址

此DLL下包含两个类AuthenticationExtension、Authorization,下面提供了dll修改方式,其实挺无脑的😂

AuthenticationExtension

using Microsoft.ReportingServices.Interfaces;
using System;
using System.Security.Principal;

namespace Microsoft.Samples.ReportingServices.AnonymousSecurity
{
    public class AuthenticationExtension : IAuthenticationExtension, IExtension
    {
        public string LocalizedName
        {
            get
            {
                return null;
            }
        }

        public void SetConfiguration(string configuration)
        {
        }

        public bool LogonUser(string userName, string password, string authority)
        {
            return true;
        }

        public void GetUserInfo(out IIdentity userIdentity, out IntPtr userId)
        {
            userIdentity = new GenericIdentity("dummy user");
            userId = IntPtr.Zero;
        }

        public bool IsValidPrincipalName(string principalName)
        {
            return true;
        }
    }
}
View Code

Authorization

using Microsoft.ReportingServices.Interfaces;
using System;
using System.Collections;
using System.Collections.Specialized;

namespace Microsoft.Samples.ReportingServices.AnonymousSecurity
{
    public class Authorization : IAuthorizationExtension, IExtension
    {
        private const int NrRptOperations = 27;

        private const int NrFldOperations = 10;

        private const int NrResOperations = 7;

        private const int NrDSOperations = 7;

        private const int NrCatOperations = 16;

        private const int NrModelOperations = 11;

        private const int NrModelItemOperations = 1;

        private static Hashtable m_ModelItemOperNames;

        private static Hashtable m_ModelOperNames;

        private static Hashtable m_CatOperNames;

        private static Hashtable m_FldOperNames;

        private static Hashtable m_RptOperNames;

        private static Hashtable m_ResOperNames;

        private static Hashtable m_DSOperNames;

        private static StringCollection m_fullPermissions;

        public string LocalizedName
        {
            get
            {
                return null;
            }
        }

        static Authorization()
        {
            Authorization.m_fullPermissions = new StringCollection();
            Authorization.InitializeMaps();
        }

        public byte[] CreateSecurityDescriptor(AceCollection acl, SecurityItemType itemType, out string stringSecDesc)
        {
            stringSecDesc = null;
            return null;
        }

        public bool CheckAccess(string userName, IntPtr userToken, byte[] secDesc, ModelItemOperation modelItemOperation)
        {
            return true;
        }

        public bool CheckAccess(string userName, IntPtr userToken, byte[] secDesc, ModelOperation modelOperation)
        {
            return true;
        }

        public bool CheckAccess(string userName, IntPtr userToken, byte[] secDesc, CatalogOperation requiredOperation)
        {
            return true;
        }

        public bool CheckAccess(string userName, IntPtr userToken, byte[] secDesc, CatalogOperation[] requiredOperations)
        {
            return true;
        }

        public bool CheckAccess(string userName, IntPtr userToken, byte[] secDesc, ReportOperation requiredOperation)
        {
            return true;
        }

        public bool CheckAccess(string userName, IntPtr userToken, byte[] secDesc, FolderOperation requiredOperation)
        {
            return true;
        }

        public bool CheckAccess(string userName, IntPtr userToken, byte[] secDesc, FolderOperation[] requiredOperations)
        {
            return true;
        }

        public bool CheckAccess(string userName, IntPtr userToken, byte[] secDesc, ResourceOperation requiredOperation)
        {
            return true;
        }

        public bool CheckAccess(string userName, IntPtr userToken, byte[] secDesc, ResourceOperation[] requiredOperations)
        {
            return true;
        }

        public bool CheckAccess(string userName, IntPtr userToken, byte[] secDesc, DatasourceOperation requiredOperation)
        {
            return true;
        }

        public StringCollection GetPermissions(string userName, IntPtr userToken, SecurityItemType itemType, byte[] secDesc)
        {
            return Authorization.m_fullPermissions;
        }

        private static void InitializeMaps()
        {
            Authorization.m_ModelItemOperNames = new Hashtable();
            Authorization.m_ModelItemOperNames.Add(0, "Read Properties");
            if (Authorization.m_ModelItemOperNames.get_Count() != 1)
            {
                throw new Exception("Model item name mismatch");
            }
            Authorization.m_ModelOperNames = new Hashtable();
            Authorization.m_ModelOperNames.Add(0, "Delete");
            Authorization.m_ModelOperNames.Add(7, "Read Security Policies");
            Authorization.m_ModelOperNames.Add(5, "Read Content");
            Authorization.m_ModelOperNames.Add(3, "Read Data Sources");
            Authorization.m_ModelOperNames.Add(9, "Read Model Item Security Policies");
            Authorization.m_ModelOperNames.Add(1, "Read Properties");
            Authorization.m_ModelOperNames.Add(6, "Update Content");
            Authorization.m_ModelOperNames.Add(4, "Update Data Sources");
            Authorization.m_ModelOperNames.Add(8, "Update Security Policies");
            Authorization.m_ModelOperNames.Add(10, "Update Model Item Security Policies");
            Authorization.m_ModelOperNames.Add(2, "Update Policy");
            if (Authorization.m_ModelOperNames.get_Count() != 11)
            {
                throw new Exception("Model name mismatch");
            }
            Authorization.m_CatOperNames = new Hashtable();
            Authorization.m_CatOperNames.Add(0, "Create Roles");
            Authorization.m_CatOperNames.Add(1, "Delete Roles");
            Authorization.m_CatOperNames.Add(2, "Read Role Properties");
            Authorization.m_CatOperNames.Add(3, "Update Role Properties");
            Authorization.m_CatOperNames.Add(4, "Read System Properties");
            Authorization.m_CatOperNames.Add(5, "Update System Properties");
            Authorization.m_CatOperNames.Add(6, "Generate Events");
            Authorization.m_CatOperNames.Add(7, "Read System Security Policies");
            Authorization.m_CatOperNames.Add(8, "Update System Security Policies");
            Authorization.m_CatOperNames.Add(9, "Create Schedules");
            Authorization.m_CatOperNames.Add(10, "Delete Schedules");
            Authorization.m_CatOperNames.Add(11, "Read Schedules");
            Authorization.m_CatOperNames.Add(12, "Update Schedules");
            Authorization.m_CatOperNames.Add(13, "List Jobs");
            Authorization.m_CatOperNames.Add(14, "Cancel Jobs");
            Authorization.m_CatOperNames.Add(15, "Execute Report Definition");
            if (Authorization.m_CatOperNames.get_Count() != 16)
            {
                throw new Exception("Catalog name mismatch");
            }
            Authorization.m_FldOperNames = new Hashtable();
            Authorization.m_FldOperNames.Add(0, "Create Folder");
            Authorization.m_FldOperNames.Add(1, "Delete");
            Authorization.m_FldOperNames.Add(2, "Read Properties");
            Authorization.m_FldOperNames.Add(3, "Update Properties");
            Authorization.m_FldOperNames.Add(4, "Create Report");
            Authorization.m_FldOperNames.Add(5, "Create Resource");
            Authorization.m_FldOperNames.Add(6, "Read Security Policies");
            Authorization.m_FldOperNames.Add(7, "Update Security Policies");
            Authorization.m_FldOperNames.Add(8, "Create data source");
            Authorization.m_FldOperNames.Add(9, "Create Model");
            if (Authorization.m_FldOperNames.get_Count() != 10)
            {
                throw new Exception("Folder name mismatch");
            }
            Authorization.m_RptOperNames = new Hashtable();
            Authorization.m_RptOperNames.Add(0, "Delete");
            Authorization.m_RptOperNames.Add(2, "Read Properties");
            Authorization.m_RptOperNames.Add(3, "Update Properties");
            Authorization.m_RptOperNames.Add(4, "Update Parameters");
            Authorization.m_RptOperNames.Add(5, "Read Data Sources");
            Authorization.m_RptOperNames.Add(6, "Update Data Sources");
            Authorization.m_RptOperNames.Add(7, "Read Report Definition");
            Authorization.m_RptOperNames.Add(8, "Update Report Definition");
            Authorization.m_RptOperNames.Add(9, "Create Subscription");
            Authorization.m_RptOperNames.Add(10, "Delete Subscription");
            Authorization.m_RptOperNames.Add(11, "Read Subscription");
            Authorization.m_RptOperNames.Add(14, "Update Subscription");
            Authorization.m_RptOperNames.Add(15, "Create Any Subscription");
            Authorization.m_RptOperNames.Add(16, "Delete Any Subscription");
            Authorization.m_RptOperNames.Add(17, "Read Any Subscription");
            Authorization.m_RptOperNames.Add(18, "Update Any Subscription");
            Authorization.m_RptOperNames.Add(19, "Update Policy");
            Authorization.m_RptOperNames.Add(20, "Read Policy");
            Authorization.m_RptOperNames.Add(21, "Delete Report History");
            Authorization.m_RptOperNames.Add(22, "List Report History");
            Authorization.m_RptOperNames.Add(1, "Execute and View");
            Authorization.m_RptOperNames.Add(23, "Create Resource");
            Authorization.m_RptOperNames.Add(24, "Create Report History");
            Authorization.m_RptOperNames.Add(12, "Read Security Policies");
            Authorization.m_RptOperNames.Add(13, "Update Security Policies");
            Authorization.m_RptOperNames.Add(25, "Execute");
            Authorization.m_RptOperNames.Add(26, "Create Link");
            if (Authorization.m_RptOperNames.get_Count() != 27)
            {
                throw new Exception("Report name mismatch");
            }
            Authorization.m_ResOperNames = new Hashtable();
            Authorization.m_ResOperNames.Add(0, "Delete");
            Authorization.m_ResOperNames.Add(1, "Read Properties");
            Authorization.m_ResOperNames.Add(2, "Update Properties");
            Authorization.m_ResOperNames.Add(3, "Read Content");
            Authorization.m_ResOperNames.Add(4, "Update Content");
            Authorization.m_ResOperNames.Add(5, "Read Security Policies");
            Authorization.m_ResOperNames.Add(6, "Update Security Policies");
            if (Authorization.m_ResOperNames.get_Count() != 7)
            {
                throw new Exception("Resource name mismatch");
            }
            Authorization.m_DSOperNames = new Hashtable();
            Authorization.m_DSOperNames.Add(0, "Delete");
            Authorization.m_DSOperNames.Add(1, "Read Properties");
            Authorization.m_DSOperNames.Add(2, "Update Properties");
            Authorization.m_DSOperNames.Add(3, "Read Content");
            Authorization.m_DSOperNames.Add(4, "Update Content");
            Authorization.m_DSOperNames.Add(5, "Read Security Policies");
            Authorization.m_DSOperNames.Add(6, "Update Security Policies");
            if (Authorization.m_DSOperNames.get_Count() != 7)
            {
                throw new Exception("Datasource name mismatch");
            }
            IEnumerator enumerator = Authorization.m_CatOperNames.get_Keys().GetEnumerator();
            try
            {
                while (enumerator.MoveNext())
                {
                    CatalogOperation catalogOperation = (CatalogOperation)enumerator.get_Current();
                    if (!Authorization.m_fullPermissions.Contains((string)Authorization.m_CatOperNames.get_Item(catalogOperation)))
                    {
                        Authorization.m_fullPermissions.Add((string)Authorization.m_CatOperNames.get_Item(catalogOperation));
                    }
                }
            }
            finally
            {
                IDisposable disposable = enumerator as IDisposable;
                if (disposable != null)
                {
                    disposable.Dispose();
                }
            }
            enumerator = Authorization.m_ModelItemOperNames.get_Keys().GetEnumerator();
            try
            {
                while (enumerator.MoveNext())
                {
                    ModelItemOperation modelItemOperation = (ModelItemOperation)enumerator.get_Current();
                    if (!Authorization.m_fullPermissions.Contains((string)Authorization.m_ModelItemOperNames.get_Item(modelItemOperation)))
                    {
                        Authorization.m_fullPermissions.Add((string)Authorization.m_ModelItemOperNames.get_Item(modelItemOperation));
                    }
                }
            }
            finally
            {
                IDisposable disposable = enumerator as IDisposable;
                if (disposable != null)
                {
                    disposable.Dispose();
                }
            }
            enumerator = Authorization.m_ModelOperNames.get_Keys().GetEnumerator();
            try
            {
                while (enumerator.MoveNext())
                {
                    ModelOperation modelOperation = (ModelOperation)enumerator.get_Current();
                    if (!Authorization.m_fullPermissions.Contains((string)Authorization.m_ModelOperNames.get_Item(modelOperation)))
                    {
                        Authorization.m_fullPermissions.Add((string)Authorization.m_ModelOperNames.get_Item(modelOperation));
                    }
                }
            }
            finally
            {
                IDisposable disposable = enumerator as IDisposable;
                if (disposable != null)
                {
                    disposable.Dispose();
                }
            }
            enumerator = Authorization.m_CatOperNames.get_Keys().GetEnumerator();
            try
            {
                while (enumerator.MoveNext())
                {
                    CatalogOperation catalogOperation = (CatalogOperation)enumerator.get_Current();
                    if (!Authorization.m_fullPermissions.Contains((string)Authorization.m_CatOperNames.get_Item(catalogOperation)))
                    {
                        Authorization.m_fullPermissions.Add((string)Authorization.m_CatOperNames.get_Item(catalogOperation));
                    }
                }
            }
            finally
            {
                IDisposable disposable = enumerator as IDisposable;
                if (disposable != null)
                {
                    disposable.Dispose();
                }
            }
            enumerator = Authorization.m_RptOperNames.get_Keys().GetEnumerator();
            try
            {
                while (enumerator.MoveNext())
                {
                    ReportOperation reportOperation = (ReportOperation)enumerator.get_Current();
                    if (!Authorization.m_fullPermissions.Contains((string)Authorization.m_RptOperNames.get_Item(reportOperation)))
                    {
                        Authorization.m_fullPermissions.Add((string)Authorization.m_RptOperNames.get_Item(reportOperation));
                    }
                }
            }
            finally
            {
                IDisposable disposable = enumerator as IDisposable;
                if (disposable != null)
                {
                    disposable.Dispose();
                }
            }
            enumerator = Authorization.m_FldOperNames.get_Keys().GetEnumerator();
            try
            {
                while (enumerator.MoveNext())
                {
                    FolderOperation folderOperation = (FolderOperation)enumerator.get_Current();
                    if (!Authorization.m_fullPermissions.Contains((string)Authorization.m_FldOperNames.get_Item(folderOperation)))
                    {
                        Authorization.m_fullPermissions.Add((string)Authorization.m_FldOperNames.get_Item(folderOperation));
                    }
                }
            }
            finally
            {
                IDisposable disposable = enumerator as IDisposable;
                if (disposable != null)
                {
                    disposable.Dispose();
                }
            }
            enumerator = Authorization.m_ResOperNames.get_Keys().GetEnumerator();
            try
            {
                while (enumerator.MoveNext())
                {
                    ResourceOperation resourceOperation = (ResourceOperation)enumerator.get_Current();
                    if (!Authorization.m_fullPermissions.Contains((string)Authorization.m_ResOperNames.get_Item(resourceOperation)))
                    {
                        Authorization.m_fullPermissions.Add((string)Authorization.m_ResOperNames.get_Item(resourceOperation));
                    }
                }
            }
            finally
            {
                IDisposable disposable = enumerator as IDisposable;
                if (disposable != null)
                {
                    disposable.Dispose();
                }
            }
            enumerator = Authorization.m_DSOperNames.get_Keys().GetEnumerator();
            try
            {
                while (enumerator.MoveNext())
                {
                    DatasourceOperation datasourceOperation = (DatasourceOperation)enumerator.get_Current();
                    if (!Authorization.m_fullPermissions.Contains((string)Authorization.m_DSOperNames.get_Item(datasourceOperation)))
                    {
                        Authorization.m_fullPermissions.Add((string)Authorization.m_DSOperNames.get_Item(datasourceOperation));
                    }
                }
            }
            finally
            {
                IDisposable disposable = enumerator as IDisposable;
                if (disposable != null)
                {
                    disposable.Dispose();
                }
            }
        }

        public void SetConfiguration(string configuration)
        {
        }
    }
}
View Code

 

三、重启report service测试

 

posted @ 2019-12-12 09:12  听雨的人  阅读(1943)  评论(3编辑  收藏  举报