I've written our first Reporting Services report, using SQL Server 2005. Since we've never used RS before, we may, or may not, have done some things correctly. One of the things is that we only have the Reporting Services, and Report Manager, on our SQL Server 2005 server, which is in our network behind our firewall.
We also have an ASP.NET 1.1 application which is used by external users (other businesses that do business with us). Because of the nature of our business, we don't want people from one agency to access data from another agency. Since calling the report in RS involved passing parameters to the report in the URL, I decided that I would hide those details by putting the web page returned by RS into an IFRAME in an aspx page. It works just fine in our network, but I discovered that it does not work at all outside of our network.
So, my question is how do I make the RS report available to users outside of our network, in such a way that they don't have access to the parameters that I pass to the report? Should I discard the whole IFRAME approach? I have been told that it will likely require doing something about passing credentials to the backend server from the ASP.NET app, but I don't know how to do that, nor do I know what would be involved.
Your report will be trying to access data from the SQL Server and your internet site will be passing through port 80 (Open to the world) and therefore the SQL Data side will be blocked, If you open the SQL Port on the firewall then you will see the report runs fine, but then you have a SQL Port open!! Thats a whole other issue, You can do an internal redirect which will give you the same result but slightly more secure.
Your choice on that one...
|||
Andy,
What do you mean by I "... can do an internal redirect...". What is that and how do I do that, please?
|||
Rod, possibly Teo's article will help you: "Harden MS Reporting Services Using Custom Extensions"
No comments:
Post a Comment