473,703 Members | 2,690 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Intergrating SQL Server Reporting Services into an ASP.NET app


I'm trying to integrate SQL Server Reporting Services reports into an
ASP.NET app (SRS 2000, ASP.NET 1.1). I know how to do this using direct URL
addressing, but this exposes in the query string parameters that should not
be exposed. Each user is associated with a school, and should see only that
school's data. When the user logs in, I retrieve the SchoolID associated
with that user, and that SchoolID is used as a parameter in all stored
procedures to return only that school's data. It is this SchoolID that needs
to be passed to the report. It doesn't matter if users see the SchoolID, but
they must not be able to change the SchoolID, as they can if it forms part
of the URL.

From the documentation and from previous discussions in the SRS newsgroup,
it appears that there are four possible solutions to this:

1) Wait for SRS 2005 which I understand is due in November.

2) Use the web service instead of URL access and write a lot of code to
provide functionality you get built-in when using URL access.

3) Use URL access through a form POST method, as suggested in SRS Books
Online
(http://msdn.microsoft.com/library/en...intro_35pi.asp)

4) Require users to log in again when accessing reports, despite having
already logged in to the ASP.NET app. The report would prompt the user for
user name and password, and pass these to the stored procedures instead of
the SchoolID. This would avoid having to pass the SchoolID from the ASP.NET
app to the reports, but I'm not sure that the users will accept the
inconvenience. (The passwords are of course stored in encrypted form, so
I'll need to add code to the reports to encrypt the password supplied by the
user, but that's a separate issue.)

My questions are:

1) Can anyone confirm that the next version really does solve this problem?

2) Any pointers to resources on using the web service, particularly on how
to control rendering and how to reproduce the functionality of the toolbar
you get when using URL access, would be welcome. (I already know about SRS
Books Online and the articles reachable from the MSDN SQL Server Developer
Center).

3) Can I use the POST method as suggested in SRS Books Online from within an
ASP.NET app? I thought an ASP.NET page could only post back to itself, is
that not so?

Please don't feel that you have to have answers to all of these questions
before responding - suggestions or advice regarding any part of the problem
would be most welcome.

--
Brendan Reynolds
Nov 19 '05 #1
8 3113
Brendan Reynolds wrote:

5). Do the users call the report with their own credentials? If yes you
could read the username via USER!UserID and pass that to the database where
you hopefully have a table with mapping SchoolID <-> Username.

regards

frank
Nov 19 '05 #2
Rob
hi brendan

here's the solution I used (with a little bit of verbage to describe my
scenario):

1. I've built an ASP.NET site (in addition to the regular SSRS interface for
reports).
2. This addition site looks almost like the browser interface for this
discussion group (ie. Treeview control on the left which groups 'like'
reports and an iframe right half which brings up the report criteria form
associated with the selected report, from the Treeview control on the left).
3. on 'View Report' click from the iframed report(s) criteria page, I do the
following in ASP.NET:

Dim popupScript As String = "<script language='javas cript'>"
& _
"var newwin =
window.open('Re portViewer.aspx ?id=myreportid& qs=myquerystrin g',
'ReportViewer', 'menubar=no, toolbar=no, resizable=no');
newwin.window.m oveTo(0,0);
newwin.window.r esizeTo(screen. availWidth,scre en.availHeight) ;
newwin.focus(); </script>"
Page.RegisterSt artupScript("Po pupScript", popupScript)

4. This opens up ReportViewer.as px which iframes the call to SSRS. The
benefits of this is different report interfaces can be built on differents
sites AND there are no issue with this approach as far as 'cross-site
scripting'. For instance, my financial group has the own SSRS ASP.NET
interface, as well as other groups... They ALL point in the pop-up to the
SSRS site and get a previewed report (with report parameter fields if they
want to make changes). Also, ReportViewer.as px changes the iframe src value
to what was passed to it from the reportcriteria .aspx.

5. Since the way the pop-up is created, there's no URL Address info and the
ReportViewer.as px masks the URL by replacing the title.

Rob

"Brendan Reynolds" wrote:

I'm trying to integrate SQL Server Reporting Services reports into an
ASP.NET app (SRS 2000, ASP.NET 1.1). I know how to do this using direct URL
addressing, but this exposes in the query string parameters that should not
be exposed. Each user is associated with a school, and should see only that
school's data. When the user logs in, I retrieve the SchoolID associated
with that user, and that SchoolID is used as a parameter in all stored
procedures to return only that school's data. It is this SchoolID that needs
to be passed to the report. It doesn't matter if users see the SchoolID, but
they must not be able to change the SchoolID, as they can if it forms part
of the URL.

From the documentation and from previous discussions in the SRS newsgroup,
it appears that there are four possible solutions to this:

1) Wait for SRS 2005 which I understand is due in November.

2) Use the web service instead of URL access and write a lot of code to
provide functionality you get built-in when using URL access.

3) Use URL access through a form POST method, as suggested in SRS Books
Online
(http://msdn.microsoft.com/library/en...intro_35pi.asp)

4) Require users to log in again when accessing reports, despite having
already logged in to the ASP.NET app. The report would prompt the user for
user name and password, and pass these to the stored procedures instead of
the SchoolID. This would avoid having to pass the SchoolID from the ASP.NET
app to the reports, but I'm not sure that the users will accept the
inconvenience. (The passwords are of course stored in encrypted form, so
I'll need to add code to the reports to encrypt the password supplied by the
user, but that's a separate issue.)

My questions are:

1) Can anyone confirm that the next version really does solve this problem?

2) Any pointers to resources on using the web service, particularly on how
to control rendering and how to reproduce the functionality of the toolbar
you get when using URL access, would be welcome. (I already know about SRS
Books Online and the articles reachable from the MSDN SQL Server Developer
Center).

3) Can I use the POST method as suggested in SRS Books Online from within an
ASP.NET app? I thought an ASP.NET page could only post back to itself, is
that not so?

Please don't feel that you have to have answers to all of these questions
before responding - suggestions or advice regarding any part of the problem
would be most welcome.

--
Brendan Reynolds

Nov 19 '05 #3
They don't, but I could change that. Thanks for the suggestion, I'll look
into it.

--
Brendan Reynolds
"Frank Matthiesen" <fm@xax.de> wrote in message
news:3m******** *****@individua l.net...
Brendan Reynolds wrote:

5). Do the users call the report with their own credentials? If yes you
could read the username via USER!UserID and pass that to the database
where you hopefully have a table with mapping SchoolID <-> Username.

regards

frank

Nov 19 '05 #4
Thanks Rob. That looks promising. Unfortunately, my client-side scripting
skills are almost non-existent, and I'm having a hard time getting to grips
with this. Here's what I've done so far ...

I have an ASP.NET page with a listbox that displays available reports and a
literal control for the iframe. Here's the relevant part of the page's HTML
....

<TR>
<TD style="HEIGHT: 251px" vAlign="top" width="50%">
<asp:ListBox id="lstReports " runat="server" Width="100%"
Height="295px" AutoPostBack="T rue">
</asp:ListBox>
</TD>
<TD style="HEIGHT: 251px" vAlign="top" width="50%">
<asp:Literal id="MyLiteral" runat="server">
<IFRAME id="MyIFrame"> </IFRAME>
</asp:Literal>
</TD>
</TR>

I've translated your code into C#, which is what my page is using, and put
it in the SelectedIndexCh anged event procedure of my listbox ...

private void lstReports_Sele ctedIndexChange d(object sender, System.EventArg s
e)
{
string popupScript = @"<script language='javas cript'> "
+ @"var newwin = window.open('Re portViewer.aspx ?"
+ @"id=myreportid &qs=myquerystri ng', 'ReportViewer', "
+ @"'menubar=n o, toolbar=no, resizable=no'); "
+ @"newwin.window .moveTo(0,0); newwin.window.r esizeTo"
+ @"(screen.avail Width, screen.availHei ght);"
+ @"newwin.focus( );<script>";
this.RegisterSt artupScript("Po pupScript", popupScript);
}

My first question is - what do I need to change to load 'ReportViewer.a spx'
into the iframe?

--
Brendan Reynolds (MVP)
"Rob" <Ro*@discussion s.microsoft.com > wrote in message
news:B4******** *************** ***********@mic rosoft.com...
hi brendan

here's the solution I used (with a little bit of verbage to describe my
scenario):

1. I've built an ASP.NET site (in addition to the regular SSRS interface
for
reports).
2. This addition site looks almost like the browser interface for this
discussion group (ie. Treeview control on the left which groups 'like'
reports and an iframe right half which brings up the report criteria form
associated with the selected report, from the Treeview control on the
left).
3. on 'View Report' click from the iframed report(s) criteria page, I do
the
following in ASP.NET:

Dim popupScript As String = "<script
language='javas cript'>"
& _
"var newwin =
window.open('Re portViewer.aspx ?id=myreportid& qs=myquerystrin g',
'ReportViewer', 'menubar=no, toolbar=no, resizable=no');
newwin.window.m oveTo(0,0);
newwin.window.r esizeTo(screen. availWidth,scre en.availHeight) ;
newwin.focus(); </script>"
Page.RegisterSt artupScript("Po pupScript", popupScript)

4. This opens up ReportViewer.as px which iframes the call to SSRS. The
benefits of this is different report interfaces can be built on differents
sites AND there are no issue with this approach as far as 'cross-site
scripting'. For instance, my financial group has the own SSRS ASP.NET
interface, as well as other groups... They ALL point in the pop-up to the
SSRS site and get a previewed report (with report parameter fields if they
want to make changes). Also, ReportViewer.as px changes the iframe src
value
to what was passed to it from the reportcriteria .aspx.

5. Since the way the pop-up is created, there's no URL Address info and
the
ReportViewer.as px masks the URL by replacing the title.

Rob

"Brendan Reynolds" wrote:

I'm trying to integrate SQL Server Reporting Services reports into an
ASP.NET app (SRS 2000, ASP.NET 1.1). I know how to do this using direct
URL
addressing, but this exposes in the query string parameters that should
not
be exposed. Each user is associated with a school, and should see only
that
school's data. When the user logs in, I retrieve the SchoolID associated
with that user, and that SchoolID is used as a parameter in all stored
procedures to return only that school's data. It is this SchoolID that
needs
to be passed to the report. It doesn't matter if users see the SchoolID,
but
they must not be able to change the SchoolID, as they can if it forms
part
of the URL.

From the documentation and from previous discussions in the SRS
newsgroup,
it appears that there are four possible solutions to this:

1) Wait for SRS 2005 which I understand is due in November.

2) Use the web service instead of URL access and write a lot of code to
provide functionality you get built-in when using URL access.

3) Use URL access through a form POST method, as suggested in SRS Books
Online
(http://msdn.microsoft.com/library/en...intro_35pi.asp)

4) Require users to log in again when accessing reports, despite having
already logged in to the ASP.NET app. The report would prompt the user
for
user name and password, and pass these to the stored procedures instead
of
the SchoolID. This would avoid having to pass the SchoolID from the
ASP.NET
app to the reports, but I'm not sure that the users will accept the
inconvenience. (The passwords are of course stored in encrypted form, so
I'll need to add code to the reports to encrypt the password supplied by
the
user, but that's a separate issue.)

My questions are:

1) Can anyone confirm that the next version really does solve this
problem?

2) Any pointers to resources on using the web service, particularly on
how
to control rendering and how to reproduce the functionality of the
toolbar
you get when using URL access, would be welcome. (I already know about
SRS
Books Online and the articles reachable from the MSDN SQL Server
Developer
Center).

3) Can I use the POST method as suggested in SRS Books Online from within
an
ASP.NET app? I thought an ASP.NET page could only post back to itself, is
that not so?

Please don't feel that you have to have answers to all of these questions
before responding - suggestions or advice regarding any part of the
problem
would be most welcome.

--
Brendan Reynolds

Nov 19 '05 #5
As an aside, we happen to use an implementation in which users do in
fact have to authenticate a second time in order to request a report.
It has had but a minor impact on users in our experience, generating no
complaints. I wouldn't rule out that possibility for fear of user
backlash.

Brendan Reynolds wrote:
Thanks Rob. That looks promising. Unfortunately, my client-side scripting
skills are almost non-existent, and I'm having a hard time getting to grips
with this. Here's what I've done so far ...

I have an ASP.NET page with a listbox that displays available reports and a
literal control for the iframe. Here's the relevant part of the page's HTML
...

<TR>
<TD style="HEIGHT: 251px" vAlign="top" width="50%">
<asp:ListBox id="lstReports " runat="server" Width="100%"
Height="295px" AutoPostBack="T rue">
</asp:ListBox>
</TD>
<TD style="HEIGHT: 251px" vAlign="top" width="50%">
<asp:Literal id="MyLiteral" runat="server">
<IFRAME id="MyIFrame"> </IFRAME>
</asp:Literal>
</TD>
</TR>

I've translated your code into C#, which is what my page is using, and put
it in the SelectedIndexCh anged event procedure of my listbox ...

private void lstReports_Sele ctedIndexChange d(object sender, System.EventArg s
e)
{
string popupScript = @"<script language='javas cript'> "
+ @"var newwin = window.open('Re portViewer.aspx ?"
+ @"id=myreportid &qs=myquerystri ng', 'ReportViewer', "
+ @"'menubar=n o, toolbar=no, resizable=no'); "
+ @"newwin.window .moveTo(0,0); newwin.window.r esizeTo"
+ @"(screen.avail Width, screen.availHei ght);"
+ @"newwin.focus( );<script>";
this.RegisterSt artupScript("Po pupScript", popupScript);
}

My first question is - what do I need to change to load 'ReportViewer.a spx'
into the iframe?

--
Brendan Reynolds (MVP)
"Rob" <Ro*@discussion s.microsoft.com > wrote in message
news:B4******** *************** ***********@mic rosoft.com...
hi brendan

here's the solution I used (with a little bit of verbage to describe my
scenario):

1. I've built an ASP.NET site (in addition to the regular SSRS interface
for
reports).
2. This addition site looks almost like the browser interface for this
discussion group (ie. Treeview control on the left which groups 'like'
reports and an iframe right half which brings up the report criteria form
associated with the selected report, from the Treeview control on the
left).
3. on 'View Report' click from the iframed report(s) criteria page, I do
the
following in ASP.NET:

Dim popupScript As String = "<script
language='javas cript'>"
& _
"var newwin =
window.open('Re portViewer.aspx ?id=myreportid& qs=myquerystrin g',
'ReportViewer', 'menubar=no, toolbar=no, resizable=no');
newwin.window.m oveTo(0,0);
newwin.window.r esizeTo(screen. availWidth,scre en.availHeight) ;
newwin.focus(); </script>"
Page.RegisterSt artupScript("Po pupScript", popupScript)

4. This opens up ReportViewer.as px which iframes the call to SSRS. The
benefits of this is different report interfaces can be built on differents
sites AND there are no issue with this approach as far as 'cross-site
scripting'. For instance, my financial group has the own SSRS ASP.NET
interface, as well as other groups... They ALL point in the pop-up to the
SSRS site and get a previewed report (with report parameter fields if they
want to make changes). Also, ReportViewer.as px changes the iframe src
value
to what was passed to it from the reportcriteria .aspx.

5. Since the way the pop-up is created, there's no URL Address info and
the
ReportViewer.as px masks the URL by replacing the title.

Rob

"Brendan Reynolds" wrote:

I'm trying to integrate SQL Server Reporting Services reports into an
ASP.NET app (SRS 2000, ASP.NET 1.1). I know how to do this using direct
URL
addressing, but this exposes in the query string parameters that should
not
be exposed. Each user is associated with a school, and should see only
that
school's data. When the user logs in, I retrieve the SchoolID associated
with that user, and that SchoolID is used as a parameter in all stored
procedures to return only that school's data. It is this SchoolID that
needs
to be passed to the report. It doesn't matter if users see the SchoolID,
but
they must not be able to change the SchoolID, as they can if it forms
part
of the URL.

From the documentation and from previous discussions in the SRS
newsgroup,
it appears that there are four possible solutions to this:

1) Wait for SRS 2005 which I understand is due in November.

2) Use the web service instead of URL access and write a lot of code to
provide functionality you get built-in when using URL access.

3) Use URL access through a form POST method, as suggested in SRS Books
Online
(http://msdn.microsoft.com/library/en...intro_35pi.asp)

4) Require users to log in again when accessing reports, despite having
already logged in to the ASP.NET app. The report would prompt the user
for
user name and password, and pass these to the stored procedures instead
of
the SchoolID. This would avoid having to pass the SchoolID from the
ASP.NET
app to the reports, but I'm not sure that the users will accept the
inconvenience. (The passwords are of course stored in encrypted form, so
I'll need to add code to the reports to encrypt the password supplied by
the
user, but that's a separate issue.)

My questions are:

1) Can anyone confirm that the next version really does solve this
problem?

2) Any pointers to resources on using the web service, particularly on
how
to control rendering and how to reproduce the functionality of the
toolbar
you get when using URL access, would be welcome. (I already know about
SRS
Books Online and the articles reachable from the MSDN SQL Server
Developer
Center).

3) Can I use the POST method as suggested in SRS Books Online from within
an
ASP.NET app? I thought an ASP.NET page could only post back to itself, is
that not so?

Please don't feel that you have to have answers to all of these questions
before responding - suggestions or advice regarding any part of the
problem
would be most welcome.

--
Brendan Reynolds


Nov 19 '05 #6
Rob
hi

(hopefully, this sample code will make it thru to the forum)

ReportViewer.co debehind (relevant part)...

Private Sub ViewReport(ByVa l key As String, ByVal reporttype As String)
Dim iReportViewer As HtmlControl =
CType(Me.FindCo ntrol("iReportV iewer"), HtmlControl)
Dim rptid As String = Request.QuerySt ring("id")
Dim qs As String = Request.QuerySt ring("qs")
Select Case rptid
Case (this is my report number, ie. "id")
Case (whatever the report # is....)
Case 808 ' my Build Schedule Report
If qs = "All" Then ' they f'd up using All, can't be quoted...
iReportViewer.A ttributes("src" ) =
"http://localhost/ReportServer?%2 f8_Build_Schedu le%2frptBuildSc hedule_8&BMP=Al l&rs:Command=Re nder"
Else
iReportViewer.A ttributes("src" ) =
"http://localhost/ReportServer?%2 f8_Build_Schedu le%2frptBuildSc hedule_8&BMP='" + qs + "'&rs:Command=R ender"
End If
iReportViewer.A ttributes("widt h") = "100%"
iReportViewer.A ttributes("heig ht") = "100%"
Case Else
' your exception code
End Select
End Sub

Shell of what you need for ReportViewer.as px

<%@ Page Language="vb" AutoEventWireup ="false"
Codebehind="Rep ortViewer.aspx. vb" Inherits="Robs. ReportViewer"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML>
<HEAD>
<title>My Little Report Viewer - House or Horror</title>
<meta name="vs_target Schema"
content="http://schemas.microso ft.com/intellisense/ie5">
</HEAD>
<body>
<iframe runat="server" id="iReportView er" style="BACKGROU ND-COLOR:
#990000" name="doc" frameBorder="no "
width="100%" scrolling="auto " height="100%"></iframe>
</body>
</HTML>

That's it...

If you have AD for authentication, it'll take what you have (if SSRS
configured). When I play at home, it puts an 'in my face' login (since I'm
not running AD at home).

Good Luck - Rob

"Brendan Reynolds" wrote:
Thanks Rob. That looks promising. Unfortunately, my client-side scripting
skills are almost non-existent, and I'm having a hard time getting to grips
with this. Here's what I've done so far ...

I have an ASP.NET page with a listbox that displays available reports and a
literal control for the iframe. Here's the relevant part of the page's HTML
....

<TR>
<TD style="HEIGHT: 251px" vAlign="top" width="50%">
<asp:ListBox id="lstReports " runat="server" Width="100%"
Height="295px" AutoPostBack="T rue">
</asp:ListBox>
</TD>
<TD style="HEIGHT: 251px" vAlign="top" width="50%">
<asp:Literal id="MyLiteral" runat="server">
<IFRAME id="MyIFrame"> </IFRAME>
</asp:Literal>
</TD>
</TR>

I've translated your code into C#, which is what my page is using, and put
it in the SelectedIndexCh anged event procedure of my listbox ...

private void lstReports_Sele ctedIndexChange d(object sender, System.EventArg s
e)
{
string popupScript = @"<script language='javas cript'> "
+ @"var newwin = window.open('Re portViewer.aspx ?"
+ @"id=myreportid &qs=myquerystri ng', 'ReportViewer', "
+ @"'menubar=n o, toolbar=no, resizable=no'); "
+ @"newwin.window .moveTo(0,0); newwin.window.r esizeTo"
+ @"(screen.avail Width, screen.availHei ght);"
+ @"newwin.focus( );<script>";
this.RegisterSt artupScript("Po pupScript", popupScript);
}

My first question is - what do I need to change to load 'ReportViewer.a spx'
into the iframe?

--
Brendan Reynolds (MVP)
"Rob" <Ro*@discussion s.microsoft.com > wrote in message
news:B4******** *************** ***********@mic rosoft.com...
hi brendan

here's the solution I used (with a little bit of verbage to describe my
scenario):

1. I've built an ASP.NET site (in addition to the regular SSRS interface
for
reports).
2. This addition site looks almost like the browser interface for this
discussion group (ie. Treeview control on the left which groups 'like'
reports and an iframe right half which brings up the report criteria form
associated with the selected report, from the Treeview control on the
left).
3. on 'View Report' click from the iframed report(s) criteria page, I do
the
following in ASP.NET:

Dim popupScript As String = "<script
language='javas cript'>"
& _
"var newwin =
window.open('Re portViewer.aspx ?id=myreportid& qs=myquerystrin g',
'ReportViewer', 'menubar=no, toolbar=no, resizable=no');
newwin.window.m oveTo(0,0);
newwin.window.r esizeTo(screen. availWidth,scre en.availHeight) ;
newwin.focus(); </script>"
Page.RegisterSt artupScript("Po pupScript", popupScript)

4. This opens up ReportViewer.as px which iframes the call to SSRS. The
benefits of this is different report interfaces can be built on differents
sites AND there are no issue with this approach as far as 'cross-site
scripting'. For instance, my financial group has the own SSRS ASP.NET
interface, as well as other groups... They ALL point in the pop-up to the
SSRS site and get a previewed report (with report parameter fields if they
want to make changes). Also, ReportViewer.as px changes the iframe src
value
to what was passed to it from the reportcriteria .aspx.

5. Since the way the pop-up is created, there's no URL Address info and
the
ReportViewer.as px masks the URL by replacing the title.

Rob

"Brendan Reynolds" wrote:

I'm trying to integrate SQL Server Reporting Services reports into an
ASP.NET app (SRS 2000, ASP.NET 1.1). I know how to do this using direct
URL
addressing, but this exposes in the query string parameters that should
not
be exposed. Each user is associated with a school, and should see only
that
school's data. When the user logs in, I retrieve the SchoolID associated
with that user, and that SchoolID is used as a parameter in all stored
procedures to return only that school's data. It is this SchoolID that
needs
to be passed to the report. It doesn't matter if users see the SchoolID,
but
they must not be able to change the SchoolID, as they can if it forms
part
of the URL.

From the documentation and from previous discussions in the SRS
newsgroup,
it appears that there are four possible solutions to this:

1) Wait for SRS 2005 which I understand is due in November.

2) Use the web service instead of URL access and write a lot of code to
provide functionality you get built-in when using URL access.

3) Use URL access through a form POST method, as suggested in SRS Books
Online
(http://msdn.microsoft.com/library/en...intro_35pi.asp)

4) Require users to log in again when accessing reports, despite having
already logged in to the ASP.NET app. The report would prompt the user
for
user name and password, and pass these to the stored procedures instead
of
the SchoolID. This would avoid having to pass the SchoolID from the
ASP.NET
app to the reports, but I'm not sure that the users will accept the
inconvenience. (The passwords are of course stored in encrypted form, so
I'll need to add code to the reports to encrypt the password supplied by
the
user, but that's a separate issue.)

My questions are:

1) Can anyone confirm that the next version really does solve this
problem?

2) Any pointers to resources on using the web service, particularly on
how
to control rendering and how to reproduce the functionality of the
toolbar
you get when using URL access, would be welcome. (I already know about
SRS
Books Online and the articles reachable from the MSDN SQL Server
Developer
Center).

3) Can I use the POST method as suggested in SRS Books Online from within
an
ASP.NET app? I thought an ASP.NET page could only post back to itself, is
that not so?

Please don't feel that you have to have answers to all of these questions
before responding - suggestions or advice regarding any part of the
problem
would be most welcome.

--
Brendan Reynolds


Nov 19 '05 #7
Thanks Ernie. What about the encryption? The passwords are stored in
encrypted form in the database, so I can't just let the report prompt for
the password as an ordinary report parameter - it has to prompt for it, then
encrypt it, then assign that encrypted value to the report parameter. I know
how to do the encryption, what I don't know is how to 'intercept' the
parameter?

--
Brendan Reynolds

"Ernie Gutierrez" <eg********@ttw ireless.com> wrote in message
news:11******** **************@ g47g2000cwa.goo glegroups.com.. .
As an aside, we happen to use an implementation in which users do in
fact have to authenticate a second time in order to request a report.
It has had but a minor impact on users in our experience, generating no
complaints. I wouldn't rule out that possibility for fear of user
backlash.

Brendan Reynolds wrote:
Thanks Rob. That looks promising. Unfortunately, my client-side scripting
skills are almost non-existent, and I'm having a hard time getting to
grips
with this. Here's what I've done so far ...

I have an ASP.NET page with a listbox that displays available reports and
a
literal control for the iframe. Here's the relevant part of the page's
HTML
...

<TR>
<TD style="HEIGHT: 251px" vAlign="top" width="50%">
<asp:ListBox id="lstReports " runat="server" Width="100%"
Height="295px" AutoPostBack="T rue">
</asp:ListBox>
</TD>
<TD style="HEIGHT: 251px" vAlign="top" width="50%">
<asp:Literal id="MyLiteral" runat="server">
<IFRAME id="MyIFrame"> </IFRAME>
</asp:Literal>
</TD>
</TR>

I've translated your code into C#, which is what my page is using, and
put
it in the SelectedIndexCh anged event procedure of my listbox ...

private void lstReports_Sele ctedIndexChange d(object sender,
System.EventArg s
e)
{
string popupScript = @"<script language='javas cript'> "
+ @"var newwin = window.open('Re portViewer.aspx ?"
+ @"id=myreportid &qs=myquerystri ng', 'ReportViewer', "
+ @"'menubar=n o, toolbar=no, resizable=no'); "
+ @"newwin.window .moveTo(0,0); newwin.window.r esizeTo"
+ @"(screen.avail Width, screen.availHei ght);"
+ @"newwin.focus( );<script>";
this.RegisterSt artupScript("Po pupScript", popupScript);
}

My first question is - what do I need to change to load
'ReportViewer.a spx'
into the iframe?

--
Brendan Reynolds (MVP)
"Rob" <Ro*@discussion s.microsoft.com > wrote in message
news:B4******** *************** ***********@mic rosoft.com...
> hi brendan
>
> here's the solution I used (with a little bit of verbage to describe my
> scenario):
>
> 1. I've built an ASP.NET site (in addition to the regular SSRS
> interface
> for
> reports).
> 2. This addition site looks almost like the browser interface for this
> discussion group (ie. Treeview control on the left which groups 'like'
> reports and an iframe right half which brings up the report criteria
> form
> associated with the selected report, from the Treeview control on the
> left).
> 3. on 'View Report' click from the iframed report(s) criteria page, I
> do
> the
> following in ASP.NET:
>
> Dim popupScript As String = "<script
> language='javas cript'>"
> & _
> "var newwin =
> window.open('Re portViewer.aspx ?id=myreportid& qs=myquerystrin g',
> 'ReportViewer', 'menubar=no, toolbar=no, resizable=no');
> newwin.window.m oveTo(0,0);
> newwin.window.r esizeTo(screen. availWidth,scre en.availHeight) ;
> newwin.focus(); </script>"
> Page.RegisterSt artupScript("Po pupScript", popupScript)
>
> 4. This opens up ReportViewer.as px which iframes the call to SSRS. The
> benefits of this is different report interfaces can be built on
> differents
> sites AND there are no issue with this approach as far as 'cross-site
> scripting'. For instance, my financial group has the own SSRS ASP.NET
> interface, as well as other groups... They ALL point in the pop-up to
> the
> SSRS site and get a previewed report (with report parameter fields if
> they
> want to make changes). Also, ReportViewer.as px changes the iframe src
> value
> to what was passed to it from the reportcriteria .aspx.
>
> 5. Since the way the pop-up is created, there's no URL Address info and
> the
> ReportViewer.as px masks the URL by replacing the title.
>
> Rob
>
> "Brendan Reynolds" wrote:
>
>>
>> I'm trying to integrate SQL Server Reporting Services reports into an
>> ASP.NET app (SRS 2000, ASP.NET 1.1). I know how to do this using
>> direct
>> URL
>> addressing, but this exposes in the query string parameters that
>> should
>> not
>> be exposed. Each user is associated with a school, and should see only
>> that
>> school's data. When the user logs in, I retrieve the SchoolID
>> associated
>> with that user, and that SchoolID is used as a parameter in all stored
>> procedures to return only that school's data. It is this SchoolID that
>> needs
>> to be passed to the report. It doesn't matter if users see the
>> SchoolID,
>> but
>> they must not be able to change the SchoolID, as they can if it forms
>> part
>> of the URL.
>>
>> From the documentation and from previous discussions in the SRS
>> newsgroup,
>> it appears that there are four possible solutions to this:
>>
>> 1) Wait for SRS 2005 which I understand is due in November.
>>
>> 2) Use the web service instead of URL access and write a lot of code
>> to
>> provide functionality you get built-in when using URL access.
>>
>> 3) Use URL access through a form POST method, as suggested in SRS
>> Books
>> Online
>> (http://msdn.microsoft.com/library/en...intro_35pi.asp)
>>
>> 4) Require users to log in again when accessing reports, despite
>> having
>> already logged in to the ASP.NET app. The report would prompt the user
>> for
>> user name and password, and pass these to the stored procedures
>> instead
>> of
>> the SchoolID. This would avoid having to pass the SchoolID from the
>> ASP.NET
>> app to the reports, but I'm not sure that the users will accept the
>> inconvenience. (The passwords are of course stored in encrypted form,
>> so
>> I'll need to add code to the reports to encrypt the password supplied
>> by
>> the
>> user, but that's a separate issue.)
>>
>> My questions are:
>>
>> 1) Can anyone confirm that the next version really does solve this
>> problem?
>>
>> 2) Any pointers to resources on using the web service, particularly on
>> how
>> to control rendering and how to reproduce the functionality of the
>> toolbar
>> you get when using URL access, would be welcome. (I already know about
>> SRS
>> Books Online and the articles reachable from the MSDN SQL Server
>> Developer
>> Center).
>>
>> 3) Can I use the POST method as suggested in SRS Books Online from
>> within
>> an
>> ASP.NET app? I thought an ASP.NET page could only post back to itself,
>> is
>> that not so?
>>
>> Please don't feel that you have to have answers to all of these
>> questions
>> before responding - suggestions or advice regarding any part of the
>> problem
>> would be most welcome.
>>
>> --
>> Brendan Reynolds
>>
>>
>>

Nov 19 '05 #8

Thanks Rob. That almost works. I can display a report in the IFrame without
exposing the SchoolID to the user. Unfortunately, as soon as the user
chooses to export to PDF or Excel, Internet Explorer opens a new window,
with the SchoolID in the URL. Did I overlook something in your explanation
that would have avoided this?

--
Brendan Reynolds (MVP)

"Rob" <Ro*@discussion s.microsoft.com > wrote in message
news:26******** *************** ***********@mic rosoft.com...
hi

(hopefully, this sample code will make it thru to the forum)

ReportViewer.co debehind (relevant part)...

Private Sub ViewReport(ByVa l key As String, ByVal reporttype As String)
Dim iReportViewer As HtmlControl =
CType(Me.FindCo ntrol("iReportV iewer"), HtmlControl)
Dim rptid As String = Request.QuerySt ring("id")
Dim qs As String = Request.QuerySt ring("qs")
Select Case rptid
Case (this is my report number, ie. "id")
Case (whatever the report # is....)
Case 808 ' my Build Schedule Report
If qs = "All" Then ' they f'd up using All, can't be
quoted...
iReportViewer.A ttributes("src" ) =
"http://localhost/ReportServer?%2 f8_Build_Schedu le%2frptBuildSc hedule_8&BMP=Al l&rs:Command=Re nder"
Else
iReportViewer.A ttributes("src" ) =
"http://localhost/ReportServer?%2 f8_Build_Schedu le%2frptBuildSc hedule_8&BMP='"
+ qs + "'&rs:Command=R ender"
End If
iReportViewer.A ttributes("widt h") = "100%"
iReportViewer.A ttributes("heig ht") = "100%"
Case Else
' your exception code
End Select
End Sub

Shell of what you need for ReportViewer.as px

<%@ Page Language="vb" AutoEventWireup ="false"
Codebehind="Rep ortViewer.aspx. vb" Inherits="Robs. ReportViewer"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML>
<HEAD>
<title>My Little Report Viewer - House or Horror</title>
<meta name="vs_target Schema"
content="http://schemas.microso ft.com/intellisense/ie5">
</HEAD>
<body>
<iframe runat="server" id="iReportView er" style="BACKGROU ND-COLOR:
#990000" name="doc" frameBorder="no "
width="100%" scrolling="auto " height="100%"></iframe>
</body>
</HTML>

That's it...

If you have AD for authentication, it'll take what you have (if SSRS
configured). When I play at home, it puts an 'in my face' login (since I'm
not running AD at home).

Good Luck - Rob

"Brendan Reynolds" wrote:
Thanks Rob. That looks promising. Unfortunately, my client-side scripting
skills are almost non-existent, and I'm having a hard time getting to
grips
with this. Here's what I've done so far ...

I have an ASP.NET page with a listbox that displays available reports and
a
literal control for the iframe. Here's the relevant part of the page's
HTML
....

<TR>
<TD style="HEIGHT: 251px" vAlign="top" width="50%">
<asp:ListBox id="lstReports " runat="server" Width="100%"
Height="295px" AutoPostBack="T rue">
</asp:ListBox>
</TD>
<TD style="HEIGHT: 251px" vAlign="top" width="50%">
<asp:Literal id="MyLiteral" runat="server">
<IFRAME id="MyIFrame"> </IFRAME>
</asp:Literal>
</TD>
</TR>

I've translated your code into C#, which is what my page is using, and
put
it in the SelectedIndexCh anged event procedure of my listbox ...

private void lstReports_Sele ctedIndexChange d(object sender,
System.EventArg s
e)
{
string popupScript = @"<script language='javas cript'> "
+ @"var newwin = window.open('Re portViewer.aspx ?"
+ @"id=myreportid &qs=myquerystri ng', 'ReportViewer', "
+ @"'menubar=n o, toolbar=no, resizable=no'); "
+ @"newwin.window .moveTo(0,0); newwin.window.r esizeTo"
+ @"(screen.avail Width, screen.availHei ght);"
+ @"newwin.focus( );<script>";
this.RegisterSt artupScript("Po pupScript", popupScript);
}

My first question is - what do I need to change to load
'ReportViewer.a spx'
into the iframe?

--
Brendan Reynolds (MVP)
"Rob" <Ro*@discussion s.microsoft.com > wrote in message
news:B4******** *************** ***********@mic rosoft.com...
> hi brendan
>
> here's the solution I used (with a little bit of verbage to describe my
> scenario):
>
> 1. I've built an ASP.NET site (in addition to the regular SSRS
> interface
> for
> reports).
> 2. This addition site looks almost like the browser interface for this
> discussion group (ie. Treeview control on the left which groups 'like'
> reports and an iframe right half which brings up the report criteria
> form
> associated with the selected report, from the Treeview control on the
> left).
> 3. on 'View Report' click from the iframed report(s) criteria page, I
> do
> the
> following in ASP.NET:
>
> Dim popupScript As String = "<script
> language='javas cript'>"
> & _
> "var newwin =
> window.open('Re portViewer.aspx ?id=myreportid& qs=myquerystrin g',
> 'ReportViewer', 'menubar=no, toolbar=no, resizable=no');
> newwin.window.m oveTo(0,0);
> newwin.window.r esizeTo(screen. availWidth,scre en.availHeight) ;
> newwin.focus(); </script>"
> Page.RegisterSt artupScript("Po pupScript", popupScript)
>
> 4. This opens up ReportViewer.as px which iframes the call to SSRS. The
> benefits of this is different report interfaces can be built on
> differents
> sites AND there are no issue with this approach as far as 'cross-site
> scripting'. For instance, my financial group has the own SSRS ASP.NET
> interface, as well as other groups... They ALL point in the pop-up to
> the
> SSRS site and get a previewed report (with report parameter fields if
> they
> want to make changes). Also, ReportViewer.as px changes the iframe src
> value
> to what was passed to it from the reportcriteria .aspx.
>
> 5. Since the way the pop-up is created, there's no URL Address info and
> the
> ReportViewer.as px masks the URL by replacing the title.
>
> Rob
>
> "Brendan Reynolds" wrote:
>
>>
>> I'm trying to integrate SQL Server Reporting Services reports into an
>> ASP.NET app (SRS 2000, ASP.NET 1.1). I know how to do this using
>> direct
>> URL
>> addressing, but this exposes in the query string parameters that
>> should
>> not
>> be exposed. Each user is associated with a school, and should see only
>> that
>> school's data. When the user logs in, I retrieve the SchoolID
>> associated
>> with that user, and that SchoolID is used as a parameter in all stored
>> procedures to return only that school's data. It is this SchoolID that
>> needs
>> to be passed to the report. It doesn't matter if users see the
>> SchoolID,
>> but
>> they must not be able to change the SchoolID, as they can if it forms
>> part
>> of the URL.
>>
>> From the documentation and from previous discussions in the SRS
>> newsgroup,
>> it appears that there are four possible solutions to this:
>>
>> 1) Wait for SRS 2005 which I understand is due in November.
>>
>> 2) Use the web service instead of URL access and write a lot of code
>> to
>> provide functionality you get built-in when using URL access.
>>
>> 3) Use URL access through a form POST method, as suggested in SRS
>> Books
>> Online
>> (http://msdn.microsoft.com/library/en...intro_35pi.asp)
>>
>> 4) Require users to log in again when accessing reports, despite
>> having
>> already logged in to the ASP.NET app. The report would prompt the user
>> for
>> user name and password, and pass these to the stored procedures
>> instead
>> of
>> the SchoolID. This would avoid having to pass the SchoolID from the
>> ASP.NET
>> app to the reports, but I'm not sure that the users will accept the
>> inconvenience. (The passwords are of course stored in encrypted form,
>> so
>> I'll need to add code to the reports to encrypt the password supplied
>> by
>> the
>> user, but that's a separate issue.)
>>
>> My questions are:
>>
>> 1) Can anyone confirm that the next version really does solve this
>> problem?
>>
>> 2) Any pointers to resources on using the web service, particularly on
>> how
>> to control rendering and how to reproduce the functionality of the
>> toolbar
>> you get when using URL access, would be welcome. (I already know about
>> SRS
>> Books Online and the articles reachable from the MSDN SQL Server
>> Developer
>> Center).
>>
>> 3) Can I use the POST method as suggested in SRS Books Online from
>> within
>> an
>> ASP.NET app? I thought an ASP.NET page could only post back to itself,
>> is
>> that not so?
>>
>> Please don't feel that you have to have answers to all of these
>> questions
>> before responding - suggestions or advice regarding any part of the
>> problem
>> would be most welcome.
>>
>> --
>> Brendan Reynolds
>>
>>
>>


Nov 19 '05 #9

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

1
3647
by: GeekMarine1972 | last post by:
We are planning to deploy the MS Reporting Services. Unfortunately, there isn't much guidance on how to effectively size a server. Here are my questions: 1) In an environment with 1 reporting server (hosting the reporting data layer, application, and management layer) connecting to 1 or more SQL servers (over 2 trunked 1Gbps switches connections), what is the constraining resource when running large reports against a database of say...
8
2744
by: Woody Splawn | last post by:
I am asking this question here because I asked this question in the Reporting Services Newsgroup and did not get an answer. Does anyone know if Reporting Services is intended to work in a client/Server or Local machine environment? Based on what I have seen my guess is yes but that is a guess. In some materal it talks about it running on a web server but my supposition is that this does not necessarily mean that it would not make for a...
1
1296
by: LeAnne | last post by:
I've got SQL Server 2000 Developer edition. Now, where can i get the SQL Server 2000 Reporting Serives from for Win XP Pro?? I can't seem to find a link or any page where I could download this or buy this from. I just need a developer edition of SQL 2000 Reporting Services for Windows XP Pro.
16
2317
by: Jeremy S. | last post by:
I'm about to install VS.NET 2005 and SQL Server 2005 on a new/clean development machine (XP Pro/SP2 etc). Is the order of installation important (i.e., which product should I install first)? Thanks!
2
6958
by: Jobs | last post by:
Download the JAVA , .NET and SQL Server interview with answers Download the JAVA , .NET and SQL Server interview sheet and rate yourself. This will help you judge yourself are you really worth of attending interviews. If you own a company best way to judge if the candidate is worth of it. http://www.questpond.com/InterviewRatingSheet.zip
1
1759
by: yhafeez1 | last post by:
We are in the process of doing a side by side installation of the SQL server 2000 and SQL server 2005 on the same server. To install the Reporting services feature of SQL server 2005 requires IIS. We have a seperate web server running IIS that connects to the database server. My question is : can we still install Reporting services on the database server without the IIS? Thank you
3
2045
by: =?Utf-8?B?Sm9uIEphY29icw==?= | last post by:
We use SQL Server 2000 We user VS 2005 How can we use SQL Server reporting Services? Thanks,
0
2241
by: fperri | last post by:
Hi, I am trying to configure reporting services which I just added to an already existing installation of SQL Server 2005. When I am in the reporting services configuration manager and I am trying to create the reporting services database I get the following error: Verifying Database Edition The feature: "Using other editions of SQL Server for report data sources and/or the report server database" is not supported in this edition of...
0
8750
marktang
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
0
9111
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
1
9004
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
0
7853
agi2029
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
1
6585
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
0
5922
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
0
4421
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
0
4679
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
2
2439
muto222
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.