473,325 Members | 2,442 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,325 software developers and data experts.

Print Web Reports (impersonate)

I have a ASP.NET project that prints a report to a NETWORK-
PRINTER. I have impersonate=true in my web.config, but all
reports are printed under ASPNET user (the one that is
setted in MACHINE.CONFIG).

I'm using Crystal Reports on WEB-SERVER, and it is running
FRAMEWORK 1.0 in Windows 2000 Server. My IIS security is
setted to "Windows Integrated Authentication" and
Anonymous Access is disabled.

Does any one knows how to send the report with the client
identification.

Thanks in advance,

Alvaro Pereira
Nov 18 '05 #1
4 3537
Hi Alvaro Pereira,

Thank you for using Microsoft Newsgroup Service. Based on your description,
you are dealing with a WebReport, the application is Internet based and you
want the user view the report to it using its own access token(identity)
when printing the
web report. Also, you've set the impersonation="true" in the web.config
file and done the right setting in IIS, however you found that when the
report is printing , the asp.net workprocess still runnging under the
ASP.NET account(the default workprocess account)? Please correct me if my
understanding is not quite accurate.

If so, this problem is concerned to the ASP.NET web security. As for the
impersonation, this feature is mostly used for the "intranet based" web
application since the workprocess will access other resources under the
user's access token(identity).
This feature is buildin ASP.NET, it should be used together with the IIS.
Generally, you should
1. set the IIS's security configuration:
select the "Windows Integrated Authentication" and disable the "Anonymous
User"
2. In asp.net web applicaiton's web.config file(note that the relative
setting in Machine.config can be overwritten by the web.config):
set the authentication mode as "Windows", for example:
<authentication mode="Windows">
</authentication>

and set the "impersonation= true"
<identity impersonate ="true" />

Then, when the user access the web application, he'll first check identity
in the IIS if pass, his identity(token) will be passed by the IIS to the
ASP.NET applicatioh(because you set the authentication mode="Windows"). And
as you also set the impersonate="true", when the asp.net workproeccess is
executing or calling some other server resources , it is using the
identity(token) passed by the IIS(just the user's identity, it should be a
valid account on the server machine).

For more infomation on ASP.NET's security mode and configuration, you can
view the tech articels on MSDN, here is the web link for the asp.net
security architecture:
http://msdn.microsoft.com/library/en...etarchitecture
..asp?frame=true
and the impersonation:
http://msdn.microsoft.com/library/en...etimpersonatio
n.asp?frame=true

Please try the preceding suggestion. If you have any questions on it,
please feel free to let me know.

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Nov 18 '05 #2
Hi Steven,

I'm already with the following configuratins:
1. In IIS Anonymous Access is unckecked, and "Integrated
Windows authentication is checked"
2. In Applications WEB.CONFIG we already have
<authentication mode="Windows"> and <identity impersonate
="true" />.

The web server is in the same domain as the end-user.
Everythink works fine, except that, when the end-user
prints a report, the report goes to printer queue under
ASPNET user context, and so, the end user can't manage it
using default printer ACL, in witch only a member of
Administrators group or the report OWNER can manage the
report (restart, purge, etc...).
-----Original Message-----
Hi Alvaro Pereira,

Thank you for using Microsoft Newsgroup Service. Based on your description,you are dealing with a WebReport, the application is Internet based and youwant the user view the report to it using its own access token(identity)when printing the
web report. Also, you've set the impersonation="true" in the web.configfile and done the right setting in IIS, however you found that when thereport is printing , the asp.net workprocess still runnging under theASP.NET account(the default workprocess account)? Please correct me if myunderstanding is not quite accurate.

If so, this problem is concerned to the ASP.NET web security. As for theimpersonation, this feature is mostly used for the "intranet based" webapplication since the workprocess will access other resources under theuser's access token(identity).
This feature is buildin ASP.NET, it should be used together with the IIS.Generally, you should
1. set the IIS's security configuration:
select the "Windows Integrated Authentication" and disable the "AnonymousUser"
2. In asp.net web applicaiton's web.config file(note that the relativesetting in Machine.config can be overwritten by the web.config):set the authentication mode as "Windows", for example:
<authentication mode="Windows">
</authentication>

and set the "impersonation= true"
<identity impersonate ="true" />

Then, when the user access the web application, he'll first check identityin the IIS if pass, his identity(token) will be passed by the IIS to theASP.NET applicatioh(because you set the authentication mode="Windows"). Andas you also set the impersonate="true", when the asp.net workproeccess isexecuting or calling some other server resources , it is using theidentity(token) passed by the IIS(just the user's identity, it should be avalid account on the server machine).

For more infomation on ASP.NET's security mode and configuration, you canview the tech articels on MSDN, here is the web link for the asp.netsecurity architecture:
http://msdn.microsoft.com/library/en- us/cpguide/html/cpconaspnetarchitecture.asp?frame=true
and the impersonation:
http://msdn.microsoft.com/library/en- us/cpguide/html/cpconaspnetimpersonation.asp?frame=true

Please try the preceding suggestion. If you have any questions on it,please feel free to let me know.

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers norights.)

.

Nov 18 '05 #3
Hi Alvaro Pereira ,
Thank you for the response. I've reviewed some other reference on the
ASP.NET's web security machism. The setting in the ASP.NET 's web.config
file is correct. The problem is probably due to the IIS settting or the
operating system. Is the NETWORK printer at the same machine with the
ASP.NET WEB SERVER or on another remote server?

1.If the webserver and the printer are on the same machine, It seems a bit
strange since all the configuration you've mentioned are all ok. Would you
please try out access other resources on the server machine, such as
database server. For example, use the SQL profiler for SQLServer to test
whether the impersonate is ok.

2. If the printer is a printer in on another public remote server(not the
same machine with the ASP.NET web server), I think this problem should due
to the ASP.NET application's "delegation" not simply "impersonation".
Because impersonation only make the asp.net workprocess running under the
client user's token when he access the protected resources on the server
machine. If the resources are on another machine, then the "delegation"
machism is on effect. The delegation will allow the asp.net workprocess use
the client user's token to access those protected resoures on other
machine, however, there'll have more limits and requirement on "delegation"
than impersonation, such as IIS authentication mode, operation system....
For the detailed info on "delegation" , you can visit the following web
link:

http://msdn.microsoft.com/library/en...tdelegation.as
p?frame=true

When you use the integrid windows authentication in IIS, if you want to
permit "delegation" in the asp.net, both the client (Internet Explorer 5.0
and later) and server (IIS 5.0 and later) are running Windows 2000 or
later, and both are members of the same domain or trusted domains.
Otherwise, the server defaults to using NTLM(which won't support the
"delegation").

I think you can also try accessing some remote database server for testing.

Please try out the suggestion and let me know your result. If you have any
new findings please also let me know.

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Nov 18 '05 #4
Hi Steven,

Thank you for your response. Here goes more information:

1. The Web Server is in one machine and the print server
is in another machine;
2. Both machines are under the same domain
3. Both machines are running W2K and the WEB SERVER runs
IIS 5
4. All clients runs at least IE 5.5

I'll study and try to use the delegation. I will return
ASAP.

Thanks

Alvaro Pereira
-----Original Message-----
Hi Alvaro Pereira ,
Thank you for the response. I've reviewed some other reference on theASP.NET's web security machism. The setting in the ASP.NET 's web.configfile is correct. The problem is probably due to the IIS settting or theoperating system. Is the NETWORK printer at the same machine with theASP.NET WEB SERVER or on another remote server?

1.If the webserver and the printer are on the same machine, It seems a bitstrange since all the configuration you've mentioned are all ok. Would youplease try out access other resources on the server machine, such asdatabase server. For example, use the SQL profiler for SQLServer to testwhether the impersonate is ok.

2. If the printer is a printer in on another public remote server(not thesame machine with the ASP.NET web server), I think this problem should dueto the ASP.NET application's "delegation" not simply "impersonation".Because impersonation only make the asp.net workprocess running under theclient user's token when he access the protected resources on the servermachine. If the resources are on another machine, then the "delegation"machism is on effect. The delegation will allow the asp.net workprocess usethe client user's token to access those protected resoures on othermachine, however, there'll have more limits and requirement on "delegation"than impersonation, such as IIS authentication mode, operation system....For the detailed info on "delegation" , you can visit the following weblink:

http://msdn.microsoft.com/library/en- us/vsent7/html/vxconaspnetdelegation.asp?frame=true

When you use the integrid windows authentication in IIS, if you want topermit "delegation" in the asp.net, both the client (Internet Explorer 5.0and later) and server (IIS 5.0 and later) are running Windows 2000 orlater, and both are members of the same domain or trusted domains.Otherwise, the server defaults to using NTLM(which won't support the"delegation").

I think you can also try accessing some remote database server for testing.
Please try out the suggestion and let me know your result. If you have anynew findings please also let me know.

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers norights.)

.

Nov 18 '05 #5

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

4
by: Wendy Elizabeth | last post by:
I would like to know how to print a crystal report that was generated in the ..NET framework using a Visual Basic.NET web application and/or a Visual basic.NET windows application. When crystal...
0
by: Ian | last post by:
(Sorry if I have repeated this, it did not appear the first time) I have the following code on a button. The idea is that when this button is clicked it prints several reports automatically then...
2
by: Claudia Fong | last post by:
Hi, I have 4 reports created in Ms-access and I will use VB to print those reports. My problem is I'm not sure if I can control wich report to print.. Those reports are almost the same, what...
0
by: Ann | last post by:
I have a C# application that uses PrintDocument and PrintPage to draw reports. Now I need to integrate a tax form printing from a legacy VC++ DLL into the C# application. One of the important...
1
by: Kiran | last post by:
Hi, I have my reports at http:\\localhost\ReportServer and need to use them in ASP.NET Web Form.I have a few questions reg. this ------> I want to generate a PDF when a button labeled...
56
by: peng | last post by:
Hi, I am development a project using C#.Net. Inside application, it needs to print labels on different Zebra label printers on the network. I used a shell script, but it only worked on the...
2
by: Rod | last post by:
We've got an old VB6 application which has 9 Crystal Reports it can print. These 9 reports are considered by our users to be in essence one "report", in the sense that they are all related and they...
3
by: Santosh | last post by:
Hii.. i am printing crystal reports in asp.net for that purpose i am using PrintTo Printer method but for that it is needed me to pass printer name which is installed on my local computer but...
12
by: Studiotyphoon | last post by:
Hi, I have report which I need to print 3 times, but would like to have the following headings Customer Copy - Print 1 Accounts Copy - Print 2 File Copy -Print 3 I created a macro to...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
1
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.