I have an asp.net application. This application provide consolidated information to the user using Analysis Services 2005.
Within it, one aspx page uses MDX query to retrieve the information from the cube. However, we are unable to access AS 2005 because of authentication issues. What would be the easier to implement and deploy scenario?
1) Using kerberos
2) creating a webservice with some Identity to access AS 2005 and using an agent in the application;
3) some other mechanism.
Has AS 2005 come up with some mechanism to allow easy access from web applications (just like sql server authentication in SQL 2005). Is there any feature that we could use? What about anonymous access?
The closest thing we have with AS and sql logins, is http access. Using http access you can set a uid and pwd on the connect string and then the system will use those to authenitcate you against IIS (where the AS server is). This allows your ASP.NET application to use a canned account to access AS. See the connection string parameters allowed on ADOMD.NET (which is what you should be using as a managed provider for your ASP.NET application).
_-_-_ Dave
|||And how do you implement AS role-based security in this scenario?If you use a canned account to access AS, you cannot match you users with an AS role.
Am I missing something ?|||You didn't say that you wanted to use role-based security, so I gave you a general answer. There are two issues here:
1) getting basic connectivity. If the IIS / ASP.NET machine is in a common domain then you can connect using normal NT authentication (run the virtual directory anonymously and do your own authentication within the application) -- have the anonymouse user for the vd to be a common domain account with the AS server and ensure that it is an Analysis Services sysadmin. If not in a common domain, then use http connectivity and specify an NT UID/PWD which is an AS sysadmin.
2) Once you are connected as an AS sysadmin, then you can use the new EFFECTIVEUSERNAME to set the appropriate username for the connection. Then BINGO there you are.
Hope that helps.
_-_-_ Dave
No comments:
Post a Comment