Re: Authentication tag confusion

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: Joe Genshlea (joegensh_at_yahoo.com)
Date: 05/26/04 

Date: Wed, 26 May 2004 14:59:21 -0700

Thanks, just one clarification about this instruction:

> What you can do is to put the following in your connection string:
> Roles=cf_olap
> Then, make sure you setup the virtual directory to run as a user that has
> access to this role and enable Anonymous access.

Which connection string are you referring to? The one in the SOAP header or
the the connection string in the datasources.xml file?

If the latter, which tags? <DataSourceInfo>?

"Akshai Mirchandani [MS]" <akshaim@online.microsoft.com> wrote in message
news:40b501d6$1@news.microsoft.com...
> This is how it normally works. The client user is authenticated by IIS --
> either using NTLM, Basic, etc. If the virtual directory is configured as
> Anonymous, then the thread is going to run as the anonymous user (by
default
> IUSR_xxx or IWAM_xxx but this is configurable). This user is then used to
> connect to the Analysis Server.
>
> What you can do is to put the following in your connection string:
> Roles=cf_olap
> Then, make sure you setup the virtual directory to run as a user that has
> access to this role and enable Anonymous access.
>
> Note that turning on anonymous access means that everyone will be able to
> connect to the virtual directory and everyone will get access to your
data.
> If every user that connects has access to this role, then you could leave
> the authentication to be NTLM or Basic and this would still work.
>
> HTH,
> Akshai
> --
> This posting is provided "AS IS" with no warranties, and confers no rights
> Please do not send email directly to this alias. This alias is for
newsgroup
> purposes only.
>
> "Joe Genshlea" <joegensh@yahoo.com> wrote in message
> news:ujQ4NrqQEHA.3660@TK2MSFTNGP10.phx.gbl...
> > Thanks,
> >
> > I have a role setup in Analysis Services called cf_olap which I would
like
> > to apply to all requests submitted through the xmla webservice. I have
> > included the authentication credentials in the DataSourceInfo as:
> >
> > <DataSourceInfo>Provider=MSOLAP.2;Data Source=analysis1;User ID
=cf_olap;
> > password =password</DataSourceInfo>
> >
> > with no success.
> >
> > My question is: How does Analysis Services identify the roles
associated
> > with requests posted through the xmla service? I am not real familiar
> with
> > SOAP, but my guess is that the credentials are supplied in the SOAP
> envelope
> > header. If a userId is provided this way, will IIS pass these
credentials
> > all the way through to AS2K?
> >
> > Joe
> >
> >
> >
> >
> > "Akshai Mirchandani [MS]" <akshaim@online.microsoft.com> wrote in
message
> > news:40b38d8e$1@news.microsoft.com...
> > > Actually the AuthenticationMode in the DISCOVER_DATASOURCES response
is
> > > informational rather than anything else. It does not affect the roles
in
> > > AS2k at all.
> > >
> > > Security must be set on the virtual directory of the XMLA SDK
> installation
> > > by enabling some form of authentication there. Note that if you turn
> > > "Anonymous authentication" on, it overrides the other modes -- so make
> > sure
> > > you turn it off if you want to use security.
> > >
> > > HTH,
> > > Akshai
> > > --
> > > This posting is provided "AS IS" with no warranties, and confers no
> rights
> > > Please do not send email directly to this alias. This alias is for
> > newsgroup
> > > purposes only.
> > >
> > > "Joe Genshlea" <joegensh@yahoo.com> wrote in message
> > > news:OM238lnQEHA.3988@tk2msftngp13.phx.gbl...
> > > > When the AuthenticationMode tag is set to "Authenticated", does the
> web
> > > > service bypass (for lack of a better term) the roles set up in AS2K?
> If
> > > so,
> > > > what is the best way to impose some sort of security on the XML
posts?
> > > >
> > > > Joe
> > > >
> > > >
> > >
> > >
> >
> >
>
>

Relevant Pages

  • Re: Authentication tag confusion
    ... I was referring to the DataSourceInfo tag in the datasources.xml file. ... >> What you can do is to put the following in your connection string: ... >> access to this role and enable Anonymous access. ... If the virtual directory is configured as ...
    (microsoft.public.data.xmlanalysis)
  • Re: 440 Login Timeout on OWA
    ... this issue is related with the anonymous access on ... the Exchweb virtual directory. ... Open IIS from the Server Management ... Expand the Default Web Site and open the properties page of ExchWeb ...
    (microsoft.public.backoffice.smallbiz)
  • Re: 440 Login Timeout on OWA
    ... this issue is related with the anonymous access on ... the Exchweb virtual directory. ... please restart your IIS service and test your issue again. ... After logging on to Remote Web Workplace ...
    (microsoft.public.backoffice.smallbiz)
  • Re: 440 Login Timeout on OWA
    ... this issue is related with the anonymous access on ... the Exchweb virtual directory. ... please restart your IIS service and test your issue again. ... After logging on to Remote Web Workplace ...
    (microsoft.public.backoffice.smallbiz)
  • Re: My boss....
    ... Click the Edit button under Authentication and access control, ... properties, Web site tab, Advanced button) ... Exchange virtual directory, clear the anonymous access box, clear Integrated ...
    (microsoft.public.windows.server.dns)