Re: Using forms authentication to control security access to msolap.asp. Is it possible using ASP.NET?

Dave:
Read "intend" and not "pretend" in the following sentence:
IIS Server and Analysis Services are currently in the same machine, and
we don't pretend to change this in near future, at least unless this
authentication problem is resolved.

My native language is Portuguese, and "intend" is "pretender" in
portuguese - my mistake.

"Ravi Ambros Wallau" <nospam@xxxxxxxxxx> wrote in message
news:%23OAUTTzcFHA.2436@xxxxxxxxxxxxxxxxxxxxxxx
> Dave:
> IIS Server and Analysis Services are currently in the same machine, and
> we don't pretend to change this in near future, at least unless this
> authentication problem is resolved.
> We are using HTTP access, and only the HTTP port 80 is enabled in our
> firewall. The "Pivot Table" component maps to the URL in our IIS server,
> as described in the docs you presented to me.
> Resuming, our infra seems to be ok.
> The problem is that we use Forms Authentication to validate user and
> password. Our application has a user database, and the internet portal can
> be used to add/ edit users, and to change their roles in the system. We
> can't leave the URL of MSOLAP open to the world, as I told before, because
> this is a big security issue.
> It seems to me that MSOLAP.ASP + MSMDPUMP.DLL page are only a "bridge"
> between Analysis Services and the "Pivot Table" component present in some
> ASP.NET (or HTML) page. I've successfully change MSOLAP.ASP page to log
> all Server Variables, Cookies and Session attributes into a file. But that
> what is really usefull to me (Session) is unavailable, probally because
> it's provided by an ASP.NET application.
>
> So, my two questions are:
> 1. Is there some trick to enable Forms Authentication in MSOLAP.ASP?
> (my guess is No based on your post...)
> 2. Is there some port of MSOLAP.ASP to ASP.NET? I've tryed one, but
> everytime I call the MSMDPUMP method I receive a COMException... I'll keep
> trying.
>
> Well, this is it.
>
> "Dave Wickert [MSFT]" <dwickert@xxxxxxxxxxxxxxxxxxxx> wrote in message
> news:ess%23o0rcFHA.1288@xxxxxxxxxxxxxxxxxxxxxxx
>> Analysis Services only supports NT authentication. Ultimately everything
>> has to get back to an NT account. See the section titled "Security
>> Administration" in the AS Operations Guide
>> http://www.microsoft.com/technet/prodtechnol/sql/2000/maintain/anservog.mspx
>> and additional information in the Improved Web Connectivity white paper
>> http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnsql2k/html/sql_datapump.asp
>>
>> What kind of connectivity do you have between the IIS server (where your
>> ASP.NET app is running) and the Analysis server? Are they on the same
>> machine? Or different machines in same domain? Or different machines with
>> a firewall between them?
>>
>> What kind of access are you using between your ASP.NET app and Analysis
>> Services? TCP/IP or http access? If using TCP/IP then your server name in
>> the connectstring is the machine name for the Analysis server -- if using
>> http access then your server name in the connectstring is:
>> http://<machinename>/<virtual_directory_for_where_msolap_dot_asp_lives>
>>
>> What that I could provide some guidance around what your options are.
>> --
>> Dave Wickert [MSFT]
>> dwickert@xxxxxxxxxxxxxxxxxxxx
>> Program Manager
>> BI SystemsTeam
>> SQL BI Product Unit (Analysis Services)
>> --
>> This posting is provided "AS IS" with no warranties, and confers no
>> rights.
>>
>>
>> "Ravi Ambros Wallau" <nospam@xxxxxxxxxx> wrote in message
>> news:%23UxihJrcFHA.2688@xxxxxxxxxxxxxxxxxxxxxxx
>>> Hi:
>>> My organization has developed a portal made in ASP.NET (C#). This
>>> portal is open for Internet, and we decide to use Forms Authentication
>>> to validate user and password. This authentication doesn't seems to be
>>> valid (or not) when using MSOLAP.ASP. It's a big security risk for me
>>> leave the MSOLAP.ASP page open "to the world", and it's really boring to
>>> the user tip a logon information again, and also the extra effort to
>>> keep a second user database (in Windows or in another place) is tedious,
>>> error prone and inneficient.
>>> Is there some way that force MSOLAP.ASP to use Forms Authenticatiom?
>>> Debugging this ASP page, I have some suspicious that cookies and another
>>> informations are sent with MSOLAP request, better saying, some browser
>>> informations are sent within ActiveX request.
>>> But I really can't find any usefull to validate the user. Session is
>>> unavaiable for me, I believe that the reason is that my application is
>>> developed is ASP.NET.
>>> Is there some port of MSOLAP.ASP for .Net platform? Is it possible to
>>> use Forms Authentication? Did anyone had the same problem?
>>>
>>> Thanks,
>>> Ravi.
>>>
>>
>>
>
>


.