Re: AS 2005 HTTP access with Basic Authentication
- From: "Scott Ivey" <iveys@xxxxxxxxxxxxx>
- Date: Wed, 21 Dec 2005 06:28:02 -0800
Thanks Akshai. The engineer on my case (John Desh) mentioned that he had
talked to you about this as well. I'm anxious for a fix, but can live with
the workaround in the meantime.
Scott Ivey
"Akshai Mirchandani [MS]" wrote:
> As per our discussions so far with the WinHttp team this will take time to
> solve on their end. In the interim we're investigating other options, but
> please have patience for this issue.
>
> Thanks,
> Akshai
> --
> This posting is provided "AS IS" with no warranties, and confers no rights
> Please do not send email directly to this alias. This alias is for newsgroup
> purposes only.
>
> "Pat" <pat@xxxxxxxxxxxxx> wrote in message
> news:6853A86A-DABF-4057-BB3B-C543E2FF2D16@xxxxxxxxxxxxxxxx
> > Thanks for the clarification. So the problem seems to be at the client
> > rather
> > than at the server as I was assuming.
> > In any case, This is also an Excel issue, not just IE.
> >
> > Leaving aside the cause of the problem, users are expecting to sign-in
> > once
> > to the server and then to carry on working without having to sign-in
> > again.
> > This used to work with AS2000, and we need to find a solution for it to
> > work
> > with AS2005 too.
> >
> > Please refer to my reply to your other post for technical details, and
> > thanks for looking into this issue.
> >
> > "Akshai Mirchandani [MS]" wrote:
> >
> >> Re-posting part of my other posting to this thread:
> >>
> >> 2. If you are inside Internet Explorer and browse to a web page and
> >> specify
> >> Basic authentication credentials. Then the web page inside IE tries to
> >> connect to an AS server over HTTP in the same "realm" -- for AS 2000,
> >> this
> >> would work without demanding the basic authentication credentials again.
> >> But
> >> in AS 2005, you are required to re-submit the credentials a second time.
> >> There is a good technical explanation for this which I won't go into, but
> >> the AS 2000 way was a little unsafe and it's probably a good thing that
> >> this
> >> doesn't work today...
> >>
> >> Since there seems to be a big issue for you folks let me try to go into a
> >> more detailed explanation here -- hopefully that will clear this up a
> >> little.
> >>
> >> AS 2000's PTS (msolap80) used WinInet to connect to the server over HTTP.
> >> AS
> >> 2005 uses a newer API called WinHttp -- this newer API is safe for
> >> servers
> >> and is in general a much better API to use. Unfortunately the impact
> >> appears
> >> to be this:
> >> - Internet Explorer also uses WinInet
> >> - When PTS 8.0 ran within Internet Explorer, it's WinInet connections
> >> were
> >> automatically re-using the credentials that Internet Explorer had
> >> obtained
> >> when connecting to the same realm
> >> - Since PTS 8.0 doesn't use WinInet, it doesn't inherit those same
> >> credentials and it requires you to re-authenticate the user
> >>
> >> This is still under investigation and it's possible that we're mistaken
> >> about this behavior -- but there is a high likelihood that this is the
> >> cause.
> >>
> >> Unfortunately this isn't something that can be easily worked around --
> >> the
> >> WinInet credentials may not be available outside WinInet. Additionally,
> >> since these components are not owned by the SQL Server group, it will
> >> take
> >> some time to find the right people to investigate and its possible there
> >> isn't a solution...
> >>
> >> If you get in touch with your support contact again, please send them my
> >> name and ask them to get in touch with me if they have any questions.
> >>
> >> Thanks,
> >> Akshai
> >> --
> >> This posting is provided "AS IS" with no warranties, and confers no
> >> rights
> >> Please do not send email directly to this alias. This alias is for
> >> newsgroup
> >> purposes only.
> >>
> >> "Scott Ivey" <iveys@xxxxxxxxxxxxx> wrote in message
> >> news:251D57D7-02D7-469C-A137-EE5A00063120@xxxxxxxxxxxxxxxx
> >> > Pat - I agree with you that its a bigger problem. My solution worked
> >> > fine
> >> > before I upgraded to AS2005. My current problem is that OWC hosted in
> >> > my
> >> > sharepoint 2.0 site will now NEVER prompt for a username & password,
> >> > even
> >> > if
> >> > I include prompt=1. My sharepoint server & AS/HTTP server have
> >> > different
> >> > domain names, so it should always prompt for the cross domain data
> >> > request
> >> > anyway, but never does. It always did this with AS2000 before I
> >> > upgraded
> >> > to
> >> > 2005, but since the upgrade, it never prompts. I'm able to use a
> >> > hard-wired
> >> > username & password in the connect string, but would prefer to have it
> >> > prompt
> >> > the user so that I can use their own username & password instead of a
> >> > single
> >> > shared one. Another thing worth noting, is that like pat said, if I'm
> >> > in
> >> > the
> >> > domain or connected to the server via VPN, it will work, but when I'm
> >> > not
> >> > connected via any other means than my IE browser to the sharepoint
> >> > site,
> >> > nothing works at all.
> >> >
> >> > I've had an open support ticket on this for a week now, and have had a
> >> > hard
> >> > time convincing any of the support techs that I've talked to that this
> >> > is
> >> > a
> >> > problem for me. I keep getting handed around from group to group
> >> > inside
> >> > microsoft, and everyone says that its the next guys problem. I'm
> >> > feeling
> >> > like my $245 for this incident hasn't been well spent.
> >> >
> >> > Scott
> >> >
> >> > "Pat" wrote:
> >> >
> >> >> It means that I have authenticated to IIS with basic authentication.
> >> >> When
> >> >> the
> >> >> client navigates to the page containing the OWC control, IIS requests
> >> >> the
> >> >> userID+pwd for basic authentication.
> >> >> With AS2000 that's all you need. The subsequent connection from OWC to
> >> >> AS2000 is done using this authentication token.
> >> >>
> >> >> With AS2005, you're suggesting to add a "prompt=1" in the OWC
> >> >> connection
> >> >> string. What happens is the following: User navigates to the page
> >> >> containing
> >> >> the OWC control and IIS requests the userID+pwd for basic
> >> >> authentication,
> >> >> as
> >> >> above.
> >> >> When connecting OWC to AS2005 though, the prompt=1 causes you to enter
> >> >> your
> >> >> userID+password once again. This means that the previous
> >> >> authentication
> >> >> to
> >> >> IIS is completely bypassed.
> >> >> You have to do that because OLEDB 9.0 and AS2005 are not able to work
> >> >> the
> >> >> way OLEDB 8.0 and AS2000 did. They cannot use the IIS token.
> >> >>
> >> >> In my opinion, this is the reason why you cannot connect to AS2005
> >> >> from
> >> >> Excel, whichever way you try (even the prompt=1 cheat doesn't help)
> >> >> unless
> >> >> client and server are in the same domain.
> >> >>
> >> >>
> >> >> "Edward Melomed [MSFT]" wrote:
> >> >>
> >> >> > Hi Pat.
> >> >> > I was looking at your previous postings and it is bit hard to
> >> >> > understand
> >> >> > what is going on in your situation.
> >> >> > When you are saying that you alreday authenticated to IIS , what
> >> >> > does
> >> >> > that
> >> >> > mean?
> >> >> >
> >> >> >
> >> >> > "Pat" <pat@xxxxxxxxxxxxx> wrote in message
> >> >> > news:8E504CDE-4FEA-436B-BD3C-676D555B6345@xxxxxxxxxxxxxxxx
> >> >> > > Come on Edward, there are several posts on this newsgroup
> >> >> > > documenting
> >> >> > > that
> >> >> > > HTTP with Basic Authentication doesn't work on AS2005.
> >> >> > > I have a support incident open for 3 weeks and counting about
> >> >> > > this,
> >> >> > > and I
> >> >> > > saw somebody else on this newsgroup with another support incident
> >> >> > > still
> >> >> > > open.
> >> >> > > The issue is caused by OLEDB 9.0, who doesn't let the credentials
> >> >> > > pass
> >> >> > > from
> >> >> > > IIS to AS2005.
> >> >> > > It probably works on your own workstation because you are signed
> >> >> > > in
> >> >> > > as a
> >> >> > > user that is known to the server, thus bypassing the basic
> >> >> > > authentication.
> >> >> > >
> >> >> > >
> >> >> > > "Edward Melomed [MSFT]" wrote:
> >> >> > >
> >> >> > >> Once you enabled the Basic Authentication you need to make sure
> >> >> > >> you
> >> >> > >> specify
> >> >> > >> your credentials.
> >> >> > >> You can do it ever by specifying "user" and "password" connection
> >> >> > >> string
> >> >> > >> properties in your connection string.
> >> >> > >> Or you can add "prompt=1" to your connection string and you will
> >> >> > >> get
> >> >> > >> additional dialog asking for your credentials.
> >> >> > >>
> >> >> > >>
> >> >> > >> Edward Melomed
> >> >> > >> --
> >> >> > >> This posting is provided "AS IS" with no warranties, and confers
> >> >> > >> no
> >> >> > >> rights.
> >> >> > >>
> >> >> > >>
> >> >> > >>
> >> >> > >> "Scott Ivey" <iveys@xxxxxxxxxxxxx> wrote in message
> >> >> > >> news:3B651890-487C-4A78-B1DB-635E99C12C3F@xxxxxxxxxxxxxxxx
> >> >> > >> > Hi all - hopefully someone here can help me out with this. I
> >> >> > >> > have
> >> >> > >> > an
> >> >> > >> > open
> >> >> > >> > ticket on this with MS as well, and none of their techs seem to
> >> >> > >> > know
> >> >> > >> > how
> >> >> > >> > to
> >> >> > >> > help me. I have enabled HTTP access to our Analysis Services
> >> >> > >> > 2005
> >> >> > >> > server
> >> >> > >> > by
> >> >> > >> > following the steps at
> >> >> > >> > http://www.microsoft.com/technet/prodtechnol/sql/2005/httpasws.mspx -
> >> >> > >> > however, I need to use BASIC AUTHENTICATION instead of Windows
> >> >> > >> > Integrated.
> >> >> > >> > Once I enable basic and disable integrated, everything just
> >> >> > >> > stops
> >> >> > >> > working.
> >> >> > >> > I
> >> >> > >> > found another article saying that AS 2005 ignores basic
> >> >> > >> > authentication
> >> >> > >> > by
> >> >> > >> > default, and gives steps to change the setting, but the screen
> >> >> > >> > that
> >> >> > >> > they
> >> >> > >> > talk
> >> >> > >> > about doesn't exist, and the one that does that looks similar
> >> >> > >> > doesn't
> >> >> > >> > list
> >> >> > >> > the properties necessary to change. Link to that article is...
> >> >> > >> > http://msdn2.microsoft.com/en-us/library/ms174573.aspx. It
> >> >> > >> > says
> >> >> > >> > the
> >> >> > >> > following - "Based on the default setting of 1, Analysis
> >> >> > >> > Services
> >> >> > >> > rejects
> >> >> > >> > client requests that are submitted by using Basic
> >> >> > >> > authentication.
> >> >> > >> > To
> >> >> > >> > accept
> >> >> > >> > client requests that use Basic authentication, change the
> >> >> > >> > setting
> >> >> > >> > for
> >> >> > >> > this
> >> >> > >> > property to 0." I tried to add the property directly thru
> >> >> > >> > msmdsrv.ini
> >> >> > >> > file,
> >> >> > >> > but that didn't seem to work either. Anyone else have any
> >> >> > >> > other
> >> >> > >> > ideas?
> >> >> > >> > I'm
> >> >> > >> > desperate here - I'm supposed to be on vacation tomorrow, and
> >> >> > >> > if I
> >> >> > >> > don't
> >> >> > >> > have
> >> >> > >> > this fixed by then, i'm in deep $*%!.
> >> >> > >> >
> >> >> > >> >
> >> >> > >> > Thanks!
> >> >> > >> >
> >> >> > >> > Scott Ivey
> >> >> > >>
> >> >> > >>
> >> >> > >>
> >> >> >
> >> >> >
> >> >> >
> >>
> >>
> >>
.
- References:
- Re: AS 2005 HTTP access with Basic Authentication
- From: Edward Melomed [MSFT]
- Re: AS 2005 HTTP access with Basic Authentication
- From: Edward Melomed [MSFT]
- Re: AS 2005 HTTP access with Basic Authentication
- From: Pat
- Re: AS 2005 HTTP access with Basic Authentication
- From: Scott Ivey
- Re: AS 2005 HTTP access with Basic Authentication
- From: Akshai Mirchandani [MS]
- Re: AS 2005 HTTP access with Basic Authentication
- From: Pat
- Re: AS 2005 HTTP access with Basic Authentication
- From: Akshai Mirchandani [MS]
- Re: AS 2005 HTTP access with Basic Authentication
- Prev by Date: Re: "between" calculated measure issue in AS2005...
- Next by Date: Re: i am new to msolap so i want to know about books or link
- Previous by thread: Re: AS 2005 HTTP access with Basic Authentication
- Next by thread: Re: AS 2005 HTTP access with Basic Authentication
- Index(es):
Relevant Pages
|
Loading
