Re: HTTP Access to SSAS with anonymous even possible?
- From: "Jeje" <willgart@xxxxxxxxxxx>
- Date: Wed, 31 Oct 2007 21:57:59 -0400
strange to know that your policy prohibit this option!!!!
it's a first recommendation when you have multiple servers...
and more specially in your case.
the only other option is:
* authorize the windows guest account on the SSAS server
* enable the anonymous access to SSAS
from what I remember, the guest account must be enabled to allow anonymous access to SSAS...
but enabling the guest account is far more unsecure than changing iusr_machine to a domain account !!!!
but... do you really need anonymous account?
or do you want to use the kerberos delegation system?
also using HTTP, you can specify a user id / password in the connection string.
so everybody can use the same user / password (a restricted account which can be used only in SSAS)
"MattM" <MattM@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:67746D29-8F6B-495B-92D4-3E01C2255978@xxxxxxxxxxxxxxxx
This isn't an option in our environment because our security policy prohibits.
it. I can't imagine this would be advisible or wise either. Plus, if this is
what is required to make anonymous access work, then it most definitely
should be part of the instructions and the IUSR_Machine account shouldn't
even be mentioned.
Again, the white paper seems misleading to me because it appears that
anonymous is not possible unless IIS and SSAS are on the same box.
"Jeje" wrote:
try to change the anonymous account in IIS
instead of using the IUSR_Machine account, use a valid user domain account.
"MattM" <MattM@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:EADA9907-1397-47E3-9B94-A6EB1B4B4987@xxxxxxxxxxxxxxxx
> I'm trying to follow the information at this link
> (http://www.microsoft.com/technet/prodtechnol/sql/2005/httpasws.mspx) > but
> I
> think it's misleading me into thinking I can accomplish my goal. The
> article
> states you can have SSAS and IIS on separate servers. It also says you > can
> use anonymous access. But I think you can't have both.
>
> The white paper says when using anonymous access the msmdpump.dll is
> running
> with the IUSR_MACHINENAME account, but with the SSAS on a separate > server
> it's not possible to add that account as valid because that account is
> local
> to the IIS server. So the IIS server is sending it's IUSR_MACHINENAME
> account
> but the SSAS server won't allow it.
>
> My goal is convert some OWC reports on ASP pages from SQL 2000 to SSAS
> 2005.
> The code worked fine with our SQL 2000 server but so far we can't get > it
> work
> on SSAS 2005.
- Follow-Ups:
- Next by Date: Re: HTTP Access to SSAS with anonymous even possible?
- Next by thread: Re: HTTP Access to SSAS with anonymous even possible?
- Index(es):
Relevant Pages
|
