Suppose my QV reports are integrtaed to some third party client application. Now the application can have multiple roles and users to access the same.
Whenever some user tries to login into client webpart, they would be having some userid and password to access the client application. So these userid and password should be be reflected in the section access of QV document, i mean QV section access should fetch the userid and password from the web application. And receiving the userid it should open the necessary QV files which are accessible for the respective user. Inturn QV security should work windows authentication as well as the authorisation without asking the user to enter their userid and password again, like the QV asks "enter userid and password".
Is this possible to achieve in QV?
If so please provide me the solution to get the same.
I'm not sure about this one, because you need Windows Authentication to work. I'm doing pretty much the same thing without Windows Authentication though. I've built a simple ASP.NET page that requests a ticket from
System.IO.StreamWriter sw = new System.IO.StreamWriter(request.GetRequestStream()); sw.Write(parameters); sw.Flush();
System.IO.StreamReader sr = new System.IO.StreamReader(request.GetResponse().GetResponseStream()); System.Xml.XmlDocument doc = new System.Xml.XmlDocument(); doc.LoadXml(sr.ReadToEnd()); if (doc.InnerText.Length > 0) { return doc.InnerText; // At this point you've got the ticket in doc.InnerText. }
I then use this ticket for ajax pages (I can't tell if you're using these, are you connecting to the QV files directly?) like this: myqv_ajax/?userid=ticket
I haven't tested this when connecting to QV files directly, nor have I tested it with section access. I'm using DMS authorization, so this may cause problems too. Still, it's worth a shot 🙂 If this works, keep in mind it's a security risk. You'll have to protect qvsviewclient.asp so that unauthorized users cannot request tickets like this - they're essentially given away for free.
My question here is how this code is working for you? Is it taking the userid from the application and according the authorization is happening the QV file. Means according to the user logged in the data should be shown from the QV file.
Actually, the username you ask for here can be anything - it doesn't require a password. This means you can easily impersonate someone else (which may or may not be a security problem in your case). You probably want to use the username from the third party application you're using.
So you mean to say the users who ever logs in to the application ,based on that the QV file will open,irrespective of the password.
But whether the data will be shown according to the user access priviladge, i mean to ask the user should not see any extra data for which he does not have the acess.
I'm not sure about that, as everyone can see the same data in my case. I would expect this to work, but then things dont always work the way I expect 🙂
The file will indeed open without a password, so the password should be handled by the third party application.
A couple of years ago I solved this (rather complicated) with .net in more or less the following way:
1. After user was authenticated by single sign on, I called QV document and passed user name through parameter, for example qvp://server/document.qvw?UserName=<% =environment.username %>
2. inside the QV there was a table that according to the username, would apply a filter to the rest of the cloud.
3. On load of the QV I would run a script that would get the username variable value an apply filter.
Since this was done 2 years ago I assume there's a easier way to do this than (what I did) replicating section access functionality.
