1. API reference
  2. Welcome
    1. Component overview
    2. Quick start
    3. System requirements
    4. Troubleshooting
    5. Managing license keys
  3. Connecting to Data Source
    1. JSON
      1. Connecting to JSON
      2. Connecting to JSON using the Data Compressor
      3. Data types in JSON
    2. CSV
      1. Connecting to CSV
      2. Connecting to CSV using the Data Compressor
      3. Data types in CSV
    3. Database
      1. Connecting to SQL databases
      2. Connecting to other databases
      3. Connecting to a database with Node.js
      4. Connecting to a database with .NET
      5. Connecting to a database with .NET Core
      6. Connecting to a database with Java
      7. Connecting to a database with PHP
    4. Microsoft Analysis Services
      1. Connecting to Microsoft Analysis Services
      2. Getting started with the Accelerator
      3. Installing the Accelerator as a Windows Service
      4. Referring the Accelerator as a DLL
      5. Configuring the authentication process
      6. Configuring a secure HTTPS connection
      7. Troubleshooting
    5. Pentaho Mondrian
      1. Connecting to Pentaho Mondrian
      2. Getting started with the Accelerator
      3. Configuring Mondrian roles
      4. Сonfiguring username/password protection
      5. Сonfiguring a secure HTTPS connection
      6. Troubleshooting
    6. icCube
  4. Security
    1. Security in Flexmonster
    2. Security aspects when connecting to an OLAP cube
      1. The data transfer process
      2. Data security
      3. Data access management
    3. Security aspects when connecting to a database
      1. The data transfer process
      2. Data access management
  5. Configuring report
    1. What is a report
    2. Data source
    3. Slice
    4. Options
    5. Number formatting
    6. Conditional formatting
    7. Set report to the component
    8. Get report from the component
    9. Date and time formatting
    10. Configuring global options
    11. Export and print
    12. Calculated values
    13. Custom sorting
  6. Integration with frameworks
    1. Available tutorials
    2. Integration with AngularJS (v1.x)
    3. Integration with Angular
    4. Integration with React
    5. Integration with Webpack
    6. Integration with ASP.NET
    7. Integration with jQuery
    8. Integration with JSP
    9. Integration with TypeScript
    10. Integration with RequireJS
    11. Integration with PhoneGap
  7. Integration with charts
    1. Integration with Highcharts
    2. Integration with Google Charts
    3. Integration with FusionCharts
    4. Integration with any charting library
  8. Customizing
    1. Customizing toolbar
    2. Customizing appearance
    3. Customizing context menu
    4. Localizing component
  9. Updating to the latest version
    1. Updating to the latest version
    2. Release notes
    3. Migration guide from 2.5 to 2.6
    4. Migration guide from 2.4 to 2.5
    5. Migration guide from 2.3 to 2.4
    6. Migration guide from 2.2 to 2.3
    7. Documentation for older versions
Table of contents

Configuring the authentication process

This tutorial explains how to manage the authentication process when working with SQL Server Analysis Services (SSAS).

We support three different approaches:

  1. Using roles from Analysis Services – this approach is the easiest and it works for both XMLA and the Accelerator.
  2. Using Windows username/password protection – works for the Accelerator, requires MSMDPUMP configuration.
  3. Using custom authorization – works for the Accelerator, recommended for those who already have an ASP.NET portal that handles authorization.

1. Using roles from Analysis Services

In SQL Server Analysis Services, access rights are provided based on roles. More information about role configuration can be found in this tutorial from Microsoft.

After roles are configured in Analysis Services, they can be specified in Flexmonster reports by using the roles property. This property is available for both XMLA and the Accelerator. The following sample demonstrates how to specify roles:

    dataSource: {
        dataSourceType: "microsoft analysis services",
		// URL to msmdpump.dll 
        proxyUrl: "http://olap.flexmonster.com/olap/msmdpump.dll",
        catalog: "Adventure Works DW Standard Edition",
        cube: "Adventure Works",
        // roles from SSAS, you can add multiple roles separated by comma
        roles: "Sales Manager US"

Open the example on JSFiddle.

2. Using Windows username/password protection

If you want to add username/password protection, you need to use the Accelerator and configure MSMDPUMP. Flexmonster Accelerator is required because the browser cuts off authorization headers that are added by JavaScript. MSMDPUMP configuration is required to prevent SSAS from ignoring the username/password from the connection string and instead using the credentials from the active Windows user in direct connections.

To configure username/password protection follow these steps:

Step 1: Configure a secure HTTP endpoint for accessing Analysis Services

Set up an HTTP endpoint for Analysis Services on the IIS server. Skip this step if this is already done. Refer to the MSDN documentation for information on IIS configuration. In this step, you also configure authentication types.

Step 2: Create a default user for Flexmonster Accelerator

A username and password are defined in the flexmonster.config file for the Accelerator on the server side. These credentials are used to start the Accelerator, check the connection to the data source, and connect anonymous users. It is strongly recommended to create a user for the Accelerator with default privileges. DO NOT use an admin account for this purpose.

Navigate to Control Panel > Administrative Tools > Computer Management and choose System Tools > Local Users and Groups > Users. Add a new user (e.g. flexmonster) by right-clicking as shown in the screenshot.


Step 3: Configure Flexmonster Accelerator

Open flexmonster.config and specify the following CONNECTION_STRING parameters:

CONNECTION_STRING=Data Source=<endpoint_url>;UID=<username>;Password=<password>;


  • <endpoint_url> – URL to the HTTP endpoint (i.e. http://localhost/ssas/msmdpump.dll)
  • <username> – username of the default user (e.g. flexmonster)
  • <password> – password of the default user

The Accelerator is ready to be launched and should successfully connect to the data source. Just run the flexmonster-proxy-ssas.exe with administrator privileges.

You can check if the Accelerator is up and running by navigating to its URL in the browser (http://localhost:50005 by default).

3. Using custom authorization

If you already have an ASP.NET portal that handles users and an authorization process, the most convenient option is to embed the Accelerator into that system. For this purpose, we recommend referring the Accelerator as a DLL and integrating a Web API endpoint. Endpoint access is fully controlled by the ASP.NET portal so you can manage security in any way you want. The overall process is described in the diagram below. For more details regarding referring the Accelerator as a DLL please read our tutorial.