Despite the COVID-19 outbreak, our team continues operating at full speed. We are always here to support and answer all your questions.

Feel free to reach out by filling this quick form.

Fill the form
Get Free Trial
Contact us Get Free Trial
  1. API reference
  2. Welcome
    1. Getting started
    2. Get Flexmonster
    3. Quick start
    4. System requirements
    5. Troubleshooting
    6. Managing license keys
    7. Migrating from WebDataRocks to Flexmonster
  3. Integration with frameworks
    1. Available tutorials
    2. Integration with Angular
    3. Integration with React
    4. Integration with Vue
    5. Other integrations
      1. Integration with Python
        1. Integration with Django
        2. Integration with Jupyter Notebook
      2. Integration with React Native
      3. Integration with AngularJS (v1.x)
      4. Integration with TypeScript
      5. Integration with R Shiny
      6. Integration with jQuery
      7. Integration with Ionic
      8. Integration with Electron.js
      9. Integration with Webpack
      10. Integration with RequireJS
  4. Connecting to Data Source
    1. Supported data sources
    2. JSON
      1. Connecting to JSON
      2. Connecting to JSON using Flexmonster Data Server
      3. Data types in JSON
    3. CSV
      1. Connecting to CSV
      2. Connecting to CSV using Flexmonster Data Server
      3. Data types in CSV
    4. Database
      1. Connecting to SQL databases
      2. Connecting to a MySQL database
      3. Connecting to a Microsoft SQL Server database
      4. Connecting to a PostgreSQL database
      5. Connecting to an Oracle database
    5. Flexmonster Data Server
      1. Introduction to Flexmonster Data Server
      2. Getting started with Flexmonster Data Server
      3. Configurations reference
      4. Data sources guide
      5. Security and authorization guide
      6. The Data Server as a DLL
        1. Getting started with the Data Server as a DLL
        2. Referencing the Data Server as a DLL
        3. Implementing the API controller
        4. Implementing the server filter
        5. Implementing the custom parser
        6. DLL configurations reference
        7. The controller's methods for request handling
      7. Troubleshooting the Data Server
    6. MongoDB
      1. Introduction to Flexmonster MongoDB Connector
      2. Getting started with the MongoDB Connector
      3. Embedding the MongoDB Connector into the server
    7. Microsoft Analysis Services
      1. Connecting to Microsoft Analysis Services
      2. Getting started with Flexmonster Accelerator
      3. Referencing the Accelerator as a DLL
      4. Configuring the authentication process
      5. Configuring a secure HTTPS connection
      6. Troubleshooting
    8. Custom data source API
      1. Introduction to the custom data source API
      2. A quick overview of a sample Node.js server
      3. A quick overview of a sample .NET Core server
      4. Implement your own server
        1. Implementing the custom data source API server
        2. Implementing filters
        3. Supporting more aggregation functions
        4. Supporting multilevel hierarchies
        5. Returning data for the drill-through view
        6. Testing your custom data source API server
    9. Elasticsearch
      1. Connecting to Elasticsearch
      2. Configuring the mapping
    10. Pentaho Mondrian
      1. Connecting to Pentaho Mondrian
      2. Getting started with the Accelerator
      3. Configuring Mondrian roles
      4. Configuring username/password protection
      5. Configuring a secure HTTPS connection
      6. Troubleshooting
    11. Connecting to other data sources
  5. Security
    1. Security in Flexmonster
    2. Security aspects of connecting to an OLAP cube
      1. Ways of connecting to an OLAP cube
      2. The data transfer process
      3. Data security
      4. Data access management
  6. Configuring report
    1. What is a report
    2. Data source
    3. Slice
    4. Options
    5. Mapping
    6. Number formatting
    7. Conditional formatting
    8. Set the report for the component
    9. Get the report from the component
    10. Date and time formatting
    11. Configuring global options
    12. Export and print
    13. Calculated values
    14. Custom sorting
  7. Charts
    1. Available tutorials
    2. Flexmonster Pivot Charts
    3. Integration with Highcharts
    4. Integration with amCharts
    5. Integration with Google Charts
    6. Integration with FusionCharts
    7. Integration with any charting library
  8. Customizing
    1. Available tutorials
    2. Customizing the Toolbar
    3. Customizing appearance
    4. Customizing the context menu
    5. Customizing the grid
    6. Customizing the pivot charts
    7. Localizing the component
  9. Updating to the latest version
    1. Updating to the latest version
    2. Release notes
    3. Migration guide from 2.7 to 2.8
    4. Migration guide from 2.6 to 2.7
    5. Migration guide from 2.5 to 2.6
    6. Migration guide from 2.4 to 2.5
    7. Migration guide from 2.3 to 2.4
    8. Migration guide from 2.2 to 2.3
  10. Flexmonster CLI Reference
    1. Overview
    2. Troubleshooting the CLI
    3. flexmonster create
    4. flexmonster add
    5. flexmonster update
    6. flexmonster version
    7. flexmonster help
  11. Documentation for older versions
Table of contents

Configuring the authentication process

This tutorial explains how to manage the authentication process when working with SQL Server Analysis Services (SSAS).

We support three different approaches:

  1. Using roles from Analysis Services – this approach is the easiest and it works for both XMLA and the Accelerator.
  2. Using Windows authentication:
  3. Using custom authorization – works for the Accelerator, recommended for those who already have an ASP.NET portal that handles authorization.

1. Using roles from Analysis Services

In SQL Server Analysis Services, access rights are provided based on roles. More information about role configuration can be found in this tutorial from Microsoft.

After roles are configured in Analysis Services, they can be specified in Flexmonster reports by using the roles property. This property is available for both XMLA and the Accelerator. The following sample demonstrates how to specify roles:

{ 
    dataSource: { 
        type: "microsoft analysis services", 
        /* URL to msmdpump.dll */
        proxyUrl: "https://olap.flexmonster.com/olap/msmdpump.dll", 
        catalog: "Adventure Works DW Standard Edition", 
        cube: "Adventure Works", 
        /* roles from SSAS, you can add multiple
           roles separated by comma */
        roles: "Sales Manager US" 
    }
}

Open the example on JSFiddle.

2.1. Using Windows authentication for XMLA

Starting from version 2.8.2, Windows authentication is available when connecting to SSAS via XMLA.

Follow the steps below to configure Windows authentication for the XMLA connection.

Step 1. Configure XMLA access to the cube

Skip this step if you already have XMLA configured. Otherwise refer to this article: how to set up an HTTP endpoint for accessing an Analysis Services instance.

Step 2. Allow the OPTIONS request

In CORS, the browser sends the OPTIONS preflight request to the server. This request determines which request methods and headers the server allows.

The OPTIONS preflight request cannot contain any credentials, so Windows Integrated Authentication will reject this request and ask for authentication. Thus, the server should always accept the preflight request. To allow the OPTIONS request, see the following guide: CORS tutorial.

Step 3. Configure the data source on the client

Windows authentication should be allowed on the client side as well. To enable the authentication on the client, set the withCredentials property of the Data Source Object to true:

var pivot = new Flexmonster({
    container: "pivotContainer",
    toolbar: true, 
    report: {
        dataSource: {
            type: "microsoft analysis services",
            proxyUrl: "https://localhost/OLAP/msmdpump.dll",
            catalog: "Adventure Works DW Standard Edition",
            cube: "Adventure Works",
            withCredentials: true
        }
    }
});

After applying the configurations, the requests to Microsoft Analysis Services will be performed using your current Windows user.

2.2. Using Windows authentication for Flexmonster Accelerator

Starting from version 2.8.5, Windows authentication is supported for Flexmonster Accelerator. 

Follow the guides below to configure Windows authentication for your type of the Accelerator.

Accelerator as a Windows Service

Step 1. Enable authentication on the server

Windows authentication on the server side can be enabled in the flexmonster.config file – a special configuration file for Flexmonster Accelerator. In this file, set the WINDOWS_AUTH property to true to enable the authentication:

WINDOWS_AUTH=true

Step 2. Specify origins from which requests should be accepted

When enabled, the authentication requires certain origins to be defined in the Access-Control-Allow-Origin header. Origin is a domain that sends requests to Flexmonster Accelerator (e.g., http://localhost:8080 or https://example.com). To allow the origin to send requests to the Accelerator, specify the ALLOW_ORIGIN property in the flexmonster.config file:

ALLOW_ORIGIN=http://localhost:8080

Several origins can be defined as follows:

ALLOW_ORIGIN=http://localhost:8080, https://example.com

Step 3. Configure the data source on the client

Windows authentication should be allowed on the client side as well. To enable the authentication on the client, set the withCredentials property of the Data Source Object to true: 

var pivot = new Flexmonster({
    container: "pivotContainer",
    toolbar: true, 
    report: {
        dataSource: {
            type: "microsoft analysis services",
            proxyUrl: "http://localhost:50005",
            catalog: "Adventure Works DW Standard Edition",
            cube: "Adventure Works",
            binary: true,
            withCredentials: true
         }
    }
});

To apply the configurations, restart Flexmonster Accelerator. You can check if the Accelerator is up and running by navigating to its URL in the browser (http://localhost:50005 by default).

Flexmonster Accelerator will automatically use your current Windows user to perform impersonated requests to Microsoft Analysis Services.

If the page with Flexmonster Pivot is opened in the Incognito browser window, the pop-up window prompting to enter your login and password should appear. After you log in with your Windows user credentials, Flexmonster Accelerator should successfully connect to the data source.

Accelerator as a DLL

This guide contains the following sections:

Run the sample project with Windows authentication

To illustrate how Windows authentication can be configured in an Accelerator DLL project, we added the windows-authentication branch to our sample GitHub application.

To run the sample project, complete these steps:

Step 1. Download the .zip archive with the windows-authentication branch or clone it from GitHub with the following command:

git clone -b windows-authentication https://github.com/flexmonster/pivot-accelerator-dll

Step 2. Open the sample project in Visual Studio using the Flexmonster Accelerator MVC.sln solution file.

Step 3. Update the NuGet packages if needed:

  1. Right-click the project name in Solution Explorer and select Manage NuGet Packages in the context menu.
  2. Go to the Updates tab and check the Select all packages checkbox.
  3. Click the Update button.

Step 4. Open the FlexmonsterConfig.cs file and specify your data source (e.g., localhost):

public static void Register()
{
  Flexmonster.Accelerator.Controllers.FlexmonsterProxyController
  .ConnectionString = "Data Source=yourDataSource";
  // Other configurations
}

Step 5. Now go to the Index.cshtml view and set your values for the catalog and cube properties:

dataSource: {
    dataSourceType: "microsoft analysis services",
    proxyUrl: "/api/accelerator/",
    catalog: "Your Catalog",
    cube: "Your Cube",
    binary: true,
    withCredentials: true
}

Step 6. Run the sample project by clicking the IIS Express button on the toolbar:

The IIS Express button on the toolbar

To see the result, open http://localhost:55158/ in your browser. Flexmonster Accelerator will automatically use your current Windows user to perform impersonated requests to Microsoft Analysis Services.

Configure Windows authentication in your application

Now let’s see which configurations you should set to enable Windows authentication in your project:

  1. Enable authentication on the Accelerator’s side in the FlexmonsterConfig.cs file:
    public static void Register()
    {
      // Other configurations
      Flexmonster.Accelerator.Controllers.FlexmonsterProxyController
      .AuthEnabled = true;
      Flexmonster.Accelerator.Controllers.FlexmonsterProxyController
      .Impersonator = new WindowsImpersonatorFactory();
      // Other configurations
    }
  2. In the Web.config file, specify the <security> element to define authentication configurations for the server: 
    <system.webServer>
      <!-- Other tags -->
      <security>
        <authentication>
          <anonymousAuthentication enabled="true" />
          <windowsAuthentication enabled="true" />
        </authentication>
        <authorization>
          <remove users="*" roles="" verbs=""/>
          <add accessType="Allow" users="?" verbs="OPTIONS"/>
          <add accessType="Deny" 
           users="?" verbs="GET,PUT,POST,DELETE"
          />
          <add accessType="Allow" roles="Users" />
        </authorization>
      </security>
      <!-- Other tags -->
    </system.webServer>
    Learn more about the <security> element in the Microsoft documentation.
  3. In the pivot-accelerator-dll/.vs/Flexmonster Accelerator MVC/config/applicationhost.config file, find the anonymousAuthentication element and set its enabled attribute to true. Then do the same for the windowsAuthentication element: 
    <authentication>
      <anonymousAuthentication enabled="true" userName="" />
          <!-- Other configs -->
      <windowsAuthentication enabled="true">
             <!-- Other configs -->
      </windowsAuthentication>
    </authentication>
    Note that the .vs/ folder appears after opening the project in Visual Studio, and it is hidden by default. See the Microsoft documentation for guidance on displaying hidden folders.
  4. Set the dataSource.withCredentials property to true in your .cshtml page (e.g., Index.cshtml):
    dataSource: {
        dataSourceType: "microsoft analysis services",
        proxyUrl: "/api/accelerator/",
        catalog: "Your Catalog",
        cube: "Your Cube",
        binary: true,
        withCredentials: true
    },

Now you can use Windows authentication in your Accelerator DLL project.

3. Using custom authorization

If you already have an ASP.NET portal that handles users and an authorization process, the most convenient option is to embed the Accelerator into that system. For this purpose, we recommend referencing the Accelerator as a DLL and integrating a Web API endpoint. Endpoint access is fully controlled by the ASP.NET portal so you can manage security in any way you want. The overall process is described in the diagram below. For more details regarding referencing the Accelerator as a DLL please read our tutorial.

customAuthorization

What’s next?

You may be interested in the following articles: