Dear visitor, despite all the challenges, our team continues operating at full speed.

We are ready to help with any questions you may have. Please fill out this quick form and we'll get back to you.

Fill the form
Get Free Trial
Get Free Trial
  1. API reference
  2. Welcome
    1. Component overview
    2. Quick start
    3. System requirements
    4. Troubleshooting
    5. Managing license keys
    6. Migrating from WebDataRocks to Flexmonster
  3. Connecting to Data Source
    1. JSON
      1. Connecting to JSON
      2. Connecting to JSON using Flexmonster Data Server
      3. Data types in JSON
    2. CSV
      1. Connecting to CSV
      2. Connecting to CSV using Flexmonster Data Server
      3. Data types in CSV
    3. Database
      1. Connecting to SQL databases
      2. Connecting to a MySQL database
      3. Connecting to a Microsoft SQL Server database
      4. Connecting to a PostgreSQL database
      5. Connecting to an Oracle database
      6. Connecting to other databases
    4. Flexmonster Data Server
      1. Getting started with Flexmonster Data Server
      2. Installation guide
      3. Configurations reference
      4. Data sources guide
      5. Security and authorization guide
      6. The Data Server as a DLL
        1. Getting started with the Data Server as a DLL
        2. Referring the Data Server as a DLL
        3. Implementing the API controller
        4. Implementing the server filter
        5. Implementing the custom parser
        6. DLL configurations reference
        7. The controller's methods for request handling
    5. MongoDB
      1. Introduction to Flexmonster MongoDB Connector
      2. Getting started with the MongoDB Connector
      3. Embedding the MongoDB Connector into the server
    6. Microsoft Analysis Services
      1. Connecting to Microsoft Analysis Services
      2. Getting started with the Accelerator
      3. Installing the Accelerator as a Windows service
      4. Referring the Accelerator as a DLL
      5. Configuring the authentication process
      6. Configuring a secure HTTPS connection
      7. Troubleshooting
    7. Custom data source API
      1. Introduction to the custom data source API
      2. A quick overview of a sample Node.js server
      3. A quick overview of a sample .NET Core server
      4. Implementing the custom data source API server
      5. Implementing filters
      6. Supporting more aggregation functions
      7. Returning data for the drill-through view
    8. Elasticsearch
      1. Connecting to Elasticsearch
      2. Configuring the mapping
    9. Pentaho Mondrian
      1. Connecting to Pentaho Mondrian
      2. Getting started with the Accelerator
      3. Configuring Mondrian roles
      4. Configuring username/password protection
      5. Configuring a secure HTTPS connection
      6. Troubleshooting
  4. Security
    1. Security in Flexmonster
    2. Security aspects of connecting to an OLAP cube
      1. Ways of connecting to an OLAP cube
      2. The data transfer process
      3. Data security
      4. Data access management
  5. Configuring report
    1. What is a report
    2. Data source
    3. Slice
    4. Options
    5. Mapping
    6. Number formatting
    7. Conditional formatting
    8. Set the report for the component
    9. Get the report from the component
    10. Date and time formatting
    11. Configuring global options
    12. Export and print
    13. Calculated values
    14. Custom sorting
  6. Integration with frameworks
    1. Available tutorials
    2. Integration with Angular
    3. Integration with React
    4. Integration with Vue
    5. Integration with Python
      1. Integration with Django
      2. Integration with Jupyter Notebook
    6. Integration with React Native
    7. Integration with AngularJS (v1.x)
    8. Integration with TypeScript
    9. Integration with R Shiny
    10. Integration with jQuery
    11. Integration with Ionic
    12. Integration with Electron.js
    13. Integration with Webpack
    14. Integration with RequireJS
  7. Charts
    1. Available tutorials
    2. Flexmonster Pivot Charts
    3. Integration with Highcharts
    4. Integration with Google Charts
    5. Integration with FusionCharts
    6. Integration with any charting library
  8. Customizing
    1. Customizing the Toolbar
    2. Customizing appearance
    3. Customizing the context menu
    4. Customizing the grid
    5. Customizing the pivot charts
    6. Localizing the component
  9. Updating to the latest version
    1. Updating to the latest version
    2. Release notes
    3. Migration guide from 2.7 to 2.8
    4. Migration guide from 2.6 to 2.7
    5. Migration guide from 2.5 to 2.6
    6. Migration guide from 2.4 to 2.5
    7. Migration guide from 2.3 to 2.4
    8. Migration guide from 2.2 to 2.3
    9. Documentation for older versions
Table of contents

Configuring the authentication process

This tutorial explains how to manage the authentication process when working with SQL Server Analysis Services (SSAS).

We support three different approaches:

  1. Using roles from Analysis Services – this approach is the easiest and it works for both XMLA and the Accelerator.
  2. Using Windows authorization:
  3. Using custom authorization – works for the Accelerator, recommended for those who already have an ASP.NET portal that handles authorization.

1. Using roles from Analysis Services

In SQL Server Analysis Services, access rights are provided based on roles. More information about role configuration can be found in this tutorial from Microsoft.

After roles are configured in Analysis Services, they can be specified in Flexmonster reports by using the roles property. This property is available for both XMLA and the Accelerator. The following sample demonstrates how to specify roles:

{
    dataSource: {
        type: "microsoft analysis services",
		// URL to msmdpump.dll 
        proxyUrl: "http://olap.flexmonster.com/olap/msmdpump.dll",
        catalog: "Adventure Works DW Standard Edition",
        cube: "Adventure Works",
        // roles from SSAS, you can add multiple roles separated by comma
        roles: "Sales Manager US"
    }
}

Open the example on JSFiddle.

2.1. Using Windows authorization for XMLA

Starting from version 2.8.2, Windows authorization is available when connecting to SSAS via XMLA.

Follow the steps below to configure Windows authorization for the XMLA connection.

Step 1. Configure XMLA access to the cube

Skip this step if you already have XMLA configured. Otherwise refer to this article: how to set up an HTTP endpoint for accessing an Analysis Services instance.

Step 2. Allow the OPTIONS request

In CORS, the browser sends the OPTIONS preflight request to the server. This request determines which request methods and headers the server allows.

The OPTIONS preflight request cannot contain any credentials, so Windows Integrated Authentication will reject this request and ask for authentication. Thus, the server should always accept the preflight request. To allow the OPTIONS request, see the following guide: CORS tutorial.

Step 3: Configure the data source on the client

Windows authorization should be allowed on the client side as well. To enable the authorization on the client, set the withCredentials property of the Data Source Object to true:

var pivot = new Flexmonster({
    container: "pivotContainer",
    toolbar: true, 
    report: {
        dataSource: {
            type: "microsoft analysis services",
            proxyUrl: "http://localhost/OLAP/msmdpump.dll",
            catalog: "Adventure Works DW Standard Edition",
            cube: "Adventure Works",
            withCredentials: true
        }
    },
    licenseKey: "XXXX-XXXX-XXXX-XXXX-XXXX"
});

After applying the configurations, the requests to Microsoft Analysis Services will be performed using your current Windows user.

2.2. Using Windows authorization for Flexmonster Accelerator

Starting from version 2.8.5, Windows authorization is supported for Flexmonster Accelerator. 

Below is a detailed guide on how to configure Windows authorization for Flexmonster Accelerator.

Step 1: Enable authorization on the server

Windows authorization on the server side can be enabled in the flexmonster.config file – a special configuration file for Flexmonster Accelerator. In this file, set the WINDOWS_AUTH property to true to enable the authorization:

WINDOWS_AUTH=true

Step 2: Specify origins from which requests should be accepted

When enabled, the authorization requires certain origins to be defined in the Access-Control-Allow-Origin header. Origin is a domain that sends requests to Flexmonster Accelerator (e.g., http://localhost:8080 or https://example.com). To allow the origin to send requests to the Accelerator, specify the ALLOW_ORIGIN property in the flexmonster.config file:

ALLOW_ORIGIN=http://localhost:8080

Several origins can be defined as follows:

ALLOW_ORIGIN=http://localhost:8080, https://example.com

Step 3: Configure the data source on the client

Windows authorization should be allowed on the client side as well. To enable the authorization on the client, set the withCredentials property of the Data Source Object to true: 

var pivot = new Flexmonster({
    container: "pivotContainer",
    toolbar: true, 
    report: {
        dataSource: {
            type: "microsoft analysis services",
            proxyUrl: "http://localhost:50005",
            catalog: "Adventure Works DW Standard Edition",
            cube: "Adventure Works",
            binary: true,
            withCredentials: true
         }
    },
    licenseKey: "XXXX-XXXX-XXXX-XXXX-XXXX"
});

To apply the configurations, restart Flexmonster Accelerator. You can check if the Accelerator is up and running by navigating to its URL in the browser (http://localhost:50005 by default).

Flexmonster Accelerator will automatically use your current Windows user to perform impersonated requests to Microsoft Analysis Services.

If the page with Flexmonster Pivot is opened in the Incognito browser window, the pop-up window prompting to enter your login and password should appear. After you log in with your Windows user credentials, Flexmonster Accelerator should successfully connect to the data source.

3. Using custom authorization

If you already have an ASP.NET portal that handles users and an authorization process, the most convenient option is to embed the Accelerator into that system. For this purpose, we recommend referring the Accelerator as a DLL and integrating a Web API endpoint. Endpoint access is fully controlled by the ASP.NET portal so you can manage security in any way you want. The overall process is described in the diagram below. For more details regarding referring the Accelerator as a DLL please read our tutorial.

customAuthorization