Menu
Download Free Trial
  1. API reference
  2. Welcome
    1. Component overview
    2. Quickstart
    3. System requirements
    4. Troubleshooting
    5. Managing license keys
  3. Connecting to Data Source
    1. JSON
      1. Connecting to JSON
      2. Data types in JSON
    2. CSV
      1. Connecting to CSV
      2. Connecting to CSV using Compressor
      3. Data types in CSV
    3. Database
      1. Connecting to SQL databases
      2. Connecting to other databases
      3. Connecting to database with .NET
      4. Connecting to database with .NET Core
      5. Connecting to database with Java
      6. Connecting to database with PHP
    4. Microsoft Analysis Services
      1. Connecting to Microsoft Analysis Services
      2. Getting started with Accelerator
      3. Installing Accelerator as a Windows Service
      4. Referring Accelerator as a DLL
      5. Configuring authentication process
      6. Configuring secure HTTPS connection
      7. Troubleshooting
    5. Pentaho Mondrian
      1. Connecting to Pentaho Mondrian
      2. Getting started with Accelerator
      3. Configuring Mondrian roles
      4. Сonfiguring username/password protection
      5. Сonfiguring secure HTTPS connection
      6. Troubleshooting
    6. icCube
  4. Configuring report
    1. What is a report
    2. Data source
    3. Slice
    4. Options
    5. Number formatting
    6. Conditional formatting
    7. Set report to the component
    8. Get report from the component
    9. Date and time formatting
    10. Configuring global options
    11. Export and print
    12. Calculated values
    13. Custom sorting
  5. Integration with frameworks
    1. Available tutorials
    2. Integration with jQuery
    3. Integration with AngularJS
    4. Integration with Angular 2
    5. Integration with Angular 4+
    6. Integration with React
    7. Integration with Webpack
    8. Integration with RequireJS
    9. Integration with TypeScript
    10. Integration with ASP.NET
    11. Integration with JSP
    12. Integration with PhoneGap
  6. Integration with charts
    1. Integration with Highcharts
    2. Integration with FusionCharts
    3. Integration with Google Charts
    4. Integration with any charting library
  7. Customizing
    1. Customizing toolbar
    2. Customizing appearance
    3. Localizing component
  8. Updating to the latest version
    1. Updating to the latest version
    2. Release notes
    3. Migration guide from 2.4 to 2.5
    4. Migration guide from 2.3 to 2.4
    5. Migration guide from 2.2 to 2.3
  9. Older Versions
    1. Documentation 2.3
    2. Documentation 2.2
    3. API reference - Flex
Table of contents

Configuring authentication process

This tutorial explains how to manage authentication process when working with MS Analysis Services.

We suggest three different approaches:

  1. Using roles from Analysis Services – this approach is the easiest, works for both XMLA and Accelerator.
  2. Using Windows username/password protection – works for Accelerator, requires MSMDPUMP configuration.
  3. Using custom authorization – works for Accelerator, recommended for those who already have ASP.NET portal that handles authorization.

1. Using roles from Analysis Services

In SQL Server Analysis Services access rights are provided based on roles. More information about roles configuration can be found in this tutorial from Microsoft.

After roles are configured in Analysis Services, they can be specified in Flexmonster reports by using roles property. This property is available for both XMLA and Accelerator. The following sample demonstrates how to specify roles:

{
    dataSource: {
        dataSourceType: "microsoft analysis services",
		// URL to msmdpump.dll 
        proxyUrl: "http://olap.flexmonster.com/olap/msmdpump.dll",
        catalog: "Adventure Works DW Standard Edition",
        cube: "Adventure Works",
        // roles from MSAS, you can add multiple roles separated by comma
        roles: "Sales Manager US"
    }
}

Open the example on JSFiddle.

2. Using Windows username/password protection

If you want to add username/password protection, you need to use Accelerator and configure MSMDPUMP. Accelerator is required because browser cuts off authorization header added via JavaScript. MSMDPUMP configuration is required because in case of direct connection MSAS ignores username/password from the connection string and uses credentials of current active Windows user.

To configure username/password protection please follow the steps:

Step 1: Configure secure HTTP endpoint for accessing an Analysis Services

First of all, you need to set up HTTP endpoint for Analysis Services on IIS server. If it is already done, skip this step. Regarding IIS configuration, please refer to the MSDN documentation. In this step, you also configure authentication types.

Step 2: Create a default user for Accelerator

One username/password is used in the flexmonster.config file for the Accelerator on the server side. In general, Accelerator will use these credentials if client-side report does not contain own credentials. Also, these credentials are used to start the Accelerator, check connection to the data source and connect anonymous users. So, it is recommended to create a user for Accelerator with default privileges and DO NOT use an admin account for this purpose.

Navigate to Control Panel > Administrative Tools > Computer Management and choose System Tools > Local Users and Groups > Users. Add a new user (i.e. flexmonster) by right-click as shown in the screenshot.

add-user-screen

Step 3: Configure Accelerator

Open flexmonster.config and specify following CONNECTION_STRING parameters:

CONNECTION_STRING=Data Source=<endpoint_url>;UID=<username>;Password=<password>;

Where:

  • <endpoint_url> – URL to HTTP endpoint (i.e. http://localhost/ssas/msmdpump.dll)
  • <username> – username of the default user (i.e. flexmonster)
  • <password> – password of the default user

Accelerator is ready to be launched and should successfully connect to the data source. Just run the flexmonster-proxy-ssas.exe with Administrator privileges.

You can check the Accelerator is up and running by navigating to its URL in the browser (i.e. http://localhost:50005).

3. Using custom authorization

If you already have ASP.NET portal that handles users and authorization process, the most convenient option is to embed Accelerator into that system. For this purpose, we recommend referring Accelerator as a DLL and integrate Web API endpoint. Endpoint access is fully controlled by ASP.NET portal so you can manage the security the way you want. The overall process is described in the diagram below. For more details regarding referring Accelerator as a DLL please read our tutorial.

AcceleratorDLL