Currently we a web portal that authenticates with domain\user, also this users have SSAS roles assigned to restrict data. The web portal it’s on a different server that SSAS, so i don’t know if it’s possible to access accelerator with the domain\user used in the portal due to double hop issues. If it’s possible we want to avoid having SSAS and the web portal on the same server.
If i’m not mistaken the accelerator uses NT Authority\System to connect to the cubes but we need to access with a domain\user.
Can you give us a workaround to this issue ?
Thank you for giving us some time.
We recommend trying the approach described in the following GitHub sample: https://github.com/flexmonster/pivot-accelerator-dll/tree/integrated_authentication. The idea is to use Flexmonster Accelerator through .dll as part of your web application.
Here are some key points:
Please let us know in case of any other question.
Sorry for the late response, i was out last week.
Due to security issues i can’t impersonate active directory users, is there another way?
Thank you for your response.
We would like to explain that impersonating the user has lately been the accepted approach, known to work.
Our team kindly asks if you could share with us the alternative solution that you would prefer to use instead.
This will help us to make further progress in solving the issue.
Please let us know what you think.
Looking forward to your reply.
Thanks for your response.
For the moment we will use the role parameter on the report object, until we find a solution that works with our security policies.
Thank you for your reply.
Our team would like to confirm that both using the
role report property and the user impersonation approach are the currently available solutions.
We will inform you in case another approach is introduced.
In return, if you find the desired solution, we will be happy for the feedback.
Please feel free to reach out to us in case of questions.