Need a special offer?Find out if your project fits.
+
Get Free Trial
Get Free Trial

How to access flexmonster accelerator with domain user?

posted on April 3rd, 2020

Answered
Mauel Santizo asked on April 3, 2020

Hi, 
Currently we a web portal that authenticates with domain\user, also this users have SSAS roles assigned to restrict data. The web portal it's on a different server that SSAS, so i don't know if it's possible to access accelerator with the domain\user used in the portal due to double hop issues. If it's possible we want to avoid having SSAS and the web portal on the same server.
If i'm not mistaken the accelerator uses NT Authority\System to connect to the cubes but we need to access with a domain\user.
Can you give us a workaround to this issue ?
Kind Regards, 
Diego

5 answers

Public
Dmytro Zvazhii Dmytro Zvazhii Flexmonster April 8, 2020

Hello Manuel,
Thank you for giving us some time.
We recommend trying the approach described in the following GitHub sample: https://github.com/flexmonster/pivot-accelerator-dll/tree/integrated_authentication. The idea is to use Flexmonster Accelerator through .dll as part of your web application.
Here are some key points:

  • To enable passing user's identity to the server you need to use withCredentials property, as described here. Please note that it was added in the version 2.8.3, so please make sure that you are using an appropriate version of Flexmonster.
  • In the controller, it overrides OnRequest method to hook up the user identity before each Accelerator's method
  • This identity is used in custom WinImpersonator that impersonates the user and opens a connection to SSAS server (see FlexmonsterConfig.cs)
  • Visual Studio should be launched "As Administrator" to work properly with the impersonation
  • For testing, you can check currently logged in user using `/api/controllers/test` endpoint

Please let us know in case of any other question.
Regards,
Dmytro

Public
Mauel Santizo April 15, 2020

Sorry for the late response, i was out last week. 
Due to security issues i can't impersonate active directory users, is there another way?
Kind Regards

Public
Vera Didenko Vera Didenko Flexmonster April 17, 2020

Hello, Mauel,
 
Thank you for your response. 
 
We would like to explain that impersonating the user has lately been the accepted approach, known to work. 
Our team kindly asks if you could share with us the alternative solution that you would prefer to use instead. 
 
This will help us to make further progress in solving the issue.
 
Please let us know what you think.
 
Looking forward to your reply.
 
Kind regards,
Vera

Public
Mauel Santizo April 20, 2020

Hi Vera, 
Thanks for your response. 
For the moment we will use the role parameter on the report object, until we find a solution that works with our security policies. 
 
Kind regards, 
Manuel

Public
Vera Didenko Vera Didenko Flexmonster April 21, 2020

Hello, Manuel,
 
Thank you for your reply.
 
Our team would like to confirm that both using the role report property and the user impersonation approach are the currently available solutions.
We will inform you in case another approach is introduced.
 
In return, if you find the desired solution, we will be happy for the feedback.
Please feel free to reach out to us in case of questions.
 
Kind regards,
Vera

Please login or Register to Submit Answer