Reputation: 446
Custom Authentication in PowerBI
I'm looking a solution to combine Power BI authentication and a web application. We authenticate our users using existing web application and let them see the dashboard and reports in Power BI portal, the existing users are external customers who don't have internal AD accounts.
Following solution will redirect user to a login page always. https://github.com/Microsoft/Reporting-Services/tree/master/CustomSecuritySample
But what I need is that once the user has been authenticated using our web application, Power BI let the users see the dashboards without any more authentication.
Upvotes: 7
Views: 8028
Answers (3)
Reputation: 43
I forked Microsoft's Custom Security Sample to do just what you are describing (needed the functionality at a client long ago and reimplemented as a shareable project on GitHub).
https://github.com/sonrai-LLC/ExtRSAuth
I created a YouTube walkthrough as well to show how one can extend and debug SSRS security with this ExtRSAuth SSRS security assembly https://www.youtube.com/watch?v=tnsWChwW7lA
TL; DR; just bypass the Microsoft example auth check in Login.aspx.cs and put your auth in Page_Load() or Page_Init() event of Login.aspx.cs- wherever you want to perform some custom logging check- and then immediately redirect auth'd user to their requested URI.
Upvotes: 1
Reputation: 1986
I understand that you are using PowerBI Report Server and want to change it to not use AD authentication which it does by default.
The repo you linked does this by prompting credentials and verifying them internally.
If you want Report Server to inherit your app authentication you need to modify CustomSecuritySample to not prompt the user login and pass credentials yourself.
For example you could modify Logon.aspx.cs Page_Load() method to read credentials from a shared cookie, verify them with your internal authentication mechanism and call FormsAuthentication.RedirectFromLoginPage(...).
AuthenticationUtilities.cs implements credential checking.
You will need to implement some secure way of authenticating users, for example using expiring tokens. You will likely need to extend your internal authentication for this.
In addition to this, you will need to manage report/folder permissions. Depending on how many users you have and unless all users have access to the same reports, you may want to look into REST APIs for Power BI Report Server
Upvotes: 2
Reputation: 13450
You need to embed reports in your application, implementing "app own data" scenario. Basically, your app uses a single Power BI account (master account) to access the reports, while your users are authenticated in your application in another way. Microsoft provides good examples how to do this.
Essentially, you need to use ADAL to authenticate your master account and get an access token. Having this access token, you can use Power BI REST API to enumerate the reports, dashboards or tiles in some workspace (or to enumerate all workspaces), obtain the embedUrl of some report (or dashboard, or tile), generate an access token for it and embed it in your application. In this case your users doesn't need Power BI accounts at all.
Upvotes: 2
Related Questions
- How to store credentials in Power BI DataConnector?
- Not able to App Only Authentication with Power BI Embedding using service principal
- What are the Powerbi-embedded authentication options?
- Power BI - Programmatically sign in
- how to connect to Power BI API using non-interactive authentication?
- Creating a login for PowerBI dashboard?
- Single Sign-On When Using PowerBI REST API
- PowerBI authentication C#
- Persist Authentication in Web App with Power BI
- AD Authentication in Power BI