☝️Small business or a startup? See if you qualify for our special offer.
+
All documentation
  • Introduction
  • Connecting to data source
    1. Supported data sources
    2. Connecting to other data sources
  • Browser compatibility
  • Documentation for older versions
  • Managing authentication and data access

    This tutorial explains how to manage authentication and data access when working with SQL Server Analysis Services using Flexmonster Accelerator. We support three different approaches:

    1. Using roles from Analysis Services
    2. Using Windows authentication
    3. Using custom authorization — recommended for those who already have an ASP.NET portal that handles authorization.

    Using roles from Analysis Services

    In SQL Server Analysis Services, access rights are provided based on roles. For more information about role configuration, visit Microsoft documentation on roles and permissions.

    After roles are configured in Analysis Services, you can specify them in the dataSource.roles property when connecting Flexmonster Pivot to SSAS:

    dataSource: { 
    type: "microsoft analysis services",
    // A flag to use the Accelerator instead of XMLA
    binary: true,
    // URL to Flexmonster Accelerator
    proxyUrl: "https://olap.flexmonster.com:8085/FlexmonsterProxy/",
    catalog: "Adventure Works DW Standard Edition",
    cube: "Adventure Works",
    // Roles from SSAS
    // To add multiple roles, separate them with a comma
    roles: "Sales Manager US"
    }

    Live example

    Using Windows authentication

    Prerequisites:

    Configuring Windows authentication depends on how the Accelerator is used in your project: as a Windows Service or as a DLL.

    Accelerator as a Windows Service

    Step 1. Enable authentication in the Accelerator

    Step 1.1. Go to Flexmonster Accelerator Manager and select the Config button. The flexmonster.config file will be opened.

    Step 1.2. In flexmonster.config, set the WINDOWS_AUTH property to true:

    WINDOWS_AUTH=true

    Step 2. Specify origins from which requests should be accepted

    When the authentication is enabled, the Access-Control-Allow-Origin header must list particular origins. Origin is a domain that sends requests to Flexmonster Accelerator (e.g., http://localhost:8080 or https://example.com).

    To allow an origin to send requests to the Accelerator, specify the origin in the ALLOW_ORIGIN property in the flexmonster.config file:

    ALLOW_ORIGIN=http://localhost:8080

    Several origins can be defined as follows:

    ALLOW_ORIGIN=http://localhost:8080, https://example.com

    Step 3. Restart the Accelerator

    To apply new configs, restart the Accelerator using Flexmonster Accelerator Manager: select the Stop button and then select Start.

    You can check if the Accelerator is up and running by navigating to its URL in the browser (http://localhost:50005 by default).

    Step 4. Enable authentication in Flexmonster Pivot

    Windows authentication must be enabled on the client side as well. To enable the authentication in Flexmonster, set the dataSource.withCredentials property to true:

    const pivot = new Flexmonster({
    container: "pivotContainer",
    toolbar: true,
    report: {
    dataSource: {
    type: "microsoft analysis services",
    binary: true,
    proxyUrl: "http://localhost:50005",
    catalog: "Adventure Works DW Standard Edition",
    cube: "Adventure Works",
    withCredentials: true
    }
    }
    });

    Flexmonster Accelerator will automatically use your current Windows user to perform impersonated requests to Microsoft Analysis Services.

    If the page with Flexmonster Pivot is opened in the Incognito browser window, the pop-up window prompting you to enter your login and password should appear. After you log in with your Windows user credentials, Flexmonster Accelerator should successfully connect to SSAS.

    Note To protect your data further, enable HTTPS connection for Flexmonster Accelerator.

    Accelerator as a DLL

    This guide contains the following sections:

    Run the sample project with Windows authentication

    To illustrate how Windows authentication can be configured when the Accelerator is used as a DLL, we added the windows-authentication branch to our sample Accelerator DLL project.

    To run the sample project, complete these steps:

    Step 1. To get our sample project, download it as ZIP or clone it with the following command:

    git clone -b windows-authentication https://github.com/flexmonster/pivot-accelerator-dll

    Step 2. Open the sample project in Visual Studio using the Flexmonster Accelerator MVC.sln solution file.

    Step 3. Open the FlexmonsterConfig.cs file and specify your data source (e.g., localhost):

    public static void Register()
    {
    Flexmonster.Accelerator.Controllers.FlexmonsterProxyController
    .ConnectionString = "Data Source=<your data source>";
    // Other configurations
    }

    Step 4. Open the Index.cshtml view and set your values for the catalog and cube properties:

    dataSource: {
      dataSourceType: "microsoft analysis services",
      proxyUrl: "/api/accelerator/",
      catalog: "<your catalog>",
      cube: "<your cube>",
      binary: true,
      withCredentials: true
    }

    Step 5. Find and open the pivot-accelerator-dll/.vs/Flexmonster Accelerator MVC/config/applicationhost.config file.

    Note The .vs/ folder appears after opening the project in Visual Studio and is hidden by default. See the Microsoft documentation for guidance on displaying hidden folders.

    Step 6. In applicationhost.config, find the <section> element with the anonymousAuthentication name and set the overrideModeDefault attribute to Allow. Then, do the same for the element with the windowsAuthentication name:

    <sectionGroup name="security">
    // ...
    <sectionGroup name="authentication">
    <section name="anonymousAuthentication" overrideModeDefault="Allow" />
    <section name="windowsAuthentication" overrideModeDefault="Allow" />
    // ...
    </sectionGroup>
    // ...
    </sectionGroup>

    Step 7. Run the sample project by selecting the IIS Express button on the toolbar:

    The IIS Express button on the toolbar

    To see the result, open http://localhost:55158/ in your browser. Flexmonster Accelerator will automatically use your current Windows user to perform impersonated requests to Microsoft Analysis Services.

    Configure Windows authentication in your application

    Now let’s see which configurations you should set to enable Windows authentication in your project:

    Step 1. In the file where the Accelerator is configured, enable authentication on the Accelerator's side:

    Flexmonster.Accelerator.Controllers.FlexmonsterProxyController.ConnectionString = "Data Source=localhost";
    Flexmonster.Accelerator.Controllers.FlexmonsterProxyController
    .AuthEnabled = true;
    Flexmonster.Accelerator.Controllers.FlexmonsterProxyController
    .Impersonator = new WindowsImpersonatorFactory();
    // Other configurations

    In our sample project, these configurations are set in the FlexmonsterConfig.cs file.

    Step 2. In the Web.config file, specify the <security> element to define authentication configurations for the server:

    <system.webServer>
    <!-- Other tags -->
    <security>
    <authentication>
    <anonymousAuthentication enabled="true" />
    <windowsAuthentication enabled="true" />
    </authentication>
    <authorization>
    <remove users="*" roles="" verbs=""/>
    <add accessType="Allow" users="?" verbs="OPTIONS"/>
    <add accessType="Deny" users="?" verbs="GET,PUT,POST,DELETE"/>
    <add accessType="Allow" roles="Users" />
    </authorization>
    </security>
    <!-- Other tags -->
    </system.webServer>

    See how this configuration is set in our sample project.

    Learn more about the <security> element in the Microsoft documentation.

    Step 3. In your IIS configurations, find and open the applicationhost.config file. Then, find the <section> element with the anonymousAuthentication name and set the overrideModeDefault attribute to Allow. Do the same for the element with the windowsAuthentication name:

    <sectionGroup name="security">
    // ...
    <sectionGroup name="authentication">
    <section name="anonymousAuthentication" overrideModeDefault="Allow" />
    <section name="windowsAuthentication" overrideModeDefault="Allow" />
    // ...
    </sectionGroup>
    // ...
    </sectionGroup>

    Step 4. Set the dataSource.withCredentials property to true in your .cshtml page with Flexmonster (e.g., Index.cshtml):

    dataSource: {
    type: "microsoft analysis services",
    binary: true,
    proxyUrl: "/api/accelerator/",
    catalog: "Your Catalog",
    cube: "Your Cube",
    withCredentials: true
    },

    Check out our sample project to see how withCredentials is specified.

    Windows authentication is now used in your project with the Accelerator as a DLL.

    Using custom authorization

    If you already have an ASP.NET portal that handles users and an authorization process, the most convenient option is to embed the Accelerator into that system. For this purpose, we recommend referencing the Accelerator as a DLL and integrating a Web API endpoint. Endpoint access is fully controlled by the ASP.NET portal, so you will be able to manage security in any way you want. The overall process is shown on the diagram:

    customAuthorization

    See also