#1 2019-03-25 02:38:14

aditi.raiter
Member
Registered: 2018-05-01
Posts: 26

URL Reports

Hi

Report Server has generated a std url with username and password on a specific report with the format :

http://SERVER:PORT/reportserverbasedir/reportserver/httpauthexport?id=5000&user=exportuser&apikey=79PKXGScP8r8&format=HTML&download=false

This has caused a security concern since anybody outside the company network could see the data.

What is the recommended solution for exposing internal website to external users? Can the behavior be changed so that when I type the above url, the system would still mandate me to login to the application.

Thanks
Aditi

Offline

#2 2019-03-25 07:57:36

eduardo
Administrator
Registered: 2016-11-01
Posts: 1,250
Website

Re: URL Reports

Hi Aditi,

the APIKEY is used for bypassing user login together with httpauthexport. The APIKEY should be known only to users being able to open the report exported.

If you need reportserver login, you can use reportexport instead of httpauthexport. More details here: https://reportserver.net/en/guides/admi … a-the-URL/

Regards,
Eduardo

Offline

Board footer

Powered by FluxBB