I need to enable CORS in Reporting Services so that I can download reports from my web application using ajax. What I've learned so far is, that SSRS is no longer using IIS, but http.sys to serve web.requests. Is there a simple way to add CORS support to SSRS (2012)?
Enable CORS for Reporting Services
Asked Answered
I managed to get this working by adding the following code to the global.asax in reportserver directory.
<%@ Application Inherits="Microsoft.ReportingServices.WebServer.Global" %>
<%@ Import namespace="System.Web" %>
<%@ Import namespace="System.Security" %>
<script runat="server">
private static bool init;
private static object lockObject = new object();
void Application_BeginRequest(object sender, EventArgs e)
{
lock(lockObject)
{
if (!init)
{
HttpContext context = HttpContext.Current;
HttpResponse response = context.Response;
string allow = @"Access-Control-Allow-Origin";
// enable CORS
response.AddHeader(allow, "http://yoursourcedomain.com");
response.AddHeader(@"X-Frame-Options", "ALLOW-FROM http://yoursourcedomain.com");
response.AddHeader(@"Access-Control-Allow-Credentials", "true");
if (context.Request.HttpMethod == "OPTIONS")
{
response.AddHeader(@"Access-Control-Allow-Methods", "GET, POST");
response.AddHeader(@"Access-Control-Allow-Headers", "Content-Type, Accept, Authorization");
response.AddHeader(@"Access-Control-Max-Age", "1728000");
response.StatusCode = 200;
response.End();
HttpApplication httpApplication = (HttpApplication)sender;
httpApplication.CompleteRequest();
}
init = true;
}
else
{
init = false;
}
}
}
</script>
HTH cheers Dave
Is there a step you didn't mention in here? it doesn't seem to work? –
Oswin
For SSRS 2017+ (Restful APIs) Connect to the reporting server using SSMS, and make sure you set the service type to Reporting Services on the connection dialogue. Also, if you using a different method of authentication (custom), then set that (config) and enter your username/password of your custom auth, use the configured admin user
Once connected, on the head node "server" right click -> properties -> advanced And you will find all CORS properties, set what you need
Update
Another easier method: Just connect to your SQL server
execute the following
USE [ReportServer] --Need to match the Report Server Configuration Manager DB name
Update ConfigurationInfo
SET Value = '*'
WHERE Name = 'AccessControlAllowHeaders'
Update ConfigurationInfo
Set Value = 'true'
Where name = 'AccessControlAllowCredentials'
Update ConfigurationInfo
Set Value = 'https://where-you-auth-from.com'
Where name = 'AccessControlAllowOrigin'
For those that are using the Microsoft Custom Auth, change the auth method to Forms Authentication and log in with your admin user. –
Devindevina
A similar question last year elicited an answer of "that's not possible, use ReportViewer control" from a Microsoft employee.
using the reportViewer control is not an option as it is slow and clunky. I actually only need to retrieve the excel export of a report and for that the reportserver API would be perfect.. –
Cistern
Your need is understandable, but from what the MS employee said, it may just not be possible via the CORS route since there's nowhere to configure it. If you need to retrieve the excel export, that seems like you could do the retrieval server side then deliver the result. –
Woodhouse
Doing it server side would be an option but the challenge is to get authentication to work correctly. We are using integrated authentication. I've allready managed to get the CORS headers to be set by adding a custom httpmodule to the reportserver web.config. If I could now only convince ajax to pass along the windows auth tokens, I might have a solution. –
Cistern
re: et3rnal's correct answer (there are many ways but this is probably the most straightforward, recommended):
As mentioned you can control request header and CORS settings here.
© 2022 - 2024 — McMap. All rights reserved.