Search Results

Search found 3227 results on 130 pages for 'anonymous guy'.

Page 38/130 | < Previous Page | 34 35 36 37 38 39 40 41 42 43 44 45  | Next Page >

  • Custom binding with WCF

    - by user67240
    I have a wcf service where i have to implement the call backs and also i need to host the wcf service on the IIS 6.0, since IIS6.0 doesnot support the net.tcp binding, i decided to go for the custom binding. The reasons for going for custom binding is that the service is accessed by different clients in different timezones. Using custom binding i can set the allowed clock skew time to other values other than the default one. I have problem making the custom binding work for me. here is the server config file <bindings> <customBinding> <binding name="pscNetBinding" openTimeout="00:10:00"> <reliableSession acknowledgementInterval="00:00:00.2000000" flowControlEnabled="true" inactivityTimeout="23:59:59" maxPendingChannels="128" maxRetryCount="8" maxTransferWindowSize="128" ordered="true" /> <compositeDuplex /> <oneWay maxAcceptedChannels="128" packetRoutable="false"> <channelPoolSettings idleTimeout="00:10:00" leaseTimeout="00:10:00" maxOutboundChannelsPerEndpoint="10" /> </oneWay> <textMessageEncoding maxReadPoolSize="64" maxWritePoolSize="16" messageVersion="Default" writeEncoding="utf-8"> <readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" /> </textMessageEncoding> <httpTransport manualAddressing="false" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" allowCookies="false" authenticationScheme="Anonymous" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" keepAliveEnabled="true" maxBufferSize="2147483647" proxyAuthenticationScheme="Anonymous" realm="" transferMode="Buffered" unsafeConnectionNtlmAuthentication="false" useDefaultWebProxy="true"/> </binding> </customBinding> </bindings> <services> <service name="SchneiderElectric.PSCNet.Server.Services.PSCNetWCFService" behaviorConfiguration="Behaviors1"> <host> <baseAddresses> <add baseAddress ="http://10.155.18.18:2000/PSCNet"/> </baseAddresses> </host> <endpoint address="" binding="customBinding" bindingConfiguration="pscNetBinding" contract="SchneiderElectric.PSCNet.Server.Contracts.IPSCNetWCFService"/> </service> </services> <behaviors> <serviceBehaviors> <behavior name="Behaviors1"> <serviceMetadata httpGetEnabled = "true"/> <!--<serviceThrottling maxConcurrentCalls="2048" maxConcurrentSessions="2048" maxConcurrentInstances="2048" /> <dataContractSerializer maxItemsInObjectGraph="2147483647" />--> </behavior> </serviceBehaviors> </behaviors> and here the client config file <bindings> <customBinding> <binding name="pscNetBinding" openTimeout="00:10:00"> <reliableSession acknowledgementInterval="00:00:00.2000000" flowControlEnabled="true" inactivityTimeout="23:59:59" maxPendingChannels="128" maxRetryCount="8" maxTransferWindowSize="128" ordered="true" /> <compositeDuplex /> <oneWay maxAcceptedChannels="128" packetRoutable="false"> <channelPoolSettings idleTimeout="00:10:00" leaseTimeout="00:10:00" maxOutboundChannelsPerEndpoint="10" /> </oneWay> <textMessageEncoding maxReadPoolSize="64" maxWritePoolSize="16" messageVersion="Default" writeEncoding="utf-8" > <readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" /> </textMessageEncoding > <httpTransport manualAddressing="false" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" allowCookies="false" authenticationScheme="Anonymous" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" keepAliveEnabled="true" maxBufferSize="2147483647" proxyAuthenticationScheme="Anonymous" realm="" transferMode="Buffered" unsafeConnectionNtlmAuthentication="false" useDefaultWebProxy="true" /> </binding> </customBinding> </bindings> <client> <endpoint address="http://10.155.18.18:2000/PSCNet" binding="customBinding" bindingConfiguration="pscNetBinding" contract="PSCNetWCFService.IPSCNetWCFService" name="pscNetBinding" /> </client> if i use the server and client on the same machine everything works fine. But as soon as i run the server and client on different machine i get the following error "Could not connect to http://10.155.18.198:9000/e60ba5b3-f979-4922-b9f8-c820caaa04c2. TCP error code 10060: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 10.155.18.198:9000." Can anyone in the community help me in this regard.

    Read the article

  • Using ftplib for multithread uploads

    - by Arty
    I'm trying to do multithread uploads, but get errors. I guessed that maybe it's impossible to use multithreads with ftplib? Here comes my code: class myThread (threading.Thread): def __init__(self, threadID, src, counter, image_name): self.threadID = threadID self.src = src self.counter = counter self.image_name = image_name threading.Thread.__init__(self) def run(self): uploadFile(self.src, self.image_name) def uploadFile(src, image_name): f = open(src, "rb") ftp.storbinary('STOR ' + image_name, f) f.close() ftp = FTP('host') # connect to host, default port ftp.login() # user anonymous, passwd anonymous@ dirname = "/home/folder/" i = 1 threads = [] for image in os.listdir(dirname): if os.path.isfile(dirname + image): thread = myThread(i , dirname + image, i, image ) thread.start() threads.append( thread ) i += 1 for t in threads: t.join() Get bunch of ftplib errors like raise error_reply, resp error_reply: 200 Type set to I If I try to upload one by one, everything works fine

    Read the article

  • Can IIS admin change password of Windows Service account

    - by sweta Jha
    We have a service account defined for anonymous access which is used for several web sites hosted on the web server. This account has access to several network resources like report server, file servers and so on. While deploying a new web site, we used the same service account for anonymous access. IIS takes the username/password for the account and then a dialog opens for confirm password. Accidently, we gave a wrong password in both the text boxes, the new site with wrong password is working fine but all other previously hosted sites which were using the service account, started giving the unautorized access error. Is it possible that when we entered wrong password for the new web site, the password of the account got reset and all sites stopped functioning?

    Read the article

  • create manually parameter ReturnUrl

    - by user276640
    i have view like 'home/details/5', it can be access by anonymous user. but there is button, which can be pressed only by registered users. no problem, i can look into Request.IsAuthenticated , and if anonymous i show button login instead of secret button but the problem- when press login i can lose address and parameters of page. how can i create login button and pass a parameter ReturnUrl ? something like <%= Html.ActionLink("enter to buy", "LogOn", "Account", new { ReturnUrl = path to view with route value })%> i see only stupid solution <%= Html.ActionLink("enter to buy", "LogOn", "Account", new { ReturnUrl = "home/details/" + ViewContext.RouteData.Values["id"] })%> but i don't like to hard code names of controller

    Read the article

  • Coldfusion 9 installation problem with IIS7

    - by Saul
    Windows web server 2008 R2 64 bit, CF9 64 bit, IIS7, ISAPI extensions and filters and II6 metabase compatability installed. OS is on C default, and trying to install CF to D: Testing IIS and it shows index.html correctly from c:\inetpub\wwwroot at http://localhost/index.html Then I install CF to D:\ , single standard server licence, select run with all IIS sites, select C:\inetpub\wwwroot as the web root for administrator, and when it gets to the bit where it is supposed to open up administrator to complete the installation it opens up the browser with a 500 error. Now when I go back to http://localhost/index.html I also get a 500 error, if i uninstall CF I can again reach the html page. CFIDE has been installed in C:\inetpub\wwwroot presumably correctly. Can anyone tell me where I'm going wrong please. Update The exact IIS error is HTTP Error 500.0 - Internal Server Error The page cannot be displayed because an internal server error has occurred. Module IsapiModule Notification ExecuteRequestHandler Handler AboMapperCustom-28262 Error Code 0x800700c1 Requested URL http://127.0.0.1:80/test.htm Physical Path C:\inetpub\wwwroot\test.htm Logon Method Anonymous Logon User Anonymous

    Read the article

  • unable to open SSRS reports from domain IP

    - by Lalit
    Hi, I have developed the SSRS reports. It is running fine locally. but after deployed on the domain server it showing exception XML Parsing Error: no element found Location: http://{MyDomainIP}:{port}/Reports/Pages/Folder.aspx Line Number 1, Column 1: I have deployed these reports under the windows authentication . since I tried to give anonymous access so that I can access it, But in IIS I could not found the virtual directory regarding these reports. so where are they deployed ? I could not understand how it is not permitting to the Admin account to show the reports. Please guide me I am using IIS 6.0 , SQL server2008 R2. I am totally new for the this kind of stuff. Edited: how can we give the anonymous access to the SSRS reports? It should not ask for username and password.I know we can do this by IIS , but some how I can not found my SSRS virtual directory. how can i do that ?

    Read the article

  • Using Java Reflections to retrieve member classes

    - by darkie15
    Hi All, I am using .getDeclaredClasses() method to retrieve all the classes that have been defined in object. However, I am not able to retrieve anonymous classes defined in the class. Here is the code sample that I am testing: public class TempCodes { public static void main(String[] args) { Ball b = new Ball() { public void hit() { System.out.println("You hit it!"); } }; b.hit(); } interface Ball { void hit(); } } and this is what my code does: memClass = className.getDeclaredClasses(); if (memClass .length > 0) { for (int index = 0 ; index < memClass .length ; index++) { System.out.println("\t\t\t" + memClass [index]); } } Can anyone help me understand how to retrieve the anonymous class? Regards, darkie

    Read the article

  • How do I check out Eclipse projects from CVS using the command line

    - by Jeff James
    Hi. I'm trying to check out the Mylyn project from Eclipse. However, I can't use Eclipse to check out the projects and am having to do it via the command line. I'm behind a firewall so am basing my attempt on http://wiki.eclipse.org/CVS_Howto#CVS_and_firewalls. I'm not very familiar with CVS. When I run my CVS command, it fails to connect: cvs -td :pserver:[email protected]:443/cvsroot/tools checkout mylyn -> main: Session ID is w4PO5KiMwQmaD6uu -> main loop with CVSROOT=/cvsroot/tools -> safe_location( where=(null) ) -> open_connection_to_server (:pserver:[email protected]:443/cvsroot/tools) -> Connecting to proxy.eclipse.org(206.191.52.48):443. cvs [checkout aborted]: unrecognized auth response from proxy.eclipse.org: SSH-1.99-OpenSSH_4.2 Can anyone tell me what I'm doing wrong? Thanks

    Read the article

  • Apache Commons Net FTPClient and listFiles()

    - by Vladimir
    Can anyone explain me what's wrong with the following code? I tried different hosts, FTPClientConfigs, it's properly accessible via firefox/filezilla... FTPClientConfig config = new FTPClientConfig(FTPClientConfig.SYST_L8); FTPClient client = new FTPClient(); client.configure(config); client.connect("c64.rulez.org"); client.login("anonymous", "anonymous"); client.enterRemotePassiveMode(); FTPFile[] files = client.listFiles(); Assert.assertTrue(files.length > 0);

    Read the article

  • Why is my JavaScript Twitter feed not working in Internet Explorer?

    - by JAG2007
    We're rolling out a redesign of helpcurenow.org, and we've implemented a Twitter feed in the footer. (I'm the design & front end guy, my coworker is the scripting & backend guy). All is well with the Twitter feed in all major browsers except internet explorer, version 8 and later. However we have no clue why IE is not pulling the feed at all. Any hints?? http://betawww.helpcurenow.org/ (look in footer)

    Read the article

  • Reload external javascript after asynchronous postback via UpdatePanel

    - by Protector one
    I have an external javascript on my page, e.g. something like: <script src="http://foo.com/script.js" type="text/javascript"></script> and an UpdatePanel somewhere. The script writes some content, and does this from within an anonymous javascript function in the js file. I.e., there is something like this in the script: (function(){document.write('content');})(); Whenever the UpdatePanel is updated through asynchronous postback, everything the script did (or any javascript on my page, for that matter) is made undone. For normal javascript, I would just use: Sys.WebForms.PageRequestManager.getInstance().add_endRequest(myFunction) to redo all that, but since the function in the script source file is anonymous and called upon definition, I'm SOL! Any ideas? Note: the external js source is from another domain and its content is out of my control.

    Read the article

  • setting page access permissions in drupal

    - by Nikhil Patil
    I'm new to drupal. Its a very dumb question I guess. I have enabled PHP filter module so that I can create a new page with my own PHP code in it. This particular page I want to be accessible to only authenticated users, not visible to anonymous users. How can I achieve this? Can I set permissions for individual pages in drupal? Or is it possible to identify that an anonymous user is trying to access the current page through PHP code?

    Read the article

  • Double hop SQL delegation not working

    - by eKoz
    I've been trying to diagnose this for some time, and unfortunately Im still getting the dreaded anonymous logon issue when trying to connect to a sql db as a domain user. Steps taken: App Pool created with delegation service acct Site / Virtual dir running with Integrated Windows auth only Made sure site itself can use kerberos KB 215383 Service acct added to IIS_WPG group Service acct added to "act as part of operating system" under Local Security settings Service acct added to Log on as service under Local Security Settings HTTP SPN set for web address + service account (and FQDN) MSSQLSvc SPN set for sql box and domain acct sql is running as Trust for delegation turned on service acct, specified services, and sql service acct After all this, Im still getting the exact same error from when I started. Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'. This has advanced my balding by at least 5 years so far. I would greatly appreciate any additional tips on diagnosing or setting up.

    Read the article

  • acquia drupal error after installing via web platform on iis 7.5

    - by Binder
    I just installed Acquia Drupal using the web platform installer. The entire process went smoothly but when i try to browse the website it say "HTTP Error 404.0 - Not Found The resource you are looking for has been removed, had its name changed, or is temporarily unavailable." Detailed Error Information Module FastCgiModule Notification ExecuteRequestHandler Handler PHP_via_FastCGI Error Code 0x00000000 Requested URL http://localhost:8088/index.php Physical Path C:\inetpub\wwwroot\acquia-drupal\index.php Logon Method Anonymous Logon User Anonymous I'm running IIS 7.5 on windows 7. Please help i've been stuck on this since 2 days now.

    Read the article

  • In Javascript, a function starts a new scope, but we have to be careful that the function must be in

    - by Jian Lin
    In Javascript, I am sometimes too immerged in the idea that a function creates a new scope, that sometimes I even think the following anonymous function will create a new scope when it is being defined and assigned to onclick: <a href="#" id="link1">ha link 1</a> <a href="#" id="link2">ha link 2</a> <a href="#" id="link3">ha link 3</a> <a href="#" id="link4">ha link 4</a> <a href="#" id="link5">ha link 5</a> <script type="text/javascript"> for (i = 1; i <= 5; i++) { document.getElementById('link' + i).onclick = function() { var x = i; alert(x); return false; } } </script> but in fact, the anonymous function will create a new scope, that's right, but ONLY when it is being invoked, is that so? So the x inside the anonymous function is not created, no new scope is created. When the function was later invoked, there is a new scope alright, but the i is in the outside scope, and the x gets its value, and it is all 6 anyways. The following code will actually invoke a function and create a new scope and that's why the x is a new local variable x in the brand new scope each time, and the invocation of the function when the link is clicked on will use the different x in the different scopes. <a href="#" id="link1">ha link 1</a> <a href="#" id="link2">ha link 2</a> <a href="#" id="link3">ha link 3</a> <a href="#" id="link4">ha link 4</a> <a href="#" id="link5">ha link 5</a> <script type="text/javascript"> for (var i = 1; i <= 5; i++) { (function() { var x = i; document.getElementById('link' + i).onclick = function() { alert(x); return false; } })(); // invoking it now! } </script> If we take away the var in front of x, then it is a global x and so no local variable x is created in the new scope, and therefore, clicking on the links get all the same number, which is the value of the global x.

    Read the article

  • Sharepoint lockout

    - by user301751
    Recently a guy from our 3rd line team thought it would be funny to delete my account from AD. This has now been re-added. Everything is back to normal apart from my Access to Sharepoint sites. I am getting "The file exists. (Exception from HRESULT: 0x80070050)" Error on all sites. After some googleing I came across a guy with the same issue and it was an issue with the SID being different from my old account. Since this I deleted my account from Site Administrators and re-added. This would refresh the SID with the new one. I also check on the Content database that the site ID matched using the following transactions and the SIDs match. select s.Id, w.FullUrl from Sites s inner join Webs w on s.RootWebId = w.Id select * from UserInfo where tp_Login='domain\username' and tp_SiteID='' I am now a bit clueless.

    Read the article

  • classic .net app pool + iis 7.5 + compression modules

    - by user328648
    I have windows 2008 r2 installed on my server, so iis 7.5 is. I am not able run any of the class.net applications on iis. one of the compression modules throws exception. Detailed Error Information Module DynamicCompressionModule Notification SendResponse Handler StaticFile Error Code 0x8007007e Requested URL http://localhost:8081/a.html Physical Path C:\inetpub\TestWebSite\a.html Logon Method Anonymous Logon User Anonymous i tried diferent logon methods, different sites even static html pages are not served. Error never changes. sorry for poor english.

    Read the article

  • Delegate Example From C# In Depth Confusion

    - by ChloeRadshaw
    I am looking at this example: List<Product> products = Product. GetSampleProducts() ; products.Sort( (first, second) => first.Name.CompareTo(second. Name) ) ; foreach (Product product in products) { Console. WriteLine(product) ; } What function is actually called in the API when you do that? Does the compiler create a class which implemnents the IComparer interface? I thought delegates were anonymous methods - Here it seems to be an anonymous interface implementation which is casuing confusion

    Read the article

  • proftpd, dynamic IP, and filezilla: port troubles

    - by Yami
    The basic setup: Two computers, one running proftpd, one attempting to connect via filezilla. Both linux (xubuntu on the server, kubuntu on the client). Both are at the moment behind a router on a residential (read: dynamic IP) connection; the client is a laptop I plan to take away from the home network, so I'll need this to work externally. I have my router set up to allow specific ports forwarded to each machine and, where possible, have plugged in those numbers into proftpd (via gadmin, double-checking the config file) and filezilla. Attempting to connect via active mode using the internal IP works: Status: Connecting to 192.168.1.139:8085... Status: Connection established, waiting for welcome message... Response: 220 Crossroads FTP Command: USER <redacted> Response: 331 Password required for <redacted> Command: PASS ******* Response: 230 Anonymous access granted, restrictions apply Command: OPTS UTF8 ON Response: 200 UTF8 set to on Status: Connected Status: Retrieving directory listing... Command: PWD Response: 257 "/" is the current directory Command: TYPE I Response: 200 Type set to I Command: PORT 192,168,1,52,153,140 Response: 200 PORT command successful Command: LIST Response: 150 Opening ASCII mode data connection for file list Response: 226 Transfer complete Status: Directory listing successful Attempting to connect via the domain name, however, leads to issues; in active mode, the PORT is the last command to be received according to the server's logs, and in passive mode, it's the PASV command. This leads me to believe I'm being redirected to a bad port? Active Sample: Status: Resolving address of <url> Status: Connecting to <ip:port> Status: Connection established, waiting for welcome message... Response: 220 Crossroads FTP Command: USER <redacted> Response: 331 Password required for <redacted> Command: PASS ******* Response: 230 Anonymous access granted, restrictions apply Command: OPTS UTF8 ON Response: 200 UTF8 set to on Status: Connected Status: Retrieving directory listing... Command: PWD Response: 257 "/" is the current directory Command: TYPE I Response: 200 Type set to I Command: PORT 174,111,127,27,153,139 Response: 200 PORT command successful Command: LIST Error: Connection timed out Error: Failed to retrieve directory listing Passive sample: Status: Resolving address of ftp.bonsaiwebdesigns.com Status: Connecting to 174.111.127.27:8085... Status: Connection established, waiting for welcome message... Response: 220 Crossroads FTP Command: USER yamikuronue Response: 331 Password required for yamikuronue Command: PASS ******* Response: 230 Anonymous access granted, restrictions apply Command: OPTS UTF8 ON Response: 200 UTF8 set to on Status: Connected Status: Retrieving directory listing... Command: PWD Response: 257 "/" is the current directory Command: TYPE I Response: 200 Type set to I Command: PASV Response: 227 Entering Passive Mode (64,95,64,197,101,88). Command: LIST Error: Connection timed out Error: Failed to retrieve directory listing In both cases, the log file ends at "PORT" or "PASV" - there's no record of ever receiving a "LIST" command. Just above that I can see the attempt to connect actively via the internal IP, which does indeed include a LIST command. My config file includes "PassivePorts 20001-26999", which are the port forwards I set up for the ftp server, and "Port 8085", which is also forwarded to the same machine. I also have a MasqueradeAddress set up to prevent it from reporting its internal IP, which was an earlier issue I had. I think what I'm asking is, is there another setting someplace I have to change to get this setup to work?

    Read the article

  • Exchange Mail Flow

    - by Tuck918
    Hello. I have a question. We have one Exchange 2003 server and two Exchange 2007 servers. Most all of our mailboxes are on 2007 but we do still have one shared mailbox, unity mailbox and a journling mailbox on 2003. Public Folders have been set to replicate to 2007. I have set up a send connector on 2007 with a cost of 1. Receive connectors have Anonymous Users checked on 2007. On 2003 there are two connectors: the Internet Email connector and the connector that connects 2003 to 2007. We have a SPAM filtering device that email goes through before it is handed off to Exchange. The SPAM filtering device is set to send email to one of our Exchange 2007 servers. Here is my question/problem: Even though the SPAM filtering device is set to forward email to Exchange 2007, somehow all of our email is still going through the Exchange 2003 server before it finally hits the users mailboxes on the Exchange 2007 server. How can I change it so that all email goes directly to Exchange 2007 and never routes through Excahnge 2003 both ways, inbound and outbound? Would also like to add: In the EMC under Org- Hub- Send Connector there are two connectors. One is the "Internet Connector" from the 2003 box and the other is the new one I created. THe address space on the 2003 one is set to a cost of 2, no smart hosts and the 2003 box is listed as the Source Server. THe other Send Connector has an address space of 1, no smart host and has the 2 excahnge 2007 servers listed as the source servers. In EMC under Server- Hub- my two exchange 2007 servers are listed. Each one has 2 receive connectors. Both Recieve Connectors are setup the same way. THe Default Receive Connector has Anonymous Users checked. The other Recieve Connector is labled "Client" and I am not sure what it does or why its there. Anonymous Users are not checked. No smart hosts configured on 2003. Additional details Currently we have 3 excahnge servers. One exchange 2003 server and two excahnge 2007 servers. THe exchange 2003 server is the acting "bridgehead" serverand all email is routing through this server, inbound and outbound. We are wanting to decommission this server and use our two exchange 2007 servers as our mailbox servers. All of of user mailboxes are already on one of the exchange 2007 boxes and we want to put whats left on the exchange 2003 box on our other excahnge 2007 box. Both excahnge 2007 servers are currently CAS, HT and MB servers. We have a SPAM filtering device that sits between our excahnge servers and the firewall and have it configured to send messages to one of the excahgne 2007 servers but when we look at the message headers we can see that messgaes are still being routed to the excahnge 2003 box. We want to bypass the exchange 2003 in the routing process as it is dying and is starting to have major issues so everytime it goes down our email is down. Is there possible some sort of AD routing link/site link stuff going on?

    Read the article

  • Enabling Kerberos Authentication for Reporting Services

    - by robcarrol
    Recently, I’ve helped several customers with Kerberos authentication problems with Reporting Services and Analysis Services, so I’ve decided to write this blog post and pull together some useful resources in one place (there are 2 whitepapers in particular that I found invaluable configuring Kerberos authentication, and these can be found in the references section at the bottom of this post). In most of these cases, the problem has manifested itself with the Login failed for User ‘NT Authority\Anonymous’ (“double-hop”) error. By default, Reporting Services uses Windows Integrated Authentication, which includes the Kerberos and NTLM protocols for network authentication. Additionally, Windows Integrated Authentication includes the negotiate security header, which prompts the client to select Kerberos or NTLM for authentication. The client can access reports which have the appropriate permissions by using Kerberos for authentication. Servers that use Kerberos authentication can impersonate those clients and use their security context to access network resources. You can configure Reporting Services to use both Kerberos and NTLM authentication; however this may lead to a failure to authenticate. With negotiate, if Kerberos cannot be used, the authentication method will default to NTLM. When negotiate is enabled, the Kerberos protocol is always used except when: Clients/servers that are involved in the authentication process cannot use Kerberos. The client does not provide the information necessary to use Kerberos. An in-depth discussion of Kerberos authentication is beyond the scope of this post, however when users execute reports that are configured to use Windows Integrated Authentication, their logon credentials are passed from the report server to the server hosting the data source. Delegation needs to be set on the report server and Service Principle Names (SPNs) set for the relevant services. When a user processes a report, the request must go through a Web server on its way to a database server for processing. Kerberos authentication enables the Web server to request a service ticket from the domain controller; impersonate the client when passing the request to the database server; and then restrict the request based on the user’s permissions. Each time a server is required to pass the request to another server, the same process must be used. Kerberos authentication is supported in both native and SharePoint integrated mode, but I’ll focus on native mode for the purpose of this post (I’ll explain configuring SharePoint integrated mode and Kerberos authentication in a future post). Configuring Kerberos avoids the authentication failures due to double-hop issues. These double-hop errors occur when a users windows domain credentials can’t be passed to another server to complete the user’s request. In the case of my customers, users were executing Reporting Services reports that were configured to query Analysis Services cubes on a separate machine using Windows Integrated security. The double-hop issue occurs as NTLM credentials are valid for only one network hop, subsequent hops result in anonymous authentication. The client attempts to connect to the report server by making a request from a browser (or some other application), and the connection process begins with authentication. With NTLM authentication, client credentials are presented to Computer 2. However Computer 2 can’t use the same credentials to access Computer 3 (so we get the Anonymous login error). To access Computer 3 it is necessary to configure the connection string with stored credentials, which is what a number of customers I have worked with have done to workaround the double-hop authentication error. However, to get the benefits of Windows Integrated security, a better solution is to enable Kerberos authentication. Again, the connection process begins with authentication. With Kerberos authentication, the client and the server must demonstrate to one another that they are genuine, at which point authentication is successful and a secure client/server session is established. In the illustration above, the tiers represent the following: Client tier (computer 1): The client computer from which an application makes a request. Middle tier (computer 2): The Web server or farm where the client’s request is directed. Both the SharePoint and Reporting Services server(s) comprise the middle tier (but we’re only concentrating on native deployments just now). Back end tier (computer 3): The Database/Analysis Services server/Cluster where the requested data is stored. In order to enable Kerberos authentication for Reporting Services it’s necessary to configure the relevant SPNs, configure trust for delegation for server accounts, configure Kerberos with full delegation and configure the authentication types for Reporting Services. Service Principle Names (SPNs) are unique identifiers for services and identify the account’s type of service. If an SPN is not configured for a service, a client account will be unable to authenticate to the servers using Kerberos. You need to be a domain administrator to add an SPN, which can be added using the SetSPN utility. For Reporting Services in native mode, the following SPNs need to be registered --SQL Server Service SETSPN -S mssqlsvc/servername:1433 Domain\SQL For named instances, or if the default instance is running under a different port, then the specific port number should be used. --Reporting Services Service SETSPN -S http/servername Domain\SSRS SETSPN -S http/servername.domain.com Domain\SSRS The SPN should be set for the NETBIOS name of the server and the FQDN. If you access the reports using a host header or DNS alias, then that should also be registered SETSPN -S http/www.reports.com Domain\SSRS --Analysis Services Service SETSPN -S msolapsvc.3/servername Domain\SSAS Next, you need to configure trust for delegation, which refers to enabling a computer to impersonate an authenticated user to services on another computer: Location Description Client 1. The requesting application must support the Kerberos authentication protocol. 2. The user account making the request must be configured on the domain controller. Confirm that the following option is not selected: Account is sensitive and cannot be delegated. Servers 1. The service accounts must be trusted for delegation on the domain controller. 2. The service accounts must have SPNs registered on the domain controller. If the service account is a domain user account, the domain administrator must register the SPNs. In Active Directory Users and Computers, verify that the domain user accounts used to access reports have been configured for delegation (the ‘Account is sensitive and cannot be delegated’ option should not be selected): We then need to configure the Reporting Services service account and computer to use Kerberos with full delegation:   We also need to do the same for the SQL Server or Analysis Services service accounts and computers (depending on what type of data source you are connecting to in your reports). Finally, and this is the part that sometimes gets over-looked, we need to configure the authentication type correctly for reporting services to use Kerberos authentication. This is configured in the Authentication section of the RSReportServer.config file on the report server. <Authentication> <AuthenticationTypes>           <RSWindowsNegotiate/> </AuthenticationTypes> <EnableAuthPersistence>true</EnableAuthPersistence> </Authentication> This will enable Kerberos authentication for Internet Explorer. For other browsers, see the link below. The report server instance must be restarted for these changes to take effect. Once these changes have been made, all that’s left to do is test to make sure Kerberos authentication is working properly by running a report from report manager that is configured to use Windows Integrated authentication (either connecting to Analysis Services or SQL Server back-end). Resources: Manage Kerberos Authentication Issues in a Reporting Services Environment http://download.microsoft.com/download/B/E/1/BE1AABB3-6ED8-4C3C-AF91-448AB733B1AF/SSRSKerberos.docx Configuring Kerberos Authentication for Microsoft SharePoint 2010 Products http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=23176 How to: Configure Windows Authentication in Reporting Services http://msdn.microsoft.com/en-us/library/cc281253.aspx RSReportServer Configuration File http://msdn.microsoft.com/en-us/library/ms157273.aspx#Authentication Planning for Browser Support http://msdn.microsoft.com/en-us/library/ms156511.aspx

    Read the article

  • The embarrassingly obvious about SQL Server CE

    - by Edward Boyle
    I have been working with SQL servers in one form or another for almost two decades now. But I am new to SQL Server Compact Edition. In the past weeks I have been working with SQL Serve CE a lot. The SQL, not a problem, but the engine itself is very new to me. One of the issues I ran into was a simple SQL statement taking excusive amounts of time; by excessive, I mean over one second. I wrote a little code to time the method. Sometimes it took under one second, other times as long as three seconds. –But it was a simple update statement! As embarrassing as it is, why it was slow eluded me. I posted my issue to MSDN and I got a reply from ErikEJ (MS MVP) who runs the blog “Everything SQL Server Compact” . I know little to nothing about SQL Server Compact. This guy is completely obsessed very well versed in CE. If you spend any time in MSDN forums, it seems that this guy single handedly has the answer for every CE question that comes up. Anyway, he said: “Opening a connection to a SQL Server Compact database file is a costly operation, keep one connection open per thread (incl. your UI thread) in your app, the one on the UI thread should live for the duration of your app.” It hit me, all databases have some connection overhead and SQL Server CE is not a database engine running as a service drinking Jolt Cola waiting for someone to talk to him so he can spring into action and show off his quarter-mile sprint capabilities. Imagine if you had to start the SQL Server process every time you needed to make a database connection. Principally, that is what you are doing with SQL Server CE. For someone who has worked with Enterprise Level SQL Servers a lot, I had to come to the mental image that my Open connection to SQL Server CE is basically starting a service, my own private service, and by closing the connection, I am shutting down my little private service. After making the changes in my code, I lost any reservations I had with using CE. At present, my Data Access Layer class has a constructor; in that constructor I open my connection, I also have OpenConnection and CloseConnection methods, I also implemented IDisposable and clean up any connections in Dispose(). I am still finalizing how this assembly will function. – That’s beside the point. All I’m trying to say is: “Opening a connection to a SQL Server Compact database file is a costly operation”

    Read the article

  • SQLAuthority News – Social Media Series – YouTube and Movies

    - by pinaldave
    Pinal Dave on Youtube! Some people might not know it, but YouTube is actually more than a place to watch funny cat videos and people singing their favorite pop songs – it’s actually a social media site.  When you are a member of YouTube you can follow people who regularly post videos, post video responses of your own, and even gain a following for your own videos.  I myself was not aware of YouTube’s potential until recently, when I started to make SQL Server in Sixty Seconds videos. YouTube is very different than other types of social media, and a big factor is that anyone can look at videos without being a member.  Unlike other social media sites, like Twitter and Facebook, you have to have an account in order to participate.  But on YouTube you are even more anonymous.  To make and post videos you need an account, but anyone who comes to the site can look at what you’ve made without signing in or leaving any trace of having seen your material.  This makes YouTube very anonymous and hard to track. However, we should not overlook the power of video on the internet.  Over the past few months I have been making SQL Server in Sixty Second videos and have come to love it.  It is very exciting to be able to talk about a subject that mostly I write about, and for many people video is far more accessible and easy to understand.   I have really enjoyed diving into something new, and would love to have more people check out these videos and give me feedback.  You can find me at www.youtube.com/user/pinaldave. I am very excited with all the possibilities on YouTube and it might just be the technology evangelist in me, but I would love for other people to discover how fun and exciting this site can be, too.  Don’t think of it as just a place to find funny videos and waste a few minutes of your time, think of it as a place to learn and interact with interesting people.  Come watch a few of my videos, while you’re there.  Remember, everything is free and there are no contracts to sign, but I hope that you get as excited as I am and join up.  We need more people creating good content on this site! Reference: Pinal Dave (http://blog.sqlauthority.com) Filed under: PostADay, SQL, SQL Authority, SQL Query, SQL Server, SQL Tips and Tricks, SQLServer, T SQL, Technology Tagged: Social Media

    Read the article

  • Is Code Complete still Code Complete? [closed]

    - by Peter Turner
    It's been quite a few years since Code Complete was published. I really love the book, I keep it in the bathroom at the office and read a little out of it once or twice a day. But I don't think it's possible to call Code Complete, "Code Complete" when it doesn't have language features that even Delphi has, like anonymous methods and generics. What key sections are missing from this book, and what should be deprecated?

    Read the article

< Previous Page | 34 35 36 37 38 39 40 41 42 43 44 45  | Next Page >