在Report Server安裝HttpModule
0 |
先前完成ReportViewer匯出PDF檔加蓋浮水印的把戲,想套用到SSRS(SQL Server Reporting Service)上,二者原理相近,差別在於SSRS使用的是"/ReportServer/ReportServer?rs:Command=Render&rs:Format=IMAGE&..." URL進行匯出作業,故只需稍加修改BeginRequest的URL過濾條件,一樣能透過HttpModule掛載HttpResponse.Filter加入修改匯出檔的程序。
修改C:\Program Files\Microsoft SQL Server\MSSQL\Reporting Services\ReportServer\web.config加上HttpModule設定後,卻導致ReportServer網站應用程式完全無法運作,彈出以下錯誤訊息:
[SecurityException: Request for the permission of type System.Web.AspNetHostingPermission, System, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 failed.]
SSRS2000Hacking.WaterMarkModule.Init(HttpApplication context) +0
System.Web.HttpApplication.InitModules() +100
System.Web.HttpApplication.InitInternal(HttpContext context, HttpApplicationState state, MethodInfo[] handlers) +1330
System.Web.HttpApplicationFactory.GetNormalApplicationInstance(HttpContext context) +392
System.Web.HttpApplicationFactory.GetApplicationInstance(HttpContext context) +256
System.Web.HttpRuntime.ProcessRequestInternal(HttpWorkerRequest wr) +414
錯誤訊息指出,問題出在設定BeginRequest事件的動作需要特定CAS權限,研判是ReportServer網站應用程式基於安全考量調降了一般ASP.NET程式執行權限,HttpModule因而也承襲低階權限,執行事件掛載動作時產生權限不足錯誤。查看ReportServer\web.config發現以下設定:
<securityPolicy>
<trustLevel name="RosettaSrv" policyFile="rssrvpolicy.config" />
</securityPolicy>
<trust level="RosettaSrv" originUrl="" />
原來ReportServer設定了一組自訂securityPolicy,其內容儲存於rssrvpolicy.config,除了ReportServer運作必須的組件外,預設不賦與任何CAS權限。因此,解決此一權限問題最簡單方法是修改rssrvpolicy.config,將我們的匯出檔浮水印HttpModule DLL調成FullTrust安全等級(資安提醒: 本案例因程式為自行開發,可擔保其中不含惡意程序或安全漏洞,故授與FullTrust安全等級沒有風險。若調高安全等級的對象為外來元件,請務必確認其安全無虞方可為之。)
我採用的做法是在ReportServer\rssrvpolicy.config中為HttpModule DLL(SSRS2000WatermarkModule.dll)加上設定,以URL為比對依據,調為FullTrust等級:
<CodeGroup
class="UnionCodeGroup"
version="1"
PermissionSetName="FullTrust">
<IMembershipCondition
class="UrlMembershipCondition"
version="1"
Url="$CodeGen$/*"
/>
</CodeGroup>
<CodeGroup
class="UnionCodeGroup"
version="1"
PermissionSetName="FullTrust">
<IMembershipCondition
class="UrlMembershipCondition"
version="1"
Url="$AppDirUrl$/bin/SSRS2000WaterMarkModule.dll"
/>
</CodeGroup>
加入設定後,浮水印模組就運作如常囉~
Comments
Be the first to post a comment