I get this error when I load a report from internal IIS 10 server, on my local developer machine it works :
Unable to get report parameters
An error has occurred
Attempted to perform an unauthorized operation
it is a mvc core 2.2 project with full framework 4.7.2, the reports is in a report library
$("#reportViewer").telerik_ReportViewer({
serviceUrl: '@Url.Content("~/api/reports/")',
reportSource: {
report: "IntraReport.Arr_Bekraeft, IntraReport",
parameters: { ID: @Model }
},
viewMode: telerikReportViewer.ViewModes.INTERACTIVE,
scaleMode: telerikReportViewer.ScaleModes.SPECIFIC,
scale: 1.0,
ready: function () {
//this.refreshReport();
}
});
17 Answers, 1 is accepted
Since the error message occurs after deploying, it is likely related to the application pool that is being used by the application in the IIS. Note that Telerik Reporting makes a call to get the User Identity for the application. This may cause an exception in the IIS if this User Identity does not have the necessary rights, for example to access the database - check Attempted to perform an unauthorized operation.
Test to give the application pool identity all the necessary permissions.
Regards,
Todor
Progress Telerik
Hello Todor
the application pool is like this
.Net CLR Version: No Managed Code, Identity: networkService
Normal database access works, only reports not working
domain\servername$ have read/write acces to the database
do I need to add the user who acces the page with the report?
I have set it up like the old version running on MVC 5
StackTrace
{"Message":"An error has occurred.","ExceptionMessage":"Attempted to perform an unauthorized operation.","ExceptionType":"System.UnauthorizedAccessException","StackTrace":" at System.Security.Principal.WindowsIdentity.get_AuthenticationType()\r\n at Telerik.Reporting.Services.AspNetCore.ReportsControllerBase.GetUserIdentity()\r\n at Telerik.Reporting.Services.AspNetCore.ReportsControllerBase.GetParameters(String clientID, ClientReportSource reportSource)\r\n at lambda_method(Closure , Object , Object[] )\r\n at Microsoft.Extensions.Internal.ObjectMethodExecutor.Execute(Object target, Object[] parameters)\r\n at Microsoft.AspNetCore.Mvc.Internal.ActionMethodExecutor.SyncActionResultExecutor.Execute(IActionResultTypeMapper mapper, ObjectMethodExecutor executor, Object controller, Object[] arguments)\r\n at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.<InvokeActionMethodAsync>d__12.MoveNext()\r\n--- End of stack trace from previous location where exception was thrown ---\r\n at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)\r\n at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.<InvokeNextActionFilterAsync>d__10.MoveNext()\r\n--- End of stack trace from previous location where exception was thrown ---\r\n at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.Rethrow(ActionExecutedContext context)\r\n at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)\r\n at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.<InvokeInnerFilterAsync>d__13.MoveNext()\r\n--- End of stack trace from previous location where exception was thrown ---\r\n at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)\r\n at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n at Microsoft.AspNetCore.Mvc.Internal.ResourceInvoker.<InvokeNextExceptionFilterAsync>d__24.MoveNext()"}
0
The Stack Trace of the error indicates that Windows Authentication has failed. You may test to log with Username and Password instead.
I tested locally to set the ApplicationPool Identity of a test Reporting application with .Net CLR Version 'No Managed Code'. This resulted in non-functional REST Service. Note that the value should be 'No Managed Code' if the application pool is configured to *not* use the .NET Framework (Application Pools Microsoft article), whereas Telerik Reporting REST Service uses .NET framework.
Regards,
Todor
Progress Telerik
Hi Todor
I have change the application pool to use full framework
still get the same error
In my old project (MVC 5) the reports are in the same project
in this, the reports are in a separate report library
can this be the problem
In fact, we recommend the reports to live in a separate ReportLibrary or ClassLibrary project. I don't think this is related to the problem. If the error is the same, it seems like an authorization issue - our ReportsController method GetUserIdentity() fails due to insufficient rights.
You may test with another Identity - NetworkService account seems to be relatively low-privileged.
Regards,
Todor
Progress Telerik
The reports are the same in both projects
Both projects use NetworkService
I can access the database used in the reports via EntityFramework server side
Further research on the Internet revealed that the problem may be related to Windows Authentication in IIS server - check UnauthorizedAccessException for WindowsIdentity.get_AuthenticationType on IIS thread. I am not an expert in IIS Authentication but it seems that a similar issue has been observed also in .NET Core 2.2 - check SignalR windows authentication error using long polling. The thread suggests also possible workarounds, i.e. downgrading to .NET Core 2.1 or using InProc session.
Regards,
Todor
Progress Telerik
Hello Todor
OutOfProcess or InProc same result
SetCompatibilityVersion(CompatibilityVersion.Version_2_1) same result
Use the report as a trdp file in wwwroot/reports same result
the only think that works is to use a report server
Hello Todor
OutOfProcess or InProc same result
SetCompatibilityVersion(CompatibilityVersion.Version_2_1) same result
Use the report as a trdp file in wwwroot/reports same result
the only think that works is to use a report server
In the says 'I can reproduce this with your app on 2.2 but switching to 2.1 stops it from happening'. I am not sure whether SetCompatibilityVersion(.Version_2_1) may replace downgrading.
We have run out of ideas for the possible reasons for the problem. We haven't experienced it before and will need to reproduce and investigate it locally.
You may open a support ticket and attach the application so that we can deploy it and try to reproduce the problem.
Regards,
Todor
Progress Telerik
Hi,
We are getting same issue. Have you found any solution ?
For Visual Studio / IIS Express, reports works with Windows Authentication. When we publish application to an IIS server we are getting an error 500 on /api/reports/clients/xxxxxxxxx/parameters
{"Message":"An error has occurred.","ExceptionMessage":"Attempted to perform an unauthorized operation.","ExceptionType":"System.UnauthorizedAccessException","StackTrace":" at System.Security.Principal.WindowsIdentity.get_AuthenticationType()
at Telerik.Reporting.Services.AspNetCore.ReportsControllerBase.GetUserIdentity()
at Telerik.Reporting.Services.AspNetCore.ReportsControllerBase.GetParameters(String clientID, ClientReportSource reportSource)
at lambda_method(Closure , Object , Object[] )
at Microsoft.AspNetCore.Mvc.Internal.ActionMethodExecutor.SyncActionResultExecutor.Execute(IActionResultTypeMapper mapper, ObjectMethodExecutor executor, Object controller, Object[] arguments)
at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.InvokeActionMethodAsync()
at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.InvokeNextActionFilterAsync()
at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.Rethrow(ActionExecutedContext context)
at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.InvokeInnerFilterAsync()
at Microsoft.AspNetCore.Mvc.Internal.ResourceInvoker.InvokeNextExceptionFilterAsync()"}
This problem with Windows Authentication seems to be a known issue in ASP.NET Core 2.2 - check my previous posts. Did you try the workarounds suggested in the referred threads? The problem seems to be outside the Reporting tool. Does logging with Username and Password work?
Regards,
Todor
Progress Telerik
Hi Todor,
We are using ASP.NET Core 2.1 and all application is using the same method call to get Windows Authentication. It is only when we try to open a Telerik Reporting we fails to generate reports. For our understand, thread isolation is blocking call to GetWindowsIdentity method.
Another thing which is strange, we are able to render the report when we are under our Visual Studio (all users are same) and under IIS where we have an application pool user and a logged user reports fails to render with permission.
Regards,
Roy.
Consider overriding the method ReportsControllerBase.GetUserIdentity() in the ReportsController class and if you do not need the AuthenticationType value in report expressions, you can ignore it as shown in the following code snippet:
protected
override
UserIdentity GetUserIdentity()
{
var result =
new
UserIdentity();
if
(
this
.User !=
null
&&
this
.User.Identity !=
null
)
{
var identity =
this
.User.Identity;
//result.AuthenticationType = identity.AuthenticationType;
result.IsAuthenticated = identity.IsAuthenticated;
result.Name = identity.Name;
}
return
result;
}
Regards,
Neli
Progress Telerik