Export (0) Print
Expand All

IAuthorizationExtension.CheckAccess Method (String, IntPtr, Byte[], ResourceOperation)

Indicates whether a user is authorized to access an item in the report server database for a given resource operation.

Namespace:  Microsoft.ReportingServices.Interfaces
Assemblies:   Microsoft.ReportingServices.SharePoint.UI.WebParts (in Microsoft.ReportingServices.SharePoint.UI.WebParts.dll)
  Microsoft.ReportingServices.Interfaces (in Microsoft.ReportingServices.Interfaces.dll)

[StrongNameIdentityPermissionAttribute(SecurityAction.LinkDemand, PublicKey = "0024000004800000940000000602000000240000525341310004000001000100272736ad6e5f9586bac2d531eabc3acc666c2f8ec879fa94f8f7b0327d2ff2ed523448f83c3d5c5dd2dfc7bc99c5286b2c125117bf5cbe242b9d41750732b2bdffe649c6efb8e5526d526fdd130095ecdb7bf210809c6cdad8824faa9ac0310ac3cba2aa0523567b2dfa7fe250b30facbd62d4ec99b94ac47c7d3b28f1f6e4c8")]
bool CheckAccess(
	string userName,
	IntPtr userToken,
	byte[] secDesc,
	ResourceOperation requiredOperation
)

Parameters

userName
Type: String
The name of the user requesting access to the report server.
userToken
Type: IntPtr
A user account token. This token is primarily used by the report server as a handle to a Microsoft Windows account in support of credential management for Windows Authentication.
secDesc
Type: Byte[]
The security descriptor for the item.
requiredOperation
Type: Microsoft.ReportingServices.Interfaces.ResourceOperation
The operation being requested by the report server for a given user.

Return Value

Type: Boolean
Returns true if the currently authenticated user is granted access to the item based on the supplied operation and security descriptor.

The following example code uses the CheckAccess method to evaluate a user's authorization credentials against a security descriptor for an item in the report server database.

public bool CheckAccess(string userName, IntPtr userToken, byte[] secDesc, ResourceOperation requiredOperation)
{
   AceCollection acl = DeserializeAcl(secDesc);
   foreach(AceStruct ace in acl)
   {
       // First check to see if the user or group has an access control entry for the item
      if (userName == ace.PrincipalName)
      {
          // If an entry is found, return true if the given required operation
          // is contained in the ACE structure.
         foreach(ResourceOperation aclOperation in ace.ResourceOperations)
         {
             if (aclOperation == requiredOperation)
                return true;
         }
      }
   }
   return false;
}

private AceCollection DeserializeAcl(byte[] secDesc)
{
   BinaryFormatter bf = new BinaryFormatter();
   MemoryStream sdStream = new MemoryStream(secDesc);
   AceCollection acl = (AceCollection)bf.Deserialize(sdStream);
   return acl;
}

Community Additions

ADD
Show:
© 2014 Microsoft