Was this page helpful?
Your feedback about this content is important. Let us know what you think.
Additional feedback?
1500 characters remaining
Export (0) Print
Expand All

IAuthorizationExtension.CheckAccess Method (String, IntPtr, Byte[], FolderOperation)

Indicates whether a user is authorized to access an item in the report server database for a given folder operation.

Namespace:  Microsoft.ReportingServices.Interfaces
Assemblies:   Microsoft.ReportingServices.SharePoint.UI.WebParts (in Microsoft.ReportingServices.SharePoint.UI.WebParts.dll)
  Microsoft.ReportingServices.Interfaces (in Microsoft.ReportingServices.Interfaces.dll)

[StrongNameIdentityPermissionAttribute(SecurityAction.LinkDemand, PublicKey = "0024000004800000940000000602000000240000525341310004000001000100272736ad6e5f9586bac2d531eabc3acc666c2f8ec879fa94f8f7b0327d2ff2ed523448f83c3d5c5dd2dfc7bc99c5286b2c125117bf5cbe242b9d41750732b2bdffe649c6efb8e5526d526fdd130095ecdb7bf210809c6cdad8824faa9ac0310ac3cba2aa0523567b2dfa7fe250b30facbd62d4ec99b94ac47c7d3b28f1f6e4c8")]
bool CheckAccess(
	string userName,
	IntPtr userToken,
	byte[] secDesc,
	FolderOperation requiredOperation
)

Parameters

userName
Type: String
The name of the user requesting access to the report server.
userToken
Type: IntPtr
A user account token. This token is primarily used by the report server as a handle to a Microsoft Windows account in support of credential management for Windows Authentication.
secDesc
Type: Byte[]
The security descriptor for the item.
requiredOperation
Type: Microsoft.ReportingServices.Interfaces.FolderOperation
The operation being requested by the report server for a given user.

Return Value

Type: Boolean
Returns true if the currently authenticated user is granted access to the item based on the supplied operation and security descriptor.

The following example code uses the CheckAccess method to evaluate a user's authorization credentials against a security descriptor for an item in the report server database.

public bool CheckAccess(string userName, IntPtr userToken, byte[] secDesc, FolderOperation requiredOperation)
{
   AceCollection acl = DeserializeAcl(secDesc);
   foreach(AceStruct ace in acl)
   {
       // First check to see if the user or group has an access control entry for the item
      if (userName == ace.PrincipalName)
      {
          // If an entry is found, return true if the given required operation
          // is contained in the ACE structure.
         foreach(FolderOperation aclOperation in ace.FolderOperations)
         {
             if (aclOperation == requiredOperation)
                return true;
         }
      }
   }
   return false;
}

private AceCollection DeserializeAcl(byte[] secDesc)
{
   BinaryFormatter bf = new BinaryFormatter();
   MemoryStream sdStream = new MemoryStream(secDesc);
   AceCollection acl = (AceCollection)bf.Deserialize(sdStream);
   return acl;
}

Community Additions

ADD
Show:
© 2015 Microsoft