Databases Reference
In-Depth Information
the desired protocol as part of the connection string. Currently, Analysis Services supports
the following protocols:
Negotiate
,
NTLM
,
Kerberos
, and
Anonymous User
.
NOTE
To monitor the users logging in to your server, you can do a SQL Server Profiler trace to
see the
AuditLogon
events generated by Analysis Services after it successfully
authenticates each user. You can also use a
DISCOVER_CONNECTIONS
request to obtain
a list of all the current connections.
You can enable anonymous access to your server by using
RequireClientAuthentication
server configuration property and
ImpersonationLevel
connection string property. By
default, the
RequireClientAuthentication
property is set to
True
; set it to
False
to enable
anonymous access. To grant anonymous users access to your server objects, add a built-in
ANONYMOUS LOGON
account to your database roles objects and configure data access security.
(More information about object security is available later in this chapter.)
HTTP Security
After you set up HTTP access to Analysis Services, you can use authentication methods
other than Windows authentication. (For information about setting up HTTP access, refer
Analysis Services uses a separate component—HTTP pump (
msmdmump.dll
)—to pass the
data between client, IIS (Internet Information Server), and Analysis Services. Therefore, it
supports all IIS authentication mechanisms:
.
Integrated Windows authentication
.
Anonymous access
.
Basic authentication
NOTE
IIS determines the authentication mechanism for authenticating a user by reading the
security settings on the virtual directory where the pump component is located.
Integrated Windows Authentication
When Integrated Windows authentication (formerly called
NTLM
or
Windows NT
Challenge/Response authentication
) is set up for the pump. IIS authenticates the Windows
user and impersonates the pump component with the user's credentials. The pump estab-
lishes a connection to the server hosting Analysis Services under the user's credentials to
initiate an HTTP connection.
Constrained Delegation
In certain scenarios, more than two computers are involved in
executing a single request using integrated Windows authentication. These computers pass
Search WWH ::
Custom Search