I am working on a website that is using Forms Authentication on a Windows
2003 server. The SQL Server, IIS, and Analysis Server will all be running
on that machine that is not part of the domain. I am using SSL for the
website. I have built some reporting infrastructure that is using the OWC
Pivot, and OWC Chart components. Now I have to find a way to secure the
OLAP cubes so that only the current logged in user can see the data of the
agency that they belong too. I have all of the roles setup in SQL server
and it works. I am wondering if I should use windows impersonation to get
the data from Analysis server and use integrated security (SSPI), or use
http connectionstring. Currently there would be a need to have the data
segmented by Agency and we currently have seven in the system.

Any feedback or ideas would be greatly appreciated.

Thank-you, Pierre

You might find the following white papers useful:
http://msdn.microsoft.com/library/de...l_datapump.asp
and the Security Administration section in:
http://www.microsoft.com/technet/pro.../anservog.mspx
--
Dave Wickert [MSFT]
dwickert (AT) online (DOT) microsoft.com
Program Manager
BI SystemsTeam
SQL BI Product Unit (Analysis Services)
--
This posting is provided "AS IS" with no warranties, and confers no rights.

"PierreDechaine" <pierredechaine (AT) hotmail (DOT) com> wrote

I have already read those articles and have implemented that sort of
infrastructure. I am noticing some major lag time in some of the cubes
retreival time when using the msolap.asp page on a Windows 2003 server. I
believe that there is already an article on support.microsoft.com indicating
that this can occur. They do not mention anything in the article on how to
increase performance. Still would love some feedback on trying to implement
an analysis server OWC web-based solution using forms authentication. Is my
only option using http connectionstring? Should I use Basic Authentication?
What about using ADAM? I am considering looking at this as a possible
solution. Wish I was still contracting at Microsoft, would love to get back
into the internal MSOLAP discussion group that I used to frequently read.

Thank-you for responding, Pierre


"Dave Wickert [MSFT]" <dwickert (AT) online (DOT) microsoft.com> wrote