Accessing DataAnalysis views with FBA in ProjectServer 2007


A customer had the following scenario:

  • Users are managed in an LDAP directory
  • they are synced via a customized application in to Project Server 2007
  • they authenticate via Form Based Authentication
  • but users cannot access DataAnalysis views in Project Web Access (PWA)

The reason is when you open the DataAnalysis page in PWA your client communicates directly to Analysis Services.

With Windows Integrated Authentication users with permissions to view DataAnalysis in PWA are granted the appropriate rights to connect to Analysis Services.

But LDAP users don’t have an Active Directory account ….

The solution is: HTTP Pump (which reminds me to one famous Aerosmith album …)

Let’s see how we get this running.

I already extended my PWA web application for using forms authentication, if you haven’t done this yet, do it now.

Here’s a guide: http://technet.microsoft.com/en-us/library/cc197472%28office.12%29.aspx

After that the web applications in IIS look like the following:

image

In my case:

To configure HTTP Pump there is an excellent blog for Windows Server 2008 and SQL Server 2008, so read and do this first:

http://bloggingabout.net/blogs/mglaser/archive/2008/08/15/configuring-http-access-to-sql-server-2008-analysis-services-on-microsoft-windows-server-2008.aspx

I created the application for OLAP HTTP Pump (named olap on my screenshot above) under the original web application for PWA (the one with windows integrated authentication).

The application pool for the olap web application runs under a specific domain account that has access to the analysis services. If this authentication fails you get this DSO connection string error in PWA when creating the cube:

Error: The connection string to repository Needs To Be Specified in the 9.0 server properties (see <DSO> … </ DSO> section in msmdsrv.ini file from Analysis Services 9.0

 

In the authentication settings for the olap application I activated the anonymous authentication and used the application pool identity for logon:

image

So after that the URL for my new “Analysis Server” is http://win2008/olap/msmdpump.dll. If you can open this URL (without the dll at the end) it should be fine with authentication.

Now how to tell Project Server?

We have to change the standard Analysis Services server and create a new cube.

Open the cube generation settings in PWA and use the URL to your olap pump as the server name and the extranet-URL.

In my case http://win2008/olap/msmdpump.dll

Give the Analysis Services database a name and hit save and create.

image

If the cube generation finished logon as an admin (or an account that has rights to create views) via Forms Authentication and create a new data analysis view:

image

As you can see the standard server for analysis services is now the msmdpump.dll and you have access to your cubes.

So access to DataAnalysis views works also for non AD users.

Advertisements

About binoeder

SharePoint and Project Server Consultant
This entry was posted in ProjectServer and tagged , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s