error-WindowsAuthentication - LogonUser: The method is not implemented.

[tltl666]

I followed the steps and it seems working correctly. However, after inactivity for a while, it would ask for windows authentication and then "could not load folder contents". In the report server error log, it has this error: 2019-08-30 11:11:07,283 [237]: WindowsAuthentication - LogonUser: The method is not implemented. in RSPortal_2019_08_30_10_37_30.log, it has following: 2019-08-30 11:11:07.2837|ERROR|237|Error when calling LogonUser in the Custom Authentication Extension| RequestID = s_783ba77c-a608-419e-ac50-a31168c23505 System.NotImplementedException: The method or operation is not implemented. at RegionOrebroLan.ReportingServices.Authentication.WindowsAuthentication.LogonUser(String userName, String password, String authority) at Microsoft.BIServer.Owin.Common.Services.AuthenticationService.WrapExtensionCall[T](String methodName, Func1 func) 2019-08-30 11:11:07.2837|ERROR|237| 10.100.12.57: GET /api/v2.0/CatalogItems%28Path%3D%27/%27%29 - 0:00:00.0013739 Exception: Microsoft.BIServer.Owin.Common.Exceptions.AuthenticationExtensionException: LogonUser ---> System.NotImplementedException: The method or operation is not implemented. at RegionOrebroLan.ReportingServices.Authentication.WindowsAuthentication.LogonUser(String userName, String password, String authority) at Microsoft.BIServer.Owin.Common.Services.AuthenticationService.WrapExtensionCall[T](String methodName, Func1 func) --- End of inner exception stack trace --- at Microsoft.BIServer.Owin.Common.Services.AuthenticationService.WrapExtensionCall[T](String methodName, Func1 func) at Microsoft.BIServer.Owin.Common.Services.AuthenticationService.TryLogonUser(String user, String password, String domain, FormsAuthenticationTicket& cookieValue) at Microsoft.BIServer.Owin.Common.Middleware.CustomAuthenticationMiddleware.CreateRequestContextFromBasicHeader(IOwinContext context, List1 passThroughCookies) at Microsoft.BIServer.Owin.Common.Middleware.CustomAuthenticationMiddleware.CreatePortalIdentity(IOwinContext context) at Microsoft.BIServer.Owin.Common.Middleware.CustomAuthenticationMiddleware.Invoke(IOwinContext context) at Microsoft.Owin.Security.Infrastructure.AuthenticationMiddleware`1.d0.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.BIServer.Owin.Common.Middleware.RequestLoggingMiddleWare.d2.MoveNext()| RequestID = s_783ba77c-a608-419e-ac50-a31168c23505

however, if I open a new tab or clean up browsing cache it would go through adfs and works again.

Please help what would cause it?

thanks

newbie

[HansKindberg]

Hi

I will try to help. My guess is that the following happens. After some inactivity the cookie set after authentication with ADFS has expired and authentication is needed again. Somehow redirection is not made to ADFS but the Windows Authentication window pops up. Then this method, LogonUser is called and it throws a NotImplementedException. And that's because I have not implemented it because I have expected that it should never bee called. But obviously it is called.

What version are you using? SSRS-13, SSRS-14 or PBIRS-15?

I have to laborate a bit to try to find out?

Regards Hans

[HansKindberg]

The first thing I will test is to set EnableAuthPersistence to false in RSReportServer.config. Maybe you can try this yourself. You have to restart the service after changing. This is just a "shoot from the hip" from my side. I am not sure at all.

[tltl666]

Thanks Hans for your reply. I’m using PVIRS-15. In my observation, if I use chrome or Firefox in secure mode, the logon box would appear. But if I just press cancel and it go back to home screen without issue. Do you know where to set redirects in ADFS settings?

Thanks so much and Best regards

Ying Liu | Database Administrator | ellucian® | O:+1.989.686.9214<tel:+1.989.686.9214> | www.ellucian.comhttp://www.ellucian.com/

On Sep 1, 2019, at 6:24 AM, Hans Kindberg notifications@github.com<mailto:notifications@github.com> wrote:

External Email

Hi

I will try to help. My guess is that the following happens. After some inactivity the cookie set after authentication with ADFS has expired and authentication is needed again. Somehow redirection is not made to ADFS but the Windows Authentication window pops up. Then this method, LogonUserhttps://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FRegionOrebroLan-Lab%2F.NET-ReportingServices-Extensions%2Fblob%2Fmaster%2FSource%2FProject%2FAuthentication%2FWindowsAuthentication.cs%23L154&data=02%7C01%7CYing.Liu%40ellucian.com%7C6cecbab21279487df2b408d72ec6856c%7Cba4f1b25f4f74403892553e24140459f%7C0%7C0%7C637029302498037944&sdata=qukMYqL87velLRehY8KypQ%2FHAOLKxKZ5W652T9djUVs%3D&reserved=0 is called and it throws a NotImplementedException. And that's because I have not implemented it because I have expected that it should never bee called. But obviously it is called.

What version are you using? SSRS-13, SSRS-14 or PBIRS-15?https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FRegionOrebroLan-Lab%2FReporting-Services-With-ADFS-Authentication%2311-installation%2F&data=02%7C01%7CYing.Liu%40ellucian.com%7C6cecbab21279487df2b408d72ec6856c%7Cba4f1b25f4f74403892553e24140459f%7C0%7C0%7C637029302498037944&sdata=WPrqJ9%2BimK%2BPF3dbCNUVVZUIobdmnX0FcZy1PI1coAw%3D&reserved=0

I have to laborate a bit to try to find out?

Regards Hans

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FRegionOrebroLan-Lab%2FReporting-Services-With-ADFS-Authentication%2Fissues%2F7%3Femail_source%3Dnotifications%26email_token%3DANBOZILERYPWHJEDP6PNTRDQHOJ35A5CNFSM4ISOXVL2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD5T7GEY%23issuecomment-526906131&data=02%7C01%7CYing.Liu%40ellucian.com%7C6cecbab21279487df2b408d72ec6856c%7Cba4f1b25f4f74403892553e24140459f%7C0%7C0%7C637029302498047937&sdata=XjozCnN5ZzR%2Bz6TuZTPo016nUMUF8VWpF7KD8OFyT%2BA%3D&reserved=0, or mute the threadhttps://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FANBOZINDRPHQZ2Y7KFY6C3LQHOJ35ANCNFSM4ISOXVLQ&data=02%7C01%7CYing.Liu%40ellucian.com%7C6cecbab21279487df2b408d72ec6856c%7Cba4f1b25f4f74403892553e24140459f%7C0%7C0%7C637029302498047937&sdata=2l7331Kq6Ccq3UlWAP3VfDJXAMX3Tod1jQYUyU7hG08%3D&reserved=0.

[HansKindberg]

Hi

When you say "logon box" do yo mean the Windows Logon Box to windows authenticate in the browser? When you get the windows logon box, what is the url in the browser? Are you on the reporting-services url when it happens or on your ADFS-url?

/Hans

[HansKindberg]

Hi again

I have now done changes in RegionOrebroLan.ReportingServices.dll so the LogonUser method do not throw an exception. Instead it returns false. I do not have any environment up for the moment so I have not tested anything. But you could try. Its about replacing RegionOrebroLan.ReportingServices.dll and log4net.config at some directories.

The changes I have made in RegionOrebroLan.ReportingServices.dll, the old one: https://github.com/RegionOrebroLan-Lab/.NET-ReportingServices-Extensions/blob/master/Source/Project/Authentication/WindowsAuthentication.cs#L154

The one I send a link to: https://github.com/RegionOrebroLan-Lab/.NET-ReportingServices-Extensions/blob/WindowsAuthentication-LogonUser-Lab/Source/Project/Authentication/WindowsAuthentication.cs#L173

The changes I send you regarding log4net.config is just about enabling debug-logging so you in the log4net log can see information about the LogonUser call if you want. The only change from the one you already have is that I out-commented a line to enable debug-logging.

So, if you want to enable debug-logging replace the following files:

• [INSTALLATION-PATH]\ReportServer\log4net.config
• [INSTALLATION-PATH]\Portal\log4net.config
• [INSTALLATION-PATH]\PowerBI\log4net.config

with log4net.config

And replace the following assemblies:

• [INSTALLATION-PATH]\ReportServer\bin\RegionOrebroLan.ReportingServices.dll
• [INSTALLATION-PATH]\Portal\RegionOrebroLan.ReportingServices.dll
• [INSTALLATION-PATH]\PowerBI\RegionOrebroLan.ReportingServices.dll

with RegionOrebroLan.ReportingServices.dll

Try it if you want. As I said I have not tested. But if something craches just go back to the old ones. Would be inteteresting to see what return false gives.

Remember to first stop the service Power BI Report Server and after you have replaced the files, start it again. I think the dll's can be locked if you do not stop first.

Regards Hans

[HansKindberg]

You asked howto change redirects in ADFS settings.

` ...

... ` I dont now how your adfs is setup. I just remember that when I tested Reporting Services with ADFS I wanted ADFS to use username/password authentication and not integrated authentication. So I easier could see when I hit the ADFS. Maybe your default-setting is integrated. I think you can change that in the settings in web.config for Reporting Services. I have written a reminder on my blog: https://hanskindberg.wordpress.com/2018/04/17/choose-authentication-type-for-ws-federation-in-adfs/ Other settings: https://docs.microsoft.com/en-us/dotnet/framework/configure-apps/file-schema/windows-identity-foundation/wsfederation/ Dont know if it helps but... Regards Hans

[tltl666]

thanks Hans for all your help and efforts! Sorry for my late reply. It's labor day holiday in the US yesterday.

first for the windows logon box, i'm not sure i understood you correctly. Please see below screenshot. it looks like coming from report server requesting username and password.

second, i downloaded and replaced your updated log4me.config and RegionOrebroLan.ReportingServices.dll file to the report server.

now, in Edge/Chrome/Firefox, it would ask for windows credentials. if i click on cancel as shown below a couple of times, it would go back to the report server homepage instead of throwing errors just like those browsers in private mode.

My goal is to use windows authentication through ADFS for one time and would not ask for credentials in 24 hours for my report users.

also here's my settings for the .

per your suggestion, if i would like to use windows authentication as default, should i add like below? here's results from Get-AdfsAuthenticationProvider; in adfs server: AdminName : Windows Authentication AllowedForPrimaryExtranet : False AllowedForPrimaryIntranet : True AllowedForAdditionalAuthentication : False AuthenticationMethods : {urn:ietf:rfc:1510, urn:federation:authentication:windows, urn:oasis:names:tc:SAML:2.0:ac:classes:Kerberos, http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/kerberos...} Descriptions : {} DisplayNames : {} Name : WindowsAuthentication IdentityClaims : {} IsCustom : False RequiresIdentity : False sorry, i'm not a programmer and highly appreciate your help! thanks Ying [cid:1fa39d69-7928-43c5-a907-30deb670dc17] ________________________________ From: Hans Kindberg Sent: Monday, September 2, 2019 6:20 AM To: RegionOrebroLan-Lab/Reporting-Services-With-ADFS-Authentication Cc: tltl666 ; Author Subject: [EXT]:Re: [RegionOrebroLan-Lab/Reporting-Services-With-ADFS-Authentication] error-WindowsAuthentication - LogonUser: The method is not implemented. (#7) **External Email** Hi again I have now done changes in RegionOrebroLan.ReportingServices.dll so the LogonUser method do not throw an exception. Instead it returns false. I do not have any environment up for the moment so I have not tested anything. But you could try. Its about replacing RegionOrebroLan.ReportingServices.dll and log4net.config at some directories. The changes I have made in RegionOrebroLan.ReportingServices.dll, the old one: https://github.com/RegionOrebroLan-Lab/.NET-ReportingServices-Extensions/blob/master/Source/Project/Authentication/WindowsAuthentication.cs#L154 The one I send a link to: https://github.com/RegionOrebroLan-Lab/.NET-ReportingServices-Extensions/blob/WindowsAuthentication-LogonUser-Lab/Source/Project/Authentication/WindowsAuthentication.cs#L173 The changes I send you regarding log4net.config is just about enabling debug-logging so you in the log4net log can see information about the LogonUser call if you want. The only change from the one you already have is that I out-commented a line to enable debug-logging. So, if you want to enable debug-logging replace the following files: * [INSTALLATION-PATH]\ReportServer\log4net.config * [INSTALLATION-PATH]\Portal\log4net.config * [INSTALLATION-PATH]\PowerBI\log4net.config with log4net.config And replace the following assemblies: * [INSTALLATION-PATH]\ReportServer\bin\RegionOrebroLan.ReportingServices.dll * [INSTALLATION-PATH]\Portal\RegionOrebroLan.ReportingServices.dll * [INSTALLATION-PATH]\PowerBI\RegionOrebroLan.ReportingServices.dll with RegionOrebroLan.ReportingServices.dll Try it if you want. As I said I have not tested. But if something craches just go back to the old ones. Would be inteteresting to see what return false gives. Remember to first stop the service Power BI Report Server and after you have replaced the files, start it again. I think the dll's can be locked if you do not stop first. Regards Hans — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread.

[tltl666]

i tried it but it did not solve it.

thanks

Ying

---

From: Hans Kindberg notifications@github.com Sent: Sunday, September 1, 2019 6:31 AM To: RegionOrebroLan-Lab/Reporting-Services-With-ADFS-Authentication Reporting-Services-With-ADFS-Authentication@noreply.github.com Cc: tltl666 yingliu@delta.edu; Author author@noreply.github.com Subject: [EXT]:Re: [RegionOrebroLan-Lab/Reporting-Services-With-ADFS-Authentication] error-WindowsAuthentication - LogonUser: The method is not implemented. (#7)

External Email

The first thing I will test is to set EnableAuthPersistence to false in RSReportServer.confighttps://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fsql%2Freporting-services%2Freport-server%2Frsreportserver-config-configuration-file%3Fview%3Dsql-server-2017%23bkmk_Authentication&data=02%7C01%7CYing.Liu%40ellucian.com%7C8d6a3447e87b461c5c9208d72ec78cbd%7Cba4f1b25f4f74403892553e24140459f%7C0%7C0%7C637029306924807757&sdata=EJ2bCPjytoqi6RFdomVyh%2F8%2Byp9orJqhC8Y7U9kJh6s%3D&reserved=0. Maybe you can try this yourself. You have to restart the servicehttps://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FRegionOrebroLan-Lab%2FReporting-Services-With-ADFS-Authentication%239-start-the-service&data=02%7C01%7CYing.Liu%40ellucian.com%7C8d6a3447e87b461c5c9208d72ec78cbd%7Cba4f1b25f4f74403892553e24140459f%7C0%7C0%7C637029306924817751&sdata=15cfFdr5VHwrazekm6%2Bz%2FI%2FKvKVRtjZQ0tzTLplLKw4%3D&reserved=0 after changing. This is just a "shoot from the hip" from my side. I am not sure at all.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FRegionOrebroLan-Lab%2FReporting-Services-With-ADFS-Authentication%2Fissues%2F7%3Femail_source%3Dnotifications%26email_token%3DANBOZIKTSQIGVG3OEIPWHJ3QHOKXRA5CNFSM4ISOXVL2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD5T7KKY%23issuecomment-526906667&data=02%7C01%7CYing.Liu%40ellucian.com%7C8d6a3447e87b461c5c9208d72ec78cbd%7Cba4f1b25f4f74403892553e24140459f%7C0%7C0%7C637029306924817751&sdata=zyT6drCbCAX9mWruqZwZSsgIiG18gtQXlOJlgpRiwIE%3D&reserved=0, or mute the threadhttps://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FANBOZIKKVWOMJJZNZU4BMT3QHOKXRANCNFSM4ISOXVLQ&data=02%7C01%7CYing.Liu%40ellucian.com%7C8d6a3447e87b461c5c9208d72ec78cbd%7Cba4f1b25f4f74403892553e24140459f%7C0%7C0%7C637029306924827745&sdata=xlkcc0i%2BLO8H0dWmHL4DsMAlJpeMAYWKcewAUzz61dM%3D&reserved=0.

[HansKindberg]

This discussion has continued by mail and led up to a bug:

9