New to Telerik Report Server? Download free 30-day trial

Configuring the Report Server for .NET Single Sign-On Functionality using Microsoft Entra ID for Linux/Container

Microsoft Entra ID is a cloud-based identity and access management service that can be used for authentication in the Telerik Report Server for .NET.

In this article, we will explain how to set up and enable the Microsoft Entra ID authentication for the users of the Telerik Report Server for .NET. Besides the enhanced authentication security, this approach also improves the user experience, because the users who are already registered in Microsoft Entra will be able to log into Report Server Manager UI without entering their login credentials each time.

Prerequisites

  • Telerik Report Server installation with at least one administrator account.
  • An Azure account with Microsoft Entra ID support.

In case you are unfamiliar with the process of using Microsoft Entra ID, we recommend checking out the Set up Microsoft Entra ID article.

Steps

1. Create a Microsoft Entra ID Tenant

  1. Navigate to the Microsoft Azure Home page.
  2. From the menu in the top left corner of the page, select Microsoft Entra ID.
  3. In the displayed Overview page, click Manage Tenants:

    Location of the Manage Tenant button in the Azure portal.

  4. Click the Create button on the Manage Tenants page:

    Location of the Create button on the Manage Tenants page in the Azure portal.

  5. On the Create a tenant page, choose Microsoft Entra ID as the tenant type (it should be selected by default):

    The Create a tenant page with Microsoft Entra ID as the selected type.

  6. Click Next: Configuration > and type Organization name (for example, Report Server Tenant) and Initial Domain Name (e.g. ReportServerNetDomain):

    The configuration step of creating a tenant with sample directory details.

  7. Click Next: Review + create > and if the configuration is correct, a green message notifying that the validation has passed will be displayed:

    The review and create step of the workflow.

  8. Click Create and then fill in the Captcha (it will take a minute or two to complete the process once it has been submitted).

2. Registering the Telerik Report Server for .NET Application

  1. If the steps from the previous section were completed successfully, the following green message should appear above the Captcha:

    Tenant creation was successful. Click here to navigate to your new tenant: Report Server Tenant.

    The text Report Server Tenant is your organization name and there will be a link to the Report Server Tenant Overview page.

    If you are not on the Report Server Tenant Overview page, go to the top left Menu >> Microsoft Entra ID >> click Add >> App Registration.

  2. Register the application by choosing Add > App registration.

    Add Report Server Application, for example, as a name, leave the rest options to be the default, and click Register.

    The step where the Report Server for .NET application is registered in Azure.

  3. Expand the Manage dropdown in the menu on the left and choose Authentication.

  4. Click Add Platform >> Web >> Tick the ID Tokens checkbox, then click Configure.

    Opening the authentication page for the Report Server application in Azure.

  5. Add a Redirect URL, for example, http://localhost:82/signin-oidc.

    Configuring a redirect URL and the token settings for authentication between the Report Server and Azure.

  6. Click Certificates & secrets in the expanded Manage dropdown in the menu on the left.

  7. On the Certificates & secrets page, Click the New client secret button.

    Triggering the creation of new client secret in the Azure portal.

    Once the secret is created, copy and save the secret value as it will be used in the Report Server later. Note that you can do this only at this step. The failure would require another secret to be created, saved, and used.

3. EntraID Setup on a local Telerik Report Server for .NET installation on Linux

  1. Download the archive Telerik_ReportServer_Net_NonWindows_{Report Server version}.zip from your Telerik account.
  2. Unzip the archive. The content gets deployed in two folders ReportServer and ReportServiceAgent.
  3. Open the Powershell and navigate to the subfolder ReportServer.
  4. Run the command docker build -t telerik-report-server:local . in Powershell to build the Report Server Manager image.
  5. Navigate to the subfolder ReportServiceAgent.
  6. Run the command docker build -t telerik-report-server-agent:local . in Powershell to build the Report Server ServiceAgent image.
  7. Navigate to the subfolder ReportServer\docker-configs.
  8. Open the file docker-compose.yml in a text editor like Notepad++ and edit its content. Delete everything between the lines services: and storage:. Before the line environments include the next lines:

    
      ports:
        - "1433:1433"
    

    The tabulation is essential and should be preserved. Here is the final content of the docker-compose.yml file:

    services:
    
    storage:
      image: "mcr.microsoft.com/mssql/server:2019-latest"
      restart: always
      ports:
        - "1433:1433"
      environment:
        - SA_PASSWORD=place_your_sa_password_here
        - ACCEPT_EULA=Y
      volumes: 
        - mssql-storage:/var/opt/mssql
    
    volumes:
    mssql-storage:
    

    Save the modified file.

  9. Run the command docker-compose up in Powershell to execute the above script to create and run the MsSqlServer Docker container we are going to use as Report Server Storage.

  10. Open MSSQL Management Studio and Login with the following parameters:

    • Server : localhost
    • User : sa
    • Password: place_your_sa_password_here (this is the argument SA_PASSWORD from the above script file. You may change it as required.)
  11. Add the database named reportserver. After successfully creating the database, you may close the management studio.

  12. Stop the current process in Powershell, for example, with the key combination Ctrl+C.
  13. Go back to the text editor with the opened file docker-compose.yml and restore its original content:

    services:
    
    # template configuration of Report Server.
    # Includes sample config for /app/Data File Storage.
    telerik-report-server:
      env_file:
        - mssql_storage.env
      image: telerik-report-server:local
      restart: always
      ports:
        - "82:80"
      depends_on: 
        - storage
    
    # template configuration of Report Server Agent.
    # Includes sample config for /app/Data File Storage.
    telerik-report-server-agent:
      environment:
        - Agent__Name=FirstAgent,
        - Agent__Address=http://telerik-report-server-agent:80
      env_file:
        - mssql_storage.env
      image: telerik-report-server-agent:local
      restart: always
      depends_on:
        - storage
    
    storage:
      image: "mcr.microsoft.com/mssql/server:2019-latest"
      restart: always
      environment:
        - SA_PASSWORD=place_your_sa_password_here
        - ACCEPT_EULA=Y
      volumes: 
        - mssql-storage:/var/opt/mssql
    
    volumes:
    mssql-storage:
    
  14. Update the telerik-report-server information in the same file by adding the ExternalLogin__EntraId__ClientSecret environment attribute as shown below:

    services:
    
    # template configuration of Report Server.
    # Includes sample config for /app/Data File Storage.
    telerik-report-server:
      env_file:
        - mssql_storage.env
      image: telerik-report-server:local
      restart: always
      ports:
        - "82:80"
      depends_on: 
        - storage
    
    # template configuration of Report Server Agent.
    # Includes sample config for /app/Data File Storage.
    telerik-report-server-agent:
      environment:
        - Agent__Name=FirstAgent,
        - Agent__Address=http://telerik-report-server-agent:80
        - ExternalLogin__EntraId__ClientSecret=HZq8Q~j9iO0Mr.WDn1U9IMHZClsacsWz3DTdlmgYjaOH
      env_file:
        - mssql_storage.env
      image: telerik-report-server-agent:local
      restart: always
      depends_on:
        - storage
    
    storage:
      image: "mcr.microsoft.com/mssql/server:2019-latest"
      restart: always
      environment:
        - SA_PASSWORD=place_your_sa_password_here
        - ACCEPT_EULA=Y
      volumes: 
        - mssql-storage:/var/opt/mssql
    
    volumes:
    mssql-storage:
    

    Change the client secret with the one from the Entra ID setup in the Azure portal.

    Save the file.

  15. Go back to the Powershell environment and execute the above yaml file with the same command docker-compose up. This should run the Report Server Manager and ReportServer.ServiceAgent for .NET.

  16. Navigate to localhost:82 in the browser to open the Report Server Manager for .NET.

4. Enabling Microsoft Entra ID Authentication in the Telerik Report Server for .NET

  1. Open the Telerik Report Server for .NET in the browser. The default URL is http://localhost:82/.
  2. Navigate to the Configuration page and select the Authentication tab.

    The Report Server for .NET Application's Configuration page on the Authentication tab.

  3. Enable the Microsoft Entra ID Provider.

  4. In the Instance field, use the URL - https://login.microsoftonline.com/.
  5. In the Domain field, use the one from step 5 in the Create a Microsoft Entra ID Tenant section and add it as a URL, for example - https://ReportServerNetDomain.onmicrosoft.com/.
  6. Open the Microsoft Azure Portal to get the Tenant ID:

    • From the menu in the top left corner of the page, select Microsoft Entra ID.
    • The Tenant ID can be copied from the Basic Information table in the center of the page.
  7. Open the Microsoft Azure Portal to get the Client ID:

    • From the menu in the top left corner of the page, select Microsoft Entra ID.
    • Expand the Manage dropdown >> App Registrations >> All Applications.
    • Click the application name e.g. Report Server Application (defined in the previous section).
    • Copy the Application (client) ID and add it to the Report Server in the Client ID field.

      The Report Server Application page in the Azure portal where the application (client) ID is located.

    • Click the Save Changes button in the Report Server for .NET's Configuration page (a message that a manual restart of the service is required will appear on the screen).

    • The restart can be performed from the IIS Manager >> Application Pools >> Right-click the Telerik Report Server for .NET site and choose Recycle.
  8. Once the service is manually restarted, log in with a user that has an administrator role and go to User Management.

  9. Click the Add New User button:

    • Select the Authentication Provider to be EntraId.
    • Add a username.
    • Add the domain name login email e.g. username@mycompany.com.
    • Choose a User Role and save the changes.

    Creating a user with EntraID authentication in the Report Server for .NET Application

  10. Log out of the Report Server to go to the Login page.

    The Report Server for .NET Login page with an enabled Microsoft Entra ID.

  11. Click the blue Microsoft Entra ID button. You should be automatically logged in with your EntraID.

See Also

In this article