Configuring the Report Server for .NET Single Sign-On Functionality using Microsoft Entra ID for Linux/Container
Microsoft Entra ID is a cloud-based identity and access management service that can be used for authentication in the Telerik Report Server for .NET.
In this article, we will explain how to set up and enable the Microsoft Entra ID authentication for the users of the Telerik Report Server for .NET. Besides the enhanced authentication security, this approach also improves the user experience, because the users who are already registered in Microsoft Entra will be able to log into Report Server Manager UI without entering their login credentials each time.
Prerequisites
- Telerik Report Server installation with at least one administrator account.
- An Azure account with Microsoft Entra ID support.
In case you are unfamiliar with the process of using Microsoft Entra ID, we recommend checking out the Set up Microsoft Entra ID article.
Steps
1. Create a Microsoft Entra ID Tenant
- Navigate to the Microsoft Azure Home page.
- From the menu in the top left corner of the page, select Microsoft Entra ID.
-
In the displayed Overview page, click Manage Tenants:
-
Click the Create button on the Manage Tenants page:
-
On the Create a tenant page, choose
Microsoft Entra ID
as the tenant type (it should be selected by default): -
Click Next: Configuration > and type Organization name (for example,
Report Server Tenant
) and Initial Domain Name (e.g.ReportServerNetDomain
): -
Click Next: Review + create > and if the configuration is correct, a green message notifying that the validation has passed will be displayed:
Click Create and then fill in the Captcha (it will take a minute or two to complete the process once it has been submitted).
2. Registering the Telerik Report Server for .NET Application
-
If the steps from the previous section were completed successfully, the following green message should appear above the Captcha:
Tenant creation was successful. Click here to navigate to your new tenant: Report Server Tenant
.The text
Report Server Tenant
is your organization name and there will be a link to the Report Server Tenant Overview page.If you are not on the Report Server Tenant Overview page, go to the top left
Menu
>>Microsoft Entra ID
>> clickAdd
>>App Registration
. -
Register the application by choosing
Add
>App registration
.Add Report Server Application, for example, as a name, leave the rest options to be the default, and click
Register
. Expand the Manage dropdown in the menu on the left and choose Authentication.
-
Click
Add Platform
>>Web
>> Tick theID Tokens
checkbox, then click Configure. -
Add a Redirect URL, for example,
http://localhost:82/signin-oidc
. Click Certificates & secrets in the expanded Manage dropdown in the menu on the left.
-
On the Certificates & secrets page, Click the New client secret button.
Once the secret is created, copy and save the secret value as it will be used in the Report Server later. Note that you can do this only at this step. The failure would require another secret to be created, saved, and used.
3. EntraID Setup on a local Telerik Report Server for .NET installation on Linux
- Download the archive
Telerik_ReportServer_Net_NonWindows_{Report Server version}.zip
from your Telerik account. - Unzip the archive. The content gets deployed in two folders
ReportServer
andReportServiceAgent
. - Open the
Powershell
and navigate to the subfolderReportServer
. - Run the command
docker build -t telerik-report-server:local .
in Powershell to build the Report Server Manager image. - Navigate to the subfolder
ReportServiceAgent
. - Run the command
docker build -t telerik-report-server-agent:local .
in Powershell to build the Report Server ServiceAgent image. - Navigate to the subfolder
ReportServer\docker-configs
. -
Open the file
docker-compose.yml
in a text editor like Notepad++ and edit its content. Delete everything between the linesservices:
andstorage:
. Before the lineenvironments
include the next lines:ports: - "1433:1433"
The tabulation is essential and should be preserved. Here is the final content of the
docker-compose.yml
file:services: storage: image: "mcr.microsoft.com/mssql/server:2019-latest" restart: always ports: - "1433:1433" environment: - SA_PASSWORD=place_your_sa_password_here - ACCEPT_EULA=Y volumes: - mssql-storage:/var/opt/mssql volumes: mssql-storage:
Save the modified file.
Run the command
docker-compose up
in Powershell to execute the above script to create and run the MsSqlServer Docker container we are going to use as Report Server Storage.-
Open
MSSQL Management Studio
and Login with the following parameters:-
Server :
localhost
-
User :
sa
-
Password:
place_your_sa_password_here
(this is the argument SA_PASSWORD from the above script file. You may change it as required.)
-
Server :
Add the database named
reportserver
. After successfully creating the database, you may close the management studio.- Stop the current process in Powershell, for example, with the key combination
Ctrl+C
. -
Go back to the text editor with the opened file
docker-compose.yml
and restore its original content:services: # template configuration of Report Server. # Includes sample config for /app/Data File Storage. telerik-report-server: env_file: - mssql_storage.env image: telerik-report-server:local restart: always ports: - "82:80" depends_on: - storage # template configuration of Report Server Agent. # Includes sample config for /app/Data File Storage. telerik-report-server-agent: environment: - Agent__Name=FirstAgent, - Agent__Address=http://telerik-report-server-agent:80 env_file: - mssql_storage.env image: telerik-report-server-agent:local restart: always depends_on: - storage storage: image: "mcr.microsoft.com/mssql/server:2019-latest" restart: always environment: - SA_PASSWORD=place_your_sa_password_here - ACCEPT_EULA=Y volumes: - mssql-storage:/var/opt/mssql volumes: mssql-storage:
-
Update the
telerik-report-server
information in the same file by adding theExternalLogin__EntraId__ClientSecret
environment attribute as shown below:services: # template configuration of Report Server. # Includes sample config for /app/Data File Storage. telerik-report-server: env_file: - mssql_storage.env image: telerik-report-server:local restart: always ports: - "82:80" depends_on: - storage # template configuration of Report Server Agent. # Includes sample config for /app/Data File Storage. telerik-report-server-agent: environment: - Agent__Name=FirstAgent, - Agent__Address=http://telerik-report-server-agent:80 - ExternalLogin__EntraId__ClientSecret=HZq8Q~j9iO0Mr.WDn1U9IMHZClsacsWz3DTdlmgYjaOH env_file: - mssql_storage.env image: telerik-report-server-agent:local restart: always depends_on: - storage storage: image: "mcr.microsoft.com/mssql/server:2019-latest" restart: always environment: - SA_PASSWORD=place_your_sa_password_here - ACCEPT_EULA=Y volumes: - mssql-storage:/var/opt/mssql volumes: mssql-storage:
Change the client secret with the one from the Entra ID setup in the Azure portal.
Save the file.
Go back to the Powershell environment and execute the above yaml file with the same command
docker-compose up
. This should run the Report Server Manager and ReportServer.ServiceAgent for .NET.- Navigate to
localhost:82
in the browser to open the Report Server Manager for .NET.
4. Enabling Microsoft Entra ID Authentication in the Telerik Report Server for .NET
- Open the Telerik Report Server for .NET in the browser. The default URL is
http://localhost:82/
. -
Navigate to the Configuration page and select the Authentication tab.
Enable the
Microsoft Entra ID Provider
.- In the Instance field, use the URL -
https://login.microsoftonline.com/
. - In the Domain field, use the one from step 5 in the Create a Microsoft Entra ID Tenant section and add it as a URL, for example -
https://ReportServerNetDomain.onmicrosoft.com/
. -
Open the Microsoft Azure Portal to get the
Tenant ID
:- From the menu in the top left corner of the page, select Microsoft Entra ID.
- The
Tenant ID
can be copied from the Basic Information table in the center of the page.
-
Open the Microsoft Azure Portal to get the
Client ID
:- From the menu in the top left corner of the page, select Microsoft Entra ID.
- Expand the
Manage
dropdown >>App Registrations
>>All Applications
. - Click the application name e.g.
Report Server Application
(defined in the previous section). -
Copy the Application (client) ID and add it to the Report Server in the Client ID field.
Click the
Save Changes
button in the Report Server for .NET's Configuration page (a message that a manual restart of the service is required will appear on the screen).- The restart can be performed from the IIS Manager >> Application Pools >> Right-click the Telerik Report Server for .NET site and choose
Recycle
.
Once the service is manually restarted, log in with a user that has an administrator role and go to
User Management
.-
Click the
Add New User
button:- Select the
Authentication Provider
to beEntraId
. - Add a username.
- Add the domain name login email e.g.
username@mycompany.com
. - Choose a User Role and save the changes.
- Select the
-
Log out of the Report Server to go to the Login page.
Click the blue
Microsoft Entra ID
button. You should be automatically logged in with your EntraID.