How to configure SSL (HTTPS) certificates to see embeded SSRS reports inside a view of an asp-mv.net project

SSRS-VS 46 Reputation points
2021-08-12T07:19:02.033+00:00

I have an asp-mvc.net project with visual studio. In the views I embeded the reports with the url to the SSRS web portal like this:

122569-imagen.png

Using html object tag and adding ?rs:embed=true

This worked good while I just connect to localhost. But when I wanted to change "localhost" for the IP of my pc (take in mind that this is a test, since lately we want to move the SSRS server and the reports to production/remote pc) the view of my web app appear in white. I then press F12 to know what is happening in the browse and it show an error of mixed protocols because the visual studio project is HTTPS and the URL of the reports is HTTP. For localhost, the browse make a transformation an convert the url from http to https. Ok.

122644-imagen.png

But if instead of localhost I write my IP, the browse will not convert the url to https and will block the report:

122596-imagen.png

Ok. Then I go to SSRS configuration manager and I create a HTTPS url:

122662-imagen.png

Then change the URL of my reports to https:

122606-imagen.png

Now I run my project and open the views. If the url is localhost, the error of converting from http to https disappear and continue to show correctly the reports embeded. But If I change localhost for my IP:

122538-imagen.png

Nothing will appear, the view will be white. Ok, I press F12 and see what the browse says:

FIREFOX: SSL_ERROR_BAD_CERT_DOMAIN
EDGE: ERR_NAME_NOT_RESOLVED
CHROME: ERR_CONNECTION_TIMED_OUT

122579-imagen.png
122634-imagen.png

And I'm blocked here. I don't know what to do. I tried to create my own certificate with New-SelfSignedCertificate -DnsName "$env:computername", "localhost", 192.168.1.27-CertStoreLocation "cert:\LocalMachine\My" and even imnporting to certlm.msc console and navigate to Trusted RootCertification Authorities / Certificates. From ssrs configuration manager appear the new certificate, but the error message SSL_ERROR_BAD_CERT_DOMAIN/ERR_NAME_NOT_RESOLVED continues when I run the project.

Yes, I also try using the name of my machine instead of my IP, but it don't work since it's the same as localhost. It work good if I run locally the project. But If I want to connect from other machine (like virtual box) will not work using the name or IP.

I even try to change the file rsreportser.config and change the domain names by +:443 and nothing:

122540-imagen.png

More information: If I write the URL directly in the browse (even in virtual box!!) with http : http://192.168.1.27/Report/mobilereport/Myreports/Report1 it will work good. But if I write the url with https: https://192.168.1.27/Report/mobilereport/Myreports/Report1 in the browse (my pc or virtual box) it will appear an advise message of risk.

122686-imagen.png

I accept the risk and add the exception and then it will redirect to a page where says: "HTTP Error 404. The requested resource is not found".

122725-imagen.png

This happen if I write the url directly in the browse. If it's in the embeded url in my web project view the view will appear in white.
If I write directly https://localhost/Report/mobilereport/Myreports/Report1 or https://mydomain/Report/mobilereport/Myreports/Report1 wich are this ones:

122771-imagen.png

it works good (on my pc, in virtual box only works: http://192.168.1.27/Report/mobilereport/Myreports/Report1). The localhost:443 refers to the IIS Express Development Certificate that appear by default in the SSRS configuration manager. The mydomain:443 it's the one I created with the comand: New-SelfSignedCertificate -DnsName "$env:computername", "localhost", 192.168.1.27-CertStoreLocation "cert:\LocalMachine\My" and then imnported to certlm.msc console / Trusted RootCertification Authorities / Certificates

In virtual box only works: http://192.168.1.27/Report/mobilereport/Myreports/Report1 ;;;; http://mydomain/Report/mobilereport/Myreports/Report1 or any url with https don't work. But remember that inside my web project I can't use http://192.168.1.27/Report/mobilereport/Myreports/Report1 due to mixed protocols.

I know the post is too long, but I wanted to give you all the information in order to make it easy.

Somebody knows how to solve this? Has anyone tried to embed reports inside a visual studio project? How I must configurate a SSL/HTTPS certificate to allow connections? How I create a SSL certificate for coneccting to SSRS server via HTTPS?

Internet Information Services
ASP.NET
ASP.NET
A set of technologies in the .NET Framework for building web applications and XML web services.
3,301 questions
SQL Server Reporting Services
SQL Server Reporting Services
A SQL Server technology that supports the creation, management, and delivery of both traditional, paper-oriented reports and interactive, web-based reports.
2,818 questions
{count} votes

3 answers

Sort by: Most helpful
  1. Bruce Zhang-MSFT 3,736 Reputation points
    2021-08-13T03:53:36.607+00:00

    Hi @SSRS-VS ,

    I researched your issue and found some points.

    First. From data of object I can know that it point to localhost, which means both Report Server Configuration Manager and application are on same machine. Projects in VS are generally https by default. If the url pointed to by the object is not in the same host (usually the URL is full: http://xxx.xx/yyy) and it is an http request, this will cause insecure information to appear in the browser. However, if the url is in the same host or use a relative URL(data="/yyy"), no error will be reported.

    So this can explain why you use localhost, vs will not convert http to https. When you use IP, vs believes that the content in the object and application are on different hosts, and automatically converts http to https for security.

    Second. The IP is not 192.... If another machine wants to access your machine, it should use IP 192..... But now, the request is send by machine to itself. It should be 127.0.0.1. So change it to 127.0.0.1 and try again. Otherwise set reporting services on another machine.

    Third. The command you used to create certificate is wrong. Please refer to this docs about correct command. IP should not be the name and this make browser cannot distinguish.

    New-SelfSignedCertificate -DnsName "www.fabrikam.com", "www.contoso.com" -CertStoreLocation "cert:\LocalMachine\My"  
    

    If the answer is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our  documentation  to enable e-mail notifications if you want to receive the related email notification for this thread.

    Best regards,
    Bruce Zhang


  2. SSRS-VS 46 Reputation points
    2021-08-13T08:20:01.213+00:00

    I found a way to solve this use: using http and allow in the browse site configuration to allow insecure content like this:
    https://experienceleague.adobe.com/docs/target/using/experiences/vec/troubleshoot-composer/mixed-content.html?lang=en
    But this is not correct, isn't?

    0 comments No comments

  3. Bruce Zhang-MSFT 3,736 Reputation points
    2021-08-16T03:43:19.737+00:00

    Hi @SSRS-VS ,

    If you can ensure that the content in the object is safe, you can do that. But it is still not recommended. The more troublesome thing is that when other clients visit, you need to tell them how to set up their browsers to allow insecure content.

    The best practice is to convert http to https. Or use https proxy.

    Use a proxy to get insecure content, and then package the insecure content into the page.

    There are multiple ways to configure https proxy. You can build your own server such as IIS as a proxy, or you can use the services of other providers as a proxy. Regarding https proxy, you can refer to this.

    If the above two methods are not what you want, the last method is to abandon https and use http.


    If the answer is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our  documentation  to enable e-mail notifications if you want to receive the related email notification for this thread.

    Best regards,
    Bruce Zhang

    0 comments No comments