This topic explains how to configure Internet Information Services (IIS) hosting HTTP data provider (msmdpump.dll
) for SQL Server Analysis Services (SSAS), for cross-domain access (both authenticated and non-authenticated access). These settings are required for certain usage scenarios of the igOlapXmlaDataSource control.
For configuring of authenticated access for the Mozilla Firefox browser (version 17 at this writing), which constitutes a special case, refer to the Configuring Authenticated Access for the Mozilla Firefox Browser (igOlapXmlaDataSource) topic.
The following table lists the concepts and topics required as a prerequisite to understanding this topic.
Concepts
Topics
igOlapXmlaDataSource
component which uses SSAS instances for retrieving data.This topic contains the following sections:
The igOlapXmlaDataSource
control allows cross-domain access to the HTTP access provider (msmdpump.dll
). However, there are a few settings which need to be done on the IIS application running the HTTP access provider (unless you want to allow access from trusted domains only, in which case no settings to the IIS are required).
For cross-domain access, you need to specify the domains that will be allowed to make these data requests, the method through which data will be transferred, the fields that control what headers can be used in the requests, and, in case of authenticated access, indicate that user credentials need to be provided. All this is handled by configuring several HTTP response handlers.
In addition to that, you need to configure the server response to the OPTIONS method requests. This is achieved by configuring the OPTIONSVerbHandler.
Each of the three HTTP response headers consist of a name and a value. The name is mandatory as defined by the World Wide Web Consortium (W3C) (in their Cross-Origin Resource Sharing document) and the value specifies a certain behavior for the requests. The following table briefly explains the purpose of each HTTP response header.
Header Name | Description |
---|---|
Access-Control-Allow-Headers | As a part of a preflight request, manages which header field names can be used in the actual request. |
Access-Control-Allow-Origin | Configures the domains from which requests will be accepted. |
Access-Control-Request-Method | Specifies the method to be used in the actual request as part of the pre-flight request. |
Access-Control-Request-Method (Authenticated access only) | Specifies the method to be used in the actual request as part of the pre-flight request. |
Further configuration details are provided in the rest of the topic as follows:
Following are the general conceptual steps for Configuring IIS for Cross-Domain OLAP Data without authentication.
Configuring the HTTP Response Headers
Configuring the OPTIONSVerbHandler
The following table lists the required settings of the HTTP response headers for configuring ISS for cross-domain OLAP Data without authentication. The settings are configured as custom headers from the HTTP Response Headers option of the application that is hosting the HTTP access provider.
Header Name | Value | Details |
---|---|---|
Access-Control-Allow-Headers | Origin, Content-Type, Accept |
These are the names of the fields required to be used in the actual request, separated with commas.
These particular fields are required by the igOlapXmlaDataSource control. If any of these is not set, the cross-origin requests will fail.
|
Access-Control-Allow-Origin | The names of the allowed domains or asterisk (*) for allowing all domains | To grant access from several domains, type the domain names separated by comma (,). |
Access-Control-Request-Method | POST |
The name of the HTTP method to be used in the actual request.
The igOlapXmlaDataSource control requires that the request method is POST.
|
Access-Control-Allow-Credentials (Authenticated access only) | true |
The allowed values are:
|
The following table lists the required settings of the HTTP handler.
HTTP handler name | Required Access Level | Details |
---|---|---|
OPTIONSVerbHandler | Read | Specifies that the handler requires read access to the requests. |
This procedure configures an IIS application to accept HTTP headers from any domain. The access can be either authenticated or non-authenticated (The additional settings required for authenticated access are provided.).
To complete the procedure, you need the following:
Following is a conceptual overview of the process:
Accessing the IIS OLAP application
Configuring the HTTP Response Headers
Configuring the OPTIONSVerbHandler
The following steps demonstrate how to setup the IIS for accepting HTTP headers.
Access the IIS OLAP application.
Connect to your server.
Using a tool like Remote Desktop Connection, connect to your remote server where your application resides.
Launch the IIS Manager.
Run the IIS Manager on the server.
Navigate to your IIS application.
Using the IIS Manager interface, navigate to your application that is hosting the HTTP access provider (msmdpump.dll). In this case, you will be accessing the OLAP application.
Configure the HTTP Response Headers.
In the application, add and configure the required headers.
The following table specifies the settings to use in for each header. For the sake of this example, requests from any domain will be accepted ( for Access-Control-Allow-Origin); if you need to accept requests only from certain domains, then put the domain names in the place of the asterisk (). For enabling anonymous access do not define the Access-Control-Allow-Credentials header. For explanation of the values, refer to HTTP response headers’ settings.
Name | Value |
---|---|
Access-Control-Allow-Headers | Origin, Content-Type, Accept |
Access-Control-Allow-Origin | * |
Access-Control-Request-Method | POST |
Access-Control-Allow-Credentials(Authenticated access only) | true |
To add and configure the headers:
In your application, in the Home pane, double-click HTTP Response Headers.
The HTTP Response Headers module opens.
Add a custom HTTP response header.
A. In the Action pane, click the Add … link.
The Add Custom HTTP Response Header dialog appears.
B. Configure the header.
In the Name field, type the name of the HTTP response header, e.g.Access-Control-Allow-Headers
. In the Value field, type the desired value for the HTTP response header, e.g. Origin
, Content-Type
, Accept
.
C. Click OK.
D. Repeat steps A÷C with the respective settings for the other headers.
Configure the OPTIONSVerbHandler.
Access the Handler Mappings module.
Navigate back to the OLAP application and double-click HandlerMappings. The Handler Mappings module opens:
Double-click the OPTIONSVerbHandler. The Edit Module Mapping dialog opens.
Allow Read access.
A. Click the Request Restrictions button. The Request Restrictions dialog appears.
B. In the Access tab, set the access setting to Read.
C. Click OK. The Request Restrictions button dialog closes and you are taken back to Edit Module Mapping dialog.
D. Click OK again. The Edit Module Mapping dialog now closes and you are taken back to the calling screen.
Make sure that OPTIONSVerbHandler is at the top of the Handler Mappings list.
To access the Handler Mappings, from the Actions menu, click View Ordered List…. The OPTIONSVerbHandler must be at the top of the Handler Mappings list. If it isn’t, select the OPTIONSVerbHandler and use the Move Up command from the Actions menu to move it to the top.
The following samples provide additional information related to this topic.
Binding to XMLA to Show KPIs: This sample demonstrates how to bind the igPivotView
to an igOlapXmlaDataSource
.
Remote Xmla Provider: This sample demonstrates one of the benefits of using the remote provider feature of the igOlapXmlaDataSource
- less network traffic. All requests are proxied through the server application to avoid cross domain problems. In addition, the data is translated to JSON reducing the size of the response.
The following material (available outside the Infragistics family of content) provides additional information related to this topic.
List of HTTP header fields: List of all HTTP header fields with explanations.
Provisional Message Header Field Names: The official list of header field names.
Cross-Origin Resource Sharing: This document defines a mechanism to enable client-side cross-origin requests.
Working with Online Analytical Processing (OLAP): This article is an introduction to working with OLAP data.
Walkthrough: Creating and Registering a Custom HTTP Module: This walkthrough illustrates the basic functionality of a custom HTTP module.
View on GitHub