I have a domain with another host and they have recently decided to eliminate their support for ReportViewer for the following reasons: -Not secure in both the server and local configurations (they elevated their trust level) -Unreliable even if it was secure -Unsupportable on shared servers because of its poor performance I am currently using this control on aspx pages that I have with DiscountAsp and was wondering if I should stop the development? If so is there an alternate to this control that people use?
Interesting claim!! I have not heard of such problem w/ Report viewer control. I also did some research on the net and I didn't find anything related to that. As for stability, I think it is very stable. Have you seen any problem w/ the pages you host w/ us? So.. all in all, I think the other host you are using just want to get rid of Report Viewer control and made up some excuses.
Thread from Another Host about the ReportViewer Sorry for not getting back on this but I have been crunched with work this passed week. Here is the entire thread from another host about their rational for eliminating the Microsoft ReportViewer control. One of the things that just fried me about this was when they made the security change it halted my website and would not even let the man page load even through I had only used ReportViewer on pages I had in test. You asked about any problems that I have seen so far. Now that I have moved over to your service, I have not had a chance to check this out but I was having a problem when I tried to export to excel or PDF on SOME machines. Mine worked fine but some at work did not. In reading about this problem, it my be the cookie setting that I had but I am not sure yet. --- HostMySite thread ------------------------------------- Ref: accessibleevents.org (H37272) Steve, These software components are not inherently insecure, unreliable, or unsupported. However, they are designed to use a certain amount of resources and use certain security on the server. It is not designed for environments with dozens or hundreds of sites configured, like our shared servers. If you search for "reporting services" and "medium trust" there are many forums discussing this limitation. As far as ABCpdf goes, I did not see any references to medium trust in their support articles, so I can't say for sure if it will work. Regards, Michael Peltier http://www.HostMySite.com Email: [email protected] Technical Support: 1.877.215.4678 Customer Service & Billing Inquiries: 866.916.4678 International: 1.302.731.4948 Get your FREE .com, .net, .org, .biz and .info domain name at HostMySite.com! Manage your hosting account using our Total Customer Control Center at https://controlpanel.hostmysite.com > -----Original Message----- > From: [email protected] > Sent: 09/07/2009 02:02:26 PM > Subject: Site Issue >Michael: So to get this clear, Microsoft has release software that is; -Not secure in both the server and local configurations -Unreliable even if it was secure -Unsupportable on shared servers because of its poor performance I guess you guys will not be on Bill Gates Christmas list this year! Ok, how about ABCpdf5 as a PDF tool to create reports on the domain? If that works for you guys all I need is a tool to create Excel readable files that are offered as a download. Steve -----Original Message----- From: [email protected] [mailto:[email protected]] Sent: Sunday, September 06, 2009 12:11 PM To: [email protected] Subject: Re: (#T7351985) Site Issue Ref: accessibleevents.org (H37272) Steve, We are not specifically blocking reporting services or its features, the change made was to the trust environment asp.net applications can run under, which was changed to medium trust. A limitation of reporting services is that it must run in full trust when in local mode. In remote mode, it can run under medium trust, and relies on another application called SSRS to handle the reporting, but that program is not supported on our shared servers due to performance and stability issues. Regards, Michael Peltier http://www.HostMySite.com Email: [email protected] Technical Support: 1.877.215.4678 Customer Service & Billing Inquiries: 866.916.4678 International: 1.302.731.4948 Get your FREE .com, .net, .org, .biz and .info domain name at HostMySite.com! Manage your hosting account using our Total Customer Control Center at https://controlpanel.hostmysite.com > -----Original Message----- > From: [email protected] > Sent: 09/06/2009 03:06:21 PM > Subject: Site Issue > Michel: I want to make sure you knew that the reports that I have been using in reportviwer have been developed for local mode. Why are you blocking local mode? Steve ---------------------------------------- From: [email protected] Sent: Sunday, September 06, 2009 10:13 AM To: [email protected] Subject: Re: (#T7351985) Site Issue Ref: accessibleevents.org (H37272) Steve, I've looked into other reporting services products, and found that pretty much across the board, they rely on full trust to generate the reports server side. In some cases there were compromises that could be made to work under medium trust, but it would severely restrict the ability to create the reports based on the data. Unfortunately, it looks like full trust is required to take full advantage of this type of software, and shared hosting under full trust is rarely available any more due to security concerns. If you have any other reporting services you had in mind, we could take a look, but I think the key functionality of creating report files would be difficult to accomplish under medium trust. Regards, Michael Peltier http://www.HostMySite.com Email: [email protected] Technical Support: 1.877.215.4678 Customer Service & Billing Inquiries: 866.916.4678 International: 1.302.731.4948 Get your FREE .com, .net, .org, .biz and .info domain name at HostMySite.com! Manage your hosting account using our Total Customer Control Center at https://controlpanel.hostmysite.com > -----Original Message----- > From: [email protected] > Sent: 09/02/2009 05:44:44 PM > Subject: Site Issue >Hello Steve, As we discussed the security error was still coming from the Microsoft.Reportviewer DLLs that were in your BIN directory. Once I removed them the website began to resolve. I will leave the ticket open so that we can continue to investigate if there are any other controls we can offer you. Thanks for your patience and let us know if you have any further questions or find something on your side. Thanks again and you should hear from us soon. im
That may well be true, but our reporting services run on servers separate from the web server, so it would not be an issue here. I can't imagine any shared host would run it locally - on the web server - because it does use a lot of resources. We default to medium trust, but as you know, we also allow the flexibility to change that if you need to. So they are kind of taking the easy way out by locking everyone in to medium trust. In theory, for security purposes, yeah, it seems like a good idea. I just don't see how it's workable in the real world. They must be racking up a lot of dissatisfied users...
DisSatisfied does not come close and they want more money! The following is a further post to this dissatisfied customer. I am only posting this to make sure you guys don't have any plans to eliminate the reportviwer control. Once I go down the road of using it, it would be a real pain to remove it. Regards; Steve Ref: accessibleevents.org (H37272) Hi Steve, I am writing to follow up with you on this, your request was forwarded to our technical support management team. First and foremost, I would like to apologize for any inconvenience this has caused for you. Unfortunately, all of the information as supplied to you has been accurate. You are correct, we would have supported this up until a few weeks ago. However, in light of recent events regarding the security and stability of our network, a decision was made to move our entire shared Windows environment to a medium trust environment. This is the recommended setup for a shared hosting platform, as recommended by Microsoft themselves. To further explain, running .NET in a Full Trust environment allows ANY application on the server to execute the following: Changes to the system registry Filesystem I/O throughout the filesystem (i.e.: not restricted) I'm sure you can understand why it is important for us to make the change to medium trust in light of these factors. We are not denying your request to use this control simply because we are trying to be difficult, nor have we agreed to allow controls simply because they are made by a certain vendor. The fact is that Microsoft has designed the reporting controls in such a way that require full trust - though they do not recommend a shared webhost such as Hosting.com run a server with that trust level; we have no control over this. The specific functions that would require full trust are an integral part of Microsoft's reporting tools as well as any others that our technicians have researched on your behalf: These controls generally require WRITE access to a restricted area of the filesystem. The problem is, however, that in Microsoft's design of the .NET security model, they have not made allowances for more granular control over this security, such as opening up write access only to certain applications, or to certain directories. As a service provider, we have a duty to provide a stable, secure environment within which to host your website. Our decision to move to medium trust for .NET is a part of that duty. We have in fact done research to some other controls such as ones made by third parties like Telerik and CrystalReports, however, these tools require full trust as well and we have not found a suitable replacement or workaround for what you are looking for. As the website developer, this is your responsibility to do so. Regarding your request to provide a list of what we will and will not support - that is virtually impossible. There are 10s of 1000s of components out there, some safe, some unsafe, some will run in medium trust, some won't run at all etc... The factors are far too many to list anywhere. We review and approve components on request and therefore if there is a specific component or tool you would like to use to develop your application, we will be happy to look at it and make a decision to that effect. All this being the case, we do offer other products that you would be able to use the reportviewer controls such as CloudVPS and CloudEnterprise solutions. Another option, which I do not know for sure will work for you might be our .NET professional plan which runs on IIS7 and utilizes a different security model than our traditional shared hosting plans. I would be happy to provide a Cloud VPS, Cloud Enterprise or .NET Professional plan free of charge for a month if you would like to check it out and see if it will suit your needs. However, we cannot make an exception for this component in our shared Windows environment. Please let us know if you have any further questions or concerns. Regards, Vincent Gerbino http://www.HostMySite.com Email: [email protected] Technical Support: 1.877.215.4678 Customer Service & Billing Inquiries: 866.916.4678 International: 1.302.731.4948 Get your FREE .com, .net, .org, .biz and .info domain name at HostMySite.com! Manage your hosting account using our Total Customer Control Center at https://controlpanel.hostmysite.com
>Changes to the system registry >Filesystem I/O throughout the filesystem (i.e.: not restricted) Oh boy.. i didn't know HostMySite is so weak technically... Whenever you run full trust, asp.net application has access only to resources (registry / file system) that the aspnet user has permission to. Based on his comment, I think HostMySite is using basic IIS setup and run the worker process with the network service account and share the application pool between multiple users. With our set up, each site is hosted on its own application pool with its own unique asp.net user. It is not possible for any asp.net app to access the registry on our server.
Or, based on what they said here: They are just trying to upsell inexpensive accounts to a more expensive ".NET professional" plan. Not allowing full trust would be a sure way to do that. Or to piss off a lot of customers. Either way, it seems odd that the decision was made on purely technical grounds. Unless they had a network or server compromise and this is their way of making sure it doesn't happen again.
Thank you for your input! I have to admit, my understanding of a shared environment on IIS is not very strong but I have been around this stuff long enough to know that something was not right. It probably was a calculation made by management. I Have been with them for a good 4 years and have always had good things to say until this last issue and to my mind, it was a big on. You can’t allow development of pages with a control one day then yank it the next without a migration path. Anyway, I just wanted to report that the issue I was having with some of the computers at work when exporting to PDF and Excel with ReportViewer was solved by setting cookieless="false" <sessionState mode="InProc" stateConnectionString="tcpip=127.0.0.1:42424" sqlConnectionString="data source=127.0.0.1;Trusted_Connection=yes" cookieless="false" timeout="120"/>
Thanks for posting the fix. There is always a line to walk in shared hosting, and it's not possible to please everyone. We try to avoid any drastic global changes that could have a negative impact on our users. I just can't help but wonder though, when a host makes an important configuration change like that and also conveniently has a more costly plan that is not affected...
ReportViewer I found this thread whilst researching a replacement hosting company for my web app after Webhost4Life completely cocked up migrating my application to a new platform: still broken three days later and I've switched back to my own dev web server. I've used the ReportViewer 2008 control in my web app and therefore finding a hosting company that supports and understands it is a breath of fresh air. I'd already homed in on discountASP.net from Google references so was just checking it's installed on the basic package. I've had a similar response to this thread from others (e.g with EUKHOST) and was expecting the response to be "Just because we don't". However, EUKHOST proferred the performance angle, e.g. one could run off a large report that could eat resources and therefore cannot be used on a shared server. I could half accept this stance *except* I could equally write my web app to consume the same resources... One would assume that if a particular app was being problematic (as this could apply in theory to any), then you'd approach that web app individually. Cheers, Rob.
PS. There's a comment above about reporting running on a separate server. That's Reporting Services whereas this thread was about ReportViewer running in local mode. Can somebody confirm that local mode ReportViewer is available on the base hosting service? I'm not about to re-write 30-odd reports... Cheers, Rob.
Hi, Quote "ReportViewer is a freely redistributable control" Resource here: http://www.gotreportviewer.com/ Very soon I'll be creating the Webcasts for this, specifically the 2008 version. All the best, Mark
