R – SSRS 2005 – Configuring User Authentication/Authorization

asp.netreporting-servicesSecurity

I have created an ASP.NET 2.0 web application and would like to use SSRS 2005 for reporting purposes.

The web application uses forms authentication and custom roles for authorization. I have created reports and deployed it to a our SQL Server 2005 box.

I have two options to integrate the reports into my application:

  1. Link to SSRS from within my application. The link would have the parameters and options specified. I make sure that the link only shows for authorized users and it links to correct report with appropriate parameters.

  2. Use ReportViewer control and display reports using that. All processing will be done by SSRS

However, I am not sure of the best way to configure security in the IIS on the Reporting Services box. Currently it is set to Windows Integrated Authentication. Also the reporting service has my username with Browser role.

Not all users of my application will have AD login. Also the application is on internet and I don't want to open up SSRS more than necessary. At the same time, I want it to be seamless for our users in that I don't want SSRS to prompt for username and password.

What is the best way to accomplish this? Should I create a dummy AD user and then use it to communicate between ASP.NET app and SSRS? If not that, what is the easiest way that achieves everything I need?

Best Answer

We communicate with the SSRS using the web service interface and with the Report Viewer control using the same AD account for all users. As for permissions we have custom access list that the asp.net page checks before serving the report to the user. This is attached to the username. We have kept the SSRS box off the internet and only way for the user to access is thorugh the application so access list control is enough.

For Report View Control we had to create a custom credential class for passing the AD username and password that inherited from IReportServerCredentials. AD username and password is kept in a xml file.

Hope this helps.