Submit My Question - Recent Questions - Recent Answer
Msdn Tech >> SQL Server >> SQL Server Reporting Services

How to leverage custom security with ReportViewer and SSRS Web Service

My company is building a WindowsForms application that will use SSRS 2005 for it's reporting needs. The application will use ClickOnce and will run in an extranet type of environment against a centralized database designed in an "ASP" fashion with key, customer-specific tables marked with an "OrgId."

The authentication/authorization within the app will be with custom classes implementing IPrincipal and IIdentity and leveraging the built-in .NET security framework. Because of this, I have come to the conclusion that we will have to author a custom security extension for SSRS.

Now, none of this is rocket science, but we would like to use the Windows Forms ReportViewer control within our app, in conjunction with the Reporting Services Web Service and I have yet to find a decent example that illustrates how to utilize custom security extensions with the web service and the reportviewer.

Any suggestions, tips, tricks, pitfalls?

Thanks,
Matthew Belk

[1032 byte] By [mrbelk] at [2007-12-17]
«« VS2005 Rel: Project publishing issue
»» Crystal Report Windows Forms Wiewer Error: "Object reference not set to an instance of an o
# 1

This stuff is in BOL, but it's not very discoverable.

Here's an example of using the SSRS Forms Auth security extension in conjunction with the ReportViewer:

http://blogs.msdn.com/bimusings/archive/2005/11/04/489100.aspx

Here's an example of using the Forms Auth Security extension with the SSRS webservice (basically, just calling LoginUser(): implemented in the security extension)

http://blogs.msdn.com/bimusings/archive/2005/08/04/447939.aspx

Hope this helps

RussellChristopher-msft at 2007-10-6 > top of Msdn Tech,SQL Server,SQL Server Reporting Services...
# 2
Thanks for the blog pointers.

Now, the next logical question is how to leverage the custom security extensions to restrict access to various items within the SSRS space so that the custom "CheckAccess" routines from the sample code will work properly.

I'd love to let SSRS handle this, but if the answer is "You have to do that from your app," then that's OK, too.

Thanks,
Matthew Belk

mrbelk at 2007-10-6 > top of Msdn Tech,SQL Server,SQL Server Reporting Services...
# 3

Have you explored the Forms Auth security extension sample yet? If not, I would -- You could pretty much use 60-70% of it for your purposes (authorization included)...The only changes you'd have to make is how LogonUser gets handled, etc.

RussellChristopher-msft at 2007-10-6 > top of Msdn Tech,SQL Server,SQL Server Reporting Services...
SQL Server
SQL Server Reporting Services

SQL Server Hot Topic

SQL Server New Topic

SQL Server

Java / MSDN / Linux Tech / PHP Tech / MSDN DotNet / MSDN TECH / Health Library / Programmers Tech / visual basic Tech / Developer Tech / Ipod faqs / Msdn China Tech

Site Classified