I'm trying to understand an authentication problem that occurs in an MVC application that links to an SSRS report via html form / URL integration to SSRS Report Server. The other important piece is that the MVC application implements it's security using ASP.NET Membership System in conjunction with FormsAuthenticationService.
The use pattern is pretty simple: Open an IE7 browser. Authenticate a user to the application. Then click a form submit that makes the SSRS report request. SSRS is configured to require Windows Authentication, so the Windows Authentication dialogue displays, the user's Windows credentials are confirmed, and the SSRS report then displays.
The problem is that the Windows Authentication triggered by SSRS seems to be wiping out the triggering application's cookie state. Any action in the application tried after the SSRS authentication fails due to lost session state.
Everything works fine on IE8, I assume because each of the 2 browser windows has its own process, and therefore does not share authentication state.
How can I get around this problem in IE7?
Here's how I'm launching the SSRS request from within the application:
<form style=" id="MR" action= "<%= ViewData["SsrsUrl"] + "MyReport" %>" method="post" target="_blank" >
<%=Html.Image("../../Content/images/icon-report.png", "Run MyReport", new { onclick = "document.forms[\"MR\"].submit()" })%>
<%=Html.Hidden("rs:Command", "Render")%>
<%=Html.Hidden("rc:LinkTarget", "_blank")%>
<%=Html.Hidden("rs:Format", "HTML4.0")%>
<%=Html.Hidden("rc:Parameters", "True")%>
<%=Html.Hidden("UserId", ViewData["UserId"]) %>
</form>