Asp.net Report Viewer impersonation

Question

Hi,

I am using a report viewer control in an ASP.net web application. The application runs in the app pool identity (impersonate="false") so it has the rights to read/write the database.

But for the report viewer control I need to impersonate the currently logged on user. So far I've only found information about setting impersonation to true for the whole app so that the report viewer is impersonated as well. Or there's information on how to create its own credentials that are passed to the viewer (so it's not the currently logged on user).

Does anyone know how to impersonate the current user only for the report viewer but not for the whole application?

Answer 1

If i understand you correctly you need to implement IReportServerCredentials, here is an example ive used in the past

using System;

using System.Configuration; using System.Web; using Microsoft.Reporting.WebForms; using System.Security.Principal; using System.Net;

[Serializable] public sealed class ReportServerNetworkCredentials : IReportServerCredentials { #region IReportServerCredentials Members

private string username, password;

public ReportServerNetworkCredentials(string username, string password)
{
    this.username = username;
    this.password = password;
}

public bool GetFormsCredentials(out System.Net.Cookie authCookie, out string userName, out string password, out string authority)
{
    //throw new NotImplementedException(); 
    userName = password = authority = null;

    // The cookie name is specified in the <forms> element in Web.config (.ASPXAUTH by default)
    HttpCookie cookie = HttpContext.Current.Request.Cookies[".ASPXAUTH"];

    if (cookie == null)
    {
        authCookie = null;
        return false;
    }

    Cookie netCookie = new Cookie(cookie.Name, cookie.Value);
    if (cookie.Domain == null)
    {
        netCookie.Domain = HttpContext.Current.Request.ServerVariables["SERVER_NAME"].ToUpper();
    }

    netCookie.Expires = cookie.Expires;
    netCookie.Path = cookie.Path;
    netCookie.Secure = cookie.Secure;
    authCookie = netCookie;
    return true;
}

public WindowsIdentity ImpersonationUser
{
    get
    {
        return null;
    }
}

public System.Net.ICredentials NetworkCredentials
{
    get
    {
        return new System.Net.NetworkCredential(this.username, this.password);
    }
}

#endregion

}

And then on the aspx page with the report viewer pass in your credentials etc

        ReportViewer1.ServerReport.ReportServerCredentials = new ReportServerNetworkCredentials(username, password);
    ReportViewer1.ServerReport.ReportServerUrl = new Uri("http://youreportserver/ReportServer");
    ReportViewer1.ServerReport.ReportPath = reportPath;

//etc

This will allow you to pass whatever username and pass you like. This works on SSRS 08 / SQL 08 and id imagine 05 too, this is using forms auth.

Hope this helps and that i understood your question properly.

Edit - The code formating is a bit screwed in the first code block, hope you get the jist!

Answer 2

Chris,

Im replying here instead of below you comment as more room etc.

Yes just retrieve the current username and password from where ever you are storing them (membership etc) into the and pass into as per my example.

The username and pass must exist in the report server itself however, if you really need accounts for every user consider creating them an account on the report server when you create the account in the applicaiton itself. You can do this via the web services SSRS exposes, see here. If the site is already in use you could easily just iterate through all your users and create them an account via the SSRS web services.

However, are you sure you need a reporting account for each individual user? You could make an account for each role in the app if your reasons are more access rights than logging.