Why does the VS 2010 ASP .NET ReportViewer fail to render parameters when a custom RoleProvider is specified?

Question

I have taken a sample SSRS report from http://gotreportviewer.com/. The report displays some customer data and the "City" parameter. The report also uses the "City" parameter to filter the data. This report runs just fine unless I enable a custom RoleProvider through web.config. I have set break points in all of the methods of my custom RoleProvider subclass, and I have created a UserDecorator to wrap the default User context so that I can set a breakpoint there as well.

When the custom RoleProvider is enabled, the report fails to render correctly, but the ReportError event is not raised. Further, none of the methods on the RoleProvider or custom IPrincipal are called. The following is the debug output from the output window:

A first chance exception of type 'System.Security.SecurityException' occurred in mscorlib.dll

A first chance exception of type 'System.Security.SecurityException' occurred in Microsoft.ReportViewer.ProcessingObjectModel.dll

A first chance exception of type 'System.Security.SecurityException' occurred in Microsoft.ReportViewer.Common.dll

A first chance exception of type 'Microsoft.ReportingServices.ReportProcessing.ReportProcessingException' occurred in Microsoft.ReportViewer.Common.dll

A first chance exception of type 'Microsoft.ReportingServices.ReportProcessing.ReportProcessingException' occurred in Microsoft.ReportViewer.Common.dll

A first chance exception of type 'Microsoft.ReportingServices.ReportProcessing.ProcessingAbortedException' occurred in Microsoft.ReportViewer.Common.dll

My understanding was that Code Access Security was deprecated in .NET 4.0, so I'm a little confused as to what the ReportProcessingException could be. I don't think it's a trust issue because the report executes just fine when not using a custom RoleProvider. I don't understand why the RoleProvider affects anything since none of its methods are ever being called.

It is a requirement of the project that I use an in-house RoleProvider.

Here is a link to the demo project: http://cid-7c1d9f1e46206d43.office.live.com/self.aspx/Public/Blog%20Solutions/ReportViewerDemo.zip

Enable or Disable the RoleProvider via the web.config

Can anyone explain why this is happening? And what the workaround is? Thanks!

Answer 1

I found part of the answer here. Apparently you have to call SetBasePermissionsForSandboxAppDomain for a parameterized report. I'm still not sure why. I'd like to know what the report is doing that makes this a requirement.

PermissionSet permissions = new PermissionSet(PermissionState.None);
permissions.AddPermission(new FileIOPermission(PermissionState.Unrestricted));
permissions.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));

ReportViewer1.LocalReport.SetBasePermissionForSandboxAppDomain(permissions);