views:

1200

answers:

2

I have created an ASP.NET 2.0 web application and would like to use SSRS 2005 for reporting purposes.

The web application uses forms authentication and custom roles for authorization. I have created reports and deployed it to a our SQL Server 2005 box.

I have two options to integrate the reports into my application:

1) Link to SSRS from within my application. The link would have the parameters and options specified. I make sure that the link only shows for authorized users and it links to correct report with appropriate parameters.

2) Use ReportViewer control and display reports using that. All processing will be done by SSRS

However, I am not sure of the best way to configure security in the IIS on the Reporting Services box. Currently it is set to Windows Integrated Authentication. Also the reporting service has my username with Browser role.

Not all users of my application will have AD login. Also the application is on internet and I don't want to open up SSRS more than necessary. At the same time, I want it to be seamless for our users in that I don't want SSRS to prompt for username and password.

What is the best way to accomplish this? Should I create a dummy AD user and then use it to communicate between ASP.NET app and SSRS? Or if not that, what is the easiest way that achieves everything I need?

+2  A: 

We communicate with the SSRS using the web service interface and with the Report Viewer control using the same AD account for all users. As for permissions we have custom access list that the asp.net page checks before serving the report to the user. This is attached to the username. We have kept the SSRS box off the internet and only way for the user to access is thorugh the application so access list control is enough.

For Report View Control we had to create a custom credential class for passing the AD username and password that inherited from IReportServerCredentials. AD username and password is kept in a xml file.

Hope this helps.

Fahad
Fahad,This AD account is a non-existent user just used for SSRS?
cwius
Yes. Just only give enough permission to access SSRS. This user needs to have DataReader access to the database also.
Fahad
I created a local user in SSRS box and gave it browser permission to SSRS and datareader permission in SQL database. However my reportviewer is not displaying any data..what am I missing?
cwius
+1  A: 

+1 Fahad

As well as using the IReportServerCredentials interface, one can use an instance of ReportServerConnection and assign it to the report viewer control. We store the username, password and domain (if needed) in the web.config file.

ReportServerConnection credentials = new ReportServerConnection('username', 'password');
ReportViewer1.ServerReport.ReportServerCredentials = credentials;
Tom
Tom, this user is an AD user, right?
cwius
That's correct. The ReportServerConnection constructor is overloaded to also take a domain.
Tom