Hello Mustafa. It does sound like you are experiencing the double hop issue. Your access of the IIS server is the first hop in NTLM, then the IIS server to the report server is the second hop, and in NTLM, your Windows credentials can't be delegated
to the second hop. This is the behavior of Windows integrated authentication using NTLM.
When you're running your project on your development machine, you're accessing your own machine (the development server), so there's no hop, and the access to the report server is the first hop.
To get around this, by default ReportViewer in remote mode uses the user context of the ASP.NET worker process that is running your page when accessing the report server (not impersonating your user context). When you explicitly supply the impersonation
identity, the report server access is considered as a first hop again, which is why it succeeds.
It's possible to avoid the double hop issue altogether in Windows authentication by using Kerberos, but this would be very heavy-handed and it might not be the option you'd want to consider (e.g. domain admininstration privileges, SPNs, identity delegation,
etc).
Cephas Lin This posting is provided "AS IS" with no warranties.