locked
C# Authenticate to SSRS Report Server using Report Viewer RRS feed

  • Question

  • User1711051787 posted

    Hello

    Currently, from C# I am using Report Viewer to launch an instance of an SSRS report using Microsoft WebForms

    My ASP.NET application is hosted on IIS; the SSRS report is hosted on a different server

    To authenticate from IIS to the report server, in my c# app I have:

    ReportViewer1.ServerReport.ReportServerCredentials = new ReportServerCredentials("username", "pwd", "domain");

    This works but not a good solution; the password expires, and for other reasons.

    I would like to switch to using the IIS App Pool Identity, which I can get to using:

    System.Net.CredentialCache.DefaultCredentials

    However, these are Icredentials; SSRS uses IReportCredentials

    How can I solve for using the IIS App pool identity to authenticate to SSRS report server?

    Thanks

    Monday, July 11, 2016 3:54 PM

Answers

  • User-2057865890 posted

    Hi F A,

    If you web application is using forms authentication, then simply doing the following will likely work:  System.Net.CredentialCache.DefaultCredentials

    However, if you are using windows authentication for the web site, the above will instead pass along the identity of the currently logged in windows user, instead of the application pool identity, which may not be what you want. Take a look at this thread.

    Best Regards,

    Chris

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Saturday, July 23, 2016 2:43 AM

All replies

  • User1711051787 posted

    I have tried this

    SSRSReportViewer.ServerReport.ReportServerCredentials.NetworkCredentials= System.Net.CredentialCache.DefaultCredentials

    Both are of type ICredentials

    But NetworkCredentials propery is read only, so this does not work


    The class ReportServerCredentials has been implemented like below

    public class ReportServerCredentials : IReportServerCredentials
    {
    private string reportServerUserName;
    private string reportServerPassword;
    private string reportServerDomain;

    public ReportServerCredentials(string userName, string password, string domain)
    {
    reportServerUserName = userName;
    reportServerPassword = password;
    reportServerDomain = domain;
    }
    public WindowsIdentity ImpersonationUser
    {
    get
    {
    // Use default identity.
    return null;
    }
    }

    public ICredentials NetworkCredentials
    {
    get
    {
    // Use default identity.
    return new NetworkCredential(reportServerUserName, reportServerPassword, reportServerDomain);
    }
    }
    public void New(string userName, string password, string domain)
    {
    reportServerUserName = userName;
    reportServerPassword = password;
    reportServerDomain = domain;
    }

    public bool GetFormsCredentials(out Cookie authCookie, out string user, out string password, out string authority)
    {
    // Do not use forms credentials to authenticate.
    authCookie = null;
    user = null;
    password = null;
    authority = null;

    return false;
    }
    }
    }

    Monday, July 11, 2016 4:19 PM
  • User-2057865890 posted

    Hi FA,

    You could try getting the user information from the Web.config file. Take a look at IReportServerCredentials Interface.

    using System;
    using System.Data;
    using System.Configuration;
    using System.Net;
    using System.Security.Principal;
    using System.Web;
    using System.Web.Security;
    using System.Web.UI;
    using System.Web.UI.WebControls;
    using System.Web.UI.WebControls.WebParts;
    using System.Web.UI.HtmlControls;
    using Microsoft.Reporting.WebForms;
    
    public partial class _Default : System.Web.UI.Page 
    {
        protected void Page_Init(object sender, EventArgs e)
        {
            ReportViewer1.ServerReport.ReportServerCredentials = 
                new MyReportServerCredentials();
        }
    }
    
    [Serializable]
    public sealed class MyReportServerCredentials : 
        IReportServerCredentials
    {
        public WindowsIdentity ImpersonationUser
        {
            get
            {
                // Use the default Windows user.  Credentials will be
                // provided by the NetworkCredentials property.
                return null;
            }
        }
    
        public ICredentials NetworkCredentials
        {
            get
            {
                // Read the user information from the Web.config file.  
                // By reading the information on demand instead of 
                // storing it, the credentials will not be stored in 
                // session, reducing the vulnerable surface area to the
                // Web.config file, which can be secured with an ACL.
    
                // User name
                string userName = 
                    ConfigurationManager.AppSettings
                        ["MyReportViewerUser"];
    
                if (string.IsNullOrEmpty(userName))
                    throw new Exception(
                        "Missing user name from web.config file");
    
                // Password
                string password = 
                    ConfigurationManager.AppSettings
                        ["MyReportViewerPassword"];
    
                if (string.IsNullOrEmpty(password))
                    throw new Exception(
                        "Missing password from web.config file");
    
                // Domain
                string domain = 
                    ConfigurationManager.AppSettings
                        ["MyReportViewerDomain"];
    
                if (string.IsNullOrEmpty(domain))
                    throw new Exception(
                        "Missing domain from web.config file");
    
                return new NetworkCredential(userName, password, domain);
            }
        }
    
        public bool GetFormsCredentials(out Cookie authCookie, 
                    out string userName, out string password, 
                    out string authority)
        {
            authCookie = null;
            userName = null;
            password = null;
            authority = null;
    
            // Not using form credentials
            return false;
        }
    }

    Best Regards,

    Chris

    Tuesday, July 12, 2016 3:17 PM
  • User1711051787 posted

    Thank-you but I am not sure I understand - I am trying to get credentials from the IIS app pool identity

    This gets me the IIS credentials: System.Net.CredentialCache.DefaultCredentials

    but how to assign to the Report Viewer object?

    Sorry, We cannot store the username/password in a web config

    Tuesday, July 12, 2016 4:05 PM
  • User-2057865890 posted

    Hi F A,

    If you web application is using forms authentication, then simply doing the following will likely work:  System.Net.CredentialCache.DefaultCredentials

    However, if you are using windows authentication for the web site, the above will instead pass along the identity of the currently logged in windows user, instead of the application pool identity, which may not be what you want. Take a look at this thread.

    Best Regards,

    Chris

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Saturday, July 23, 2016 2:43 AM