C# Authenticate to SSRS Report Server using Report Viewer

Question

User1711051787 posted

Hello

Currently, from C# I am using Report Viewer to launch an instance of an SSRS report using Microsoft WebForms

My ASP.NET application is hosted on IIS; the SSRS report is hosted on a different server

To authenticate from IIS to the report server, in my c# app I have:

ReportViewer1.ServerReport.ReportServerCredentials = new ReportServerCredentials("username", "pwd", "domain");

This works but not a good solution; the password expires, and for other reasons.

I would like to switch to using the IIS App Pool Identity, which I can get to using:

System.Net.CredentialCache.DefaultCredentials

However, these are Icredentials; SSRS uses IReportCredentials

How can I solve for using the IIS App pool identity to authenticate to SSRS report server?

Thanks

Answer 1

User1711051787 posted

I have tried this

SSRSReportViewer.ServerReport.ReportServerCredentials.NetworkCredentials= System.Net.CredentialCache.DefaultCredentials

Both are of type ICredentials

But NetworkCredentials propery is read only, so this does not work

The class ReportServerCredentials has been implemented like below

public class ReportServerCredentials : IReportServerCredentials
{
private string reportServerUserName;
private string reportServerPassword;
private string reportServerDomain;

public ReportServerCredentials(string userName, string password, string domain)
{
reportServerUserName = userName;
reportServerPassword = password;
reportServerDomain = domain;
}
public WindowsIdentity ImpersonationUser
{
get
{
// Use default identity.
return null;
}
}

public ICredentials NetworkCredentials
{
get
{
// Use default identity.
return new NetworkCredential(reportServerUserName, reportServerPassword, reportServerDomain);
}
}
public void New(string userName, string password, string domain)
{
reportServerUserName = userName;
reportServerPassword = password;
reportServerDomain = domain;
}

public bool GetFormsCredentials(out Cookie authCookie, out string user, out string password, out string authority)
{
// Do not use forms credentials to authenticate.
authCookie = null;
user = null;
password = null;
authority = null;

return false;
}
}
}

Answer 2

User-2057865890 posted

Hi FA,

You could try getting the user information from the Web.config file. Take a look at IReportServerCredentials Interface.

using System;
using System.Data;
using System.Configuration;
using System.Net;
using System.Security.Principal;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
using Microsoft.Reporting.WebForms;

public partial class _Default : System.Web.UI.Page 
{
    protected void Page_Init(object sender, EventArgs e)
    {
        ReportViewer1.ServerReport.ReportServerCredentials = 
            new MyReportServerCredentials();
    }
}

[Serializable]
public sealed class MyReportServerCredentials : 
    IReportServerCredentials
{
    public WindowsIdentity ImpersonationUser
    {
        get
        {
            // Use the default Windows user.  Credentials will be
            // provided by the NetworkCredentials property.
            return null;
        }
    }

    public ICredentials NetworkCredentials
    {
        get
        {
            // Read the user information from the Web.config file.  
            // By reading the information on demand instead of 
            // storing it, the credentials will not be stored in 
            // session, reducing the vulnerable surface area to the
            // Web.config file, which can be secured with an ACL.

            // User name
            string userName = 
                ConfigurationManager.AppSettings
                    ["MyReportViewerUser"];

            if (string.IsNullOrEmpty(userName))
                throw new Exception(
                    "Missing user name from web.config file");

            // Password
            string password = 
                ConfigurationManager.AppSettings
                    ["MyReportViewerPassword"];

            if (string.IsNullOrEmpty(password))
                throw new Exception(
                    "Missing password from web.config file");

            // Domain
            string domain = 
                ConfigurationManager.AppSettings
                    ["MyReportViewerDomain"];

            if (string.IsNullOrEmpty(domain))
                throw new Exception(
                    "Missing domain from web.config file");

            return new NetworkCredential(userName, password, domain);
        }
    }

    public bool GetFormsCredentials(out Cookie authCookie, 
                out string userName, out string password, 
                out string authority)
    {
        authCookie = null;
        userName = null;
        password = null;
        authority = null;

        // Not using form credentials
        return false;
    }
}

Best Regards,

Chris

Answer 3

User1711051787 posted

Thank-you but I am not sure I understand - I am trying to get credentials from the IIS app pool identity

This gets me the IIS credentials: System.Net.CredentialCache.DefaultCredentials

but how to assign to the Report Viewer object?

Sorry, We cannot store the username/password in a web config

Answer 4

User-2057865890 posted

Hi F A,

If you web application is using forms authentication, then simply doing the following will likely work:  System.Net.CredentialCache.DefaultCredentials

However, if you are using windows authentication for the web site, the above will instead pass along the identity of the currently logged in windows user, instead of the application pool identity, which may not be what you want. Take a look at this thread.

Best Regards,

Chris