Restricting Access to an HttpHandler to only certain users RRS feed

  • Question

  • User2094479159 posted
    I'm working with MS Reporting Services and I need to restrict who can access the Httphandler that it uses for URL access to only members of certain windows security groups. Thus my question is "Is there an easy way(i.e. web.config setting) to implement role based security access on an HttpHandler or is this something that needs to be built into the Handler itself?" Thanks, Shawn.
    Tuesday, April 27, 2004 12:39 PM

All replies

  • User-886813230 posted
    My first instinct was to ask what kind of response you wanted when the URL was accessed by an invalid user. But the more I thought about it, the more I realized that it would probably be easier to put the logic into the HttpHandler regardless of your. You might be able to ACL the HttpHandler's assembly, but I don't know what the requester would see. Probably an Access Denied, but only trial will tell. But I would probably go with building it into the Handler, as it would ultimately be more flexible.
    Tuesday, April 27, 2004 9:45 PM