• Replies 3 replies
  • Subscribers 338 subscribers
  • Views 33 views
  • Users 0 members are here
Related

SSRS 2008 Security

Nick Insell
$organization

Hi Guys

I'm hoping to get some advise from about the Setup of SSRS 2008, especially inside consoritia.

We have managed to setup SSRS 2008 and it works great in our main company domain but we have hit a bit of stumbling block when getting other untrusted Domains from accessing it.  In 2005 this was simple as we could just setup anonymous access to the reports through IIS.  In 2008 security is no longer handled by IIS and this is causing us a massive headache.

Has anyone got any suggestions on how to get around this.  I know it is a requriement for version 11 so keen to get setup very soon.

Thanks

Nick

Parents
  • $organization

    Yep, Microsoft has done it again.

    There are a few elaborate options...see this excerpt: http://searchsystemschannel.techtarget.com/feature/SQL-Server-2008-Reporting-Services-for-Internet-deployment

    Also see this: http://blogs.msdn.com/b/jameswu/archive/2008/07/15/anonymous-access-in-sql-rs-2008.aspx

    Or

    1. Create a new user in Windows 2008 server. (i.e. ReportingServices)
    2. Created a classic application pool, and assigned the identity execution to my new ReportingServices account in the server
    3. Associated the ReportingServices credential to a browser role inside the report server (http://localhost/Reports) for the report being rendered inside my asp.net application using the report viewer. (Folders above reports are still locked, so no browsing allowed)
    4. Disabled prompting for report parameters and disabled default values for parameters (can't render report from portal now)
    5. Set default parameter values via the parameter array of my report viewer.
    6. associated ASP.Net application to application pool being ran by my ReportingSevices credentials

    I have actual done something similar in SSRS 2005 but I created a .NET skin because I wanted more robust parameter functionality for one of my reports. However, this method obviously requires more overhead because you need to deploy a report and an application (the skin). Good Luck.

Reply
  • $organization

    Yep, Microsoft has done it again.

    There are a few elaborate options...see this excerpt: http://searchsystemschannel.techtarget.com/feature/SQL-Server-2008-Reporting-Services-for-Internet-deployment

    Also see this: http://blogs.msdn.com/b/jameswu/archive/2008/07/15/anonymous-access-in-sql-rs-2008.aspx

    Or

    1. Create a new user in Windows 2008 server. (i.e. ReportingServices)
    2. Created a classic application pool, and assigned the identity execution to my new ReportingServices account in the server
    3. Associated the ReportingServices credential to a browser role inside the report server (http://localhost/Reports) for the report being rendered inside my asp.net application using the report viewer. (Folders above reports are still locked, so no browsing allowed)
    4. Disabled prompting for report parameters and disabled default values for parameters (can't render report from portal now)
    5. Set default parameter values via the parameter array of my report viewer.
    6. associated ASP.Net application to application pool being ran by my ReportingSevices credentials

    I have actual done something similar in SSRS 2005 but I created a .NET skin because I wanted more robust parameter functionality for one of my reports. However, this method obviously requires more overhead because you need to deploy a report and an application (the skin). Good Luck.

Children
No Data