How to configure/Enable the form based authentication in SSRS 2008 RS

Asked 20/5, 2017 at 20:36 Answered 21/5, 2020 at 17:48

sql-server reporting-services ssrs-2008 forms-authentication msbi

I have two reports , one is for internal users and another one is for external users,

For internal Users i need to enable form authentication to view the report instead of creating the user accounts in the server.

For external User i do not want to enable any authentication, so that they can access the report from the browser without any authentication.

I followed the below steps by using the SSRS samples from the below link, after did all the changes i am getting HTTP500 Error. please help to enable this form based authentication.

modify the RSReportServer.config file

Step 1:-

<Authentication>
    <AuthenticationTypes> 
        <Custom/>
    </AuthenticationTypes>
    <EnableAuthPersistence>true</EnableAuthPersistence>
</Authentication>

Step 2:-

<Security>
    <Extension Name="Forms" 
Type="Microsoft.Samples.ReportingServices.CustomSecurity.Authorization, 
Microsoft.Samples.ReportingServices.CustomSecurity" >
        <Configuration>
            <AdminConfiguration>
                <UserName>username</UserName>
            </AdminConfiguration>
        </Configuration>
    </Extension>
</Security>
<Authentication>
    <Extension Name="Forms" Type="Microsoft.Samples.ReportingServices.CustomSecurity.AuthenticationExtension, Microsoft.Samples.ReportingServices.CustomSecurity" />
</Authentication>

Step 3:-

<UI>
    <CustomAuthenticationUI>
        <loginUrl>/Pages/UILogon.aspx</loginUrl>
        <UseSSL>True</UseSSL>
    </CustomAuthenticationUI>
    <ReportServerUrl>http://<server>/ReportServer</ReportServerUrl>
</UI>

modify the RSSrvPolicy.config file

Step 4:-

<CodeGroup
class="UnionCodeGroup"
version="1"
Name="SecurityExtensionCodeGroup"
Description="Code group for the sample security extension"
PermissionSetName="FullTrust">
    <IMembershipCondition 
    class="UrlMembershipCondition"
    version="1"
    Url="C:\Program Files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\Microsoft.Samples.ReportingServices.CustomSecurity.dll"
    />
</CodeGroup>

modify the RSMgrPolicy.config file

Step 5:-

<CodeGroup 
class="FirstMatchCodeGroup" 
version="1" 
PermissionSetName="FullTrust"
Description="This code group grants MyComputer code Execution permission. ">
    <IMembershipCondition 
    class="ZoneMembershipCondition"
    version="1"
    Zone="MyComputer" /> "}*To use Forms Authentication, you need to modify the Web.config files for Report Manager and Report Server

modify the Web.config file for Report Server

Step 6:-

<authentication mode="Forms">
    <forms loginUrl="logon.aspx" name="sqlAuthCookie" timeout="60" path="/">        
    </forms>
</authentication>
Add the following <authorization> element directly after the <authentication> element.
<authorization> 
    <deny users="?" />
</authorization>.

Web.config file for Report Manager

Step 7 :-

Disable impersonation by locating the section <identity impersonate= "true" /> and changing it to the following: <identity impersonate="false" />.
Locate the <authentication> element and change the Mode attribute to Forms.
Add the following keys to the <appSettings> element.
<add key="ReportServer" value="<Server Name>"/>
<add key="ReportServerInstance" value="<Instance Name>"/>

Reference URL https://msftrsprodsamples.codeplex.com/wikipage?title=SS2008R2%21Security%20Extension%20Sample&FocusElement=Comment

After performing all the above steps , when i am trying to register user i am getting the error called Keyword not supported: 'mssqlserver;integrated security'.

Lidstone answered 20/5, 2017 at 20:36 Comment(9)

What are you trying to achieve? I think there are more simple ways than editing config files and you are on wrong way – Embolus 21/5, 2017 at 9:53

My need is to enable the form authentication for internal users in the report server instead of windows authentication for one report and remove authentication for external users in another report, so that i dont want to create user accounts in the server, please route me in the correct path..! – Lidstone 21/5, 2017 at 14:51

External users means users not in your domain? If yes I can only say that "integrated security" means "windows authentication" and you still use windows authentication somewhere. – Embolus 21/5, 2017 at 20:55

Yes users not in domain and they can able to access this URL from anywhere without any authentication , and for internal(domain Users) i have to enable the form based authentication . please help me to achieve this – Lidstone 21/5, 2017 at 21:44

Your question is very interesting, I will start a bounty if nobody helps you within a day – Embolus 21/5, 2017 at 22:48

I have a similer task and I added a local user and share it's credentials to client application (authentication via API, end-user do not know credentials) – Embolus 21/5, 2017 at 22:56

here i am going to display only the report/status so no application is used, so user will access the reportserver URL in browser for just check the status , please help to remove the authentication, some how i achieved the form based authentication for the internal users but having issue in access the report. – Lidstone 22/5, 2017 at 2:23

Have you considered creating a separate application for external users? With this you could use the report viewer to wrap around the reports. – Sayre 7/2, 2019 at 16:47

Hi. To analyse that I have some questions : Did you look at the official MS Doc? How you authentication have to work so? (where are the users/pass from?) Have you made the UI page (page for login) and the dll (which respond to the question of how do the authentication works normally)? – Achene 12/3, 2020 at 11:29

Kindly check this setting to access direct without form authentication.

<allow users="*" />

Check this line to show form authentication.

<deny users="?" />

web.config setting in application.

 <authorization>
        <allow roles="Administrator" />
        <allow users="*" />
    </authorization>

    <authentication mode="Forms">
        <forms timeout="500000" loginUrl="Login.aspx" />
    </authentication>



    <system.web>
         <httpHandlers>
                <remove verb="*" path="*.asmx" />
                <add verb="*" path="Reserved.ReportViewerWebControl.axd" type="Microsoft.Reporting.WebForms.HttpHandler, Microsoft.ReportViewer.WebForms, Version=8.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"   validate="false" />
                <add verb="*" path="*.asmx" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
                <add verb="*" path="*_AppService.axd" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
                <add verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" validate="false" />
            </httpHandlers>
            <httpModules>
                <add name="ScriptModule" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
            </httpModules>
            <webServices>
                <protocols>
                    <add name="HttpGet" />
                    <add name="HttpPost" />
                </protocols>
            </webServices>
        </system.web>

Soudan answered 20/3, 2019 at 9:38 Comment(0)

I think you may have simply missed a step or made a small typo somewhere.

Follow this walkthrough for SSRS 2008* Custom Auth (it says 2016 but will work on 2008 if you use the correct "ReportServer" directories, etc.): https://github.com/microsoft/Reporting-Services/tree/master/CustomSecuritySample2016

*I see you are asking on 2008, but I've gotten custom auth to work for 2012 and 2014 SQL Server SSRS implementations using https://github.com/microsoft/Reporting-Services/tree/master/CustomSecuritySample2016.

For SSRS 2019 and above use this as your guide (similar but notable differences): https://github.com/microsoft/Reporting-Services/tree/master/CustomSecuritySample

You can do some interesting things with the custom Authorization and Authentication classes and do not need the interstitial form (just Redirect on Page_Load() if your user's request has the correct token/cookie/encrypted stuff you want to check for security).

Cubical answered 21/5, 2020 at 17:48 Comment(1)

also... if you search the net you can find out how to make an SSRS Auth completely disabled. Just Google, you will find it- the author makes very clear that this is not recommended practice for a Production SQL Server SSRS environment. I won't post the link to it here because it is dangerous, although useful for prototyping if you are not connected to the internet.. ;) -->implementing using the Sample provided by MS is the best way to go- just bypass the Form's Page_Load() (with some kind of security). – Cubical 21/5, 2020 at 17:50

Recommended topics

Hot tags