Unble to Configure SSRS Custom Authentication Extension with SQL Server 2008 R2

Question

I have been working on an SSO integration of SSRS with our web application and I have not been able to get it to work. I have followed this example by Clife Green of MSFT and still cannot get it to work:

Reporting Services Single Sign On (SSO) Authentication - Part 1

Reporting Services Single Sign On (SSO) Authentication - Part 2

I have scoured the internet and searched MSDN documentation and still cannot get it to work. The error I keep getting is being thrown in the GetWebResponse from the example code is this:

Authorization ticket not received by LogonUser

I was able to make it work by passing my own cookie back and forth and checking that while ignoring the cookie managed by SSRS, but all calls I would make returned as Unauthenticated because I wasn't utilizing the SSRS Session Token that was returned in the LogonUser which can be found in the response here:

response.Headers["RSAuthenticationHeader"]

However, even though my web service calls continue to work the Report Manager did not work and returned this error:

StringStartsWith can't accept null parameters

Answer 1

Here is a detailed explanation for configuring forms authentication http://www.codeproject.com/Articles/675943/SSRS-2012-Forms-Authentication

Answer 2

This was a tough one and there wasn't a whole lot of information out there about the problems I was having. There were several things wrong.

PROBLEM #1: The Report Manager was giving me this error:

StringStartsWith can't accept null parameters

SOLUTION #1: The <loginUrl> tag is required when implementing a custom or forms authentication in SSRS.

I had to modify the RSReportServer.Config file to add my login page to the <loginUrl> tag. Once I added this and implemented the Login page (see UILogin.aspx in the examples) I no longer got the StringStartsWith error.

File Location: *C:\Program Files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\RSReportServer.Config*

<UI>
    <ReportServerUrl></ReportServerUrl>
    <PageCountMode>Estimate</PageCountMode>
    <CustomAuthenticationUI>
        <loginUrl>[YourUrl]</loginUrl>
        <UseSSL>False</UseSSL>
        <PassThroughCookies>
             <PassThroughCookie>[YourSSOCookieName]</PassThroughCookie>
        </PassThroughCookies>
    </CustomAuthenticationUI>
</UI>

PROBLEM #2: The Report Manager and my Login page endlessly redirected to each other.

This problem was because of two other issues.

SOLUTION #2A: The SSRS Report Manager needs to know the name of the cookie to use for it's authorization ticket.

First, I had to modify the the Web.Config for the Report Server and tell it the name of the cookie to use for it's authorization ticket. I used sqlAuthCookie in the example below.

File Location: *C:\Program Files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\Web.Config*

Change:

      <authentication mode="Forms">
      <forms loginUrl="[YourUrl]" name="sqlAuthCookie" requireSSL="false" />
  </authentication>

SOLUTION #2B: SQL Server 2008 R2 had a bug - Service Patch 2 fixed it.

I was still getting an endless redirect because SQL Server 2008 R2 introduced a bug in how it handled the cookie. In a nutshell the response from Report Manager tells your application the name of the SSRS authentication cookie in the header of the response:

string cookieName = response.Headers["RSAuthenticationHeader"]

When I set a breakpoint here I noticed that the cookie name was in fact this:

sqlAuthCookie,sqlAuthCookie

I did some searching and found this issue: SQL Server 2008 R2 (November CTP). Forms Authentication not working in SSRS

Downloading and installing SQL Server 2008 R2 SP2 fixed this problem for me and now my solution works!

Note: You can just install this instead of the SP: Cumulative Update package 5 for SQL Server 2008 R2