Reputation: 11
SSRS, ReportViewer and ASP.NET Access Denied
I've got an ASP.NET application that has a ReportViewer control on it:
<rsweb:ReportViewer ID="rv" runat="server" ProcessingMode="Remote"
ShowParameterPrompts="False"AsyncRendering="true" >
<ServerReport ReportPath="<My Report>" ReportServerUrl="<Report Server URL>" />
</rsweb:ReportViewer>
The report server is running on different server than my app server so I'm passing credentials when I call the report:
rv.ServerReport.ReportServerCredentials = New ReportCredentials()
rv.ServerReport.SetParameters(params)
rv.ServerReport.Refresh()
Credentials are in this class:
<Serializable()> _
Public Class ReportCredentials
Implements Microsoft.Reporting.WebForms.IReportServerCredentials
Public Function GetFormsCredentials(ByRef authCookie As System.Net.Cookie, ByRef userName As String, ByRef password As String, ByRef authority As String) As Boolean Implements Microsoft.Reporting.WebForms.IReportServerCredentials.GetFormsCredentials
authCookie = Nothing
userName = Nothing
password = Nothing
authority = Nothing
Return False
End Function
Public ReadOnly Property ImpersonationUser() As System.Security.Principal.WindowsIdentity Implements Microsoft.Reporting.WebForms.IReportServerCredentials.ImpersonationUser
Get
Return Nothing
End Get
End Property
Public ReadOnly Property NetworkCredentials() As System.Net.ICredentials Implements Microsoft.Reporting.WebForms.IReportServerCredentials.NetworkCredentials
Get
Return New NetworkCredential(AppSettings("ReportUser"), Helpers.GetReportPassword(), AppSettings("ReportDomain"))
End Get
End Property
End Class
In my web.config file I've got impersonate="true".
The problem I'm having is that most users get this error:
Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
If I run the application under my account and then have them try under their account it works. I can reproduce the error for them by recycling the App Pool the app is running under. If I make a user a local admin (like I am) on the app server then it will work but obviously I don't want to do this. Any ideas on what I'm doing wrong and also why the application all of sudden works for them after I run it once?
Upvotes: 0
Views: 4036
Answers (1)
Reputation: 11
Found out the issue was access to the machine.config file on the app server. Since I'm running with impersonation and integrated authentication in IIS, the app was running as the logged in user. Apparently when getting the NetworkCredentials, machine.config is accessed. Since the users didn't have access to machine.config, it failed. I'm guessing machine.config is cached so that's why it worked after I ran the app as myself (an admin). I went ahead and gave read access to machine.config to my users for now and that has solved the issue. Not sure if there's a better way to do it.
Upvotes: 1
Related Questions
- Unauthorized when passing credentials to report server from reportviewer
- SSRS Reportviewer - 401 Unauthorized
- SSRS Export in ReportViewer returns 401 Unauthorized
- SSRS Showing Authentication Error
- SSRS permissions granted to user domain/computer$
- ReportViewer - 401: Unauthorized
- Report viewer gets a 401 Unauthorized
- Unable to access ssrs reports from ASP.NET
- Using SSRS with ASP.Net ReportViewer
- SSRS 2008: ReportViewer does not have access rights to local Report Server