SQL 2005 Reporting Services comes out of the box as Windows Authentication. This is great if you are working on your local intranet, or local host for testing and building reports, although this does not work if you are wanting to display reports over the intranet or extranet.

Surprisingly Microsoft didn’t envision Reporting Services as being used by external sources and didn’t create a simple way of allowing Reporting Services to run on forms authentication. The following post will provide detailed instructions on what files you will need to modify to enable your Reporting Service to be forms authenticated.

Note: Once changes are made your Reporting Services will only be forms authenticated. It is not possible for Reporting Services to be both Forms and Windows authenticated at the same time. If you want to or know you will need to revert back to Windows Authentication then make sure you make a back-up copy of all files modified.

For best practice and in case your reporting services get totally jacked in the process it is best to make back-up copies of the following files. Also having back-up copies of these files will allow you to revert your forms authenticated Reporting Services to Windows Authentication.

Note: I refer to the installed path as <ReportingServiceInstall>. This is typically C:\Program Files\Microsoft SQL Server\MSQL.2\Reporting Services. This path may be different depending on number of instances and installation options when originally installing SQL server.

Back up the following files

<ReportingServiceInstall>\ReportServer\rsreportserver.config

<ReportingServiceInstall>\ReportServer\rssrvpolicy.config

<ReportingServiceInstall>\ReportServer\web.config

<ReportingServiceInstall>\ReportManager\RSWebApplication.config

<ReportingServiceInstall>\ReportManager\rsmgrpolicy.config

<ReportingServiceInstall>\ReportManager\web.config

With everything backed-up, let’s begin hacking away at Reporting Services. We’ll begin with modifying files in the <ReportingServiceInstall>\ReportServer directory. Navigate and open the <ReportingServiceInstall>\ReportServer\rsreportserver.config, and make the following modifications.

Locate the <Security> Element and make the following changes

<Extension Name=”Forms” Type=”ReportingServices.CustomSecurity.Authorization, ReportingServices.CustomSecurity”>

<Configuration>

<AdminConfiguration>

<UserName>username</UserName>

</AdminConfiguration>

</Configuration>

</Extension>

Locate the <Authentication> Element and make the following changes

<Extension Name=”Forms” Type=”ReportingServices.CustomSecurity.Authentication, ReportingServices.CustomSecurity />

Next we are going to modify the <ReportingServiceInstall>\ReportServer\rssrvpolicy.config.

Find the URL Membership of $CodeGen$, and add the following segment below.

<CodeGroup

class=”UnionCodeGroup”

version=”1″

PermissionSetName=”FullTrust”>

<IMembershipCondition

class=”UrlMembershipCondition”

version=”1″

Url=”C:\Program Files\Microsoft SQL Server\MSSQL.2\Reporting Services\ReportServer\

Bin\ReportingServices.CustomSecurity.dll />

</CodeGroup>

Next let’s open the <ReportingServiceInstall>\web.config file and make the following changes.

First locate the <identity> element and set it to false.

<identity impersonate=”false” />

Next locate the <authentication> element and set it to forms.

<authentication mode=”Forms” />

Finally add the following as a child element of <authentication>

<authentication mode=”Forms”>

<forms loginUrl=”logon.aspx” name=”sqlAuthCookie” timeout=”60″ path=”/”> </forms>

</authentication>

Now let’s move on to the <ReportingServiceInstall>\ReportManager directory. In here we are going to first modify the RSWebApplication.config file. Locate the <UI> element and make the following changes.

<UI>

<CustomAuthenticationUI>

<loginUrl>/Pages/UILogon.aspx</loginUrl>

<UseSSL>False</UseSSL> (Set To True If Using SSL)

</CustomAuthenticationUI>

<ReportServerUrl>http://<ServerName>/ReportServer</ReportServerUrl>

</UI>

Next we are going to modify the <ReportingServiceInstall>\RSMgrPolicy.config file. Locate the PermissionSet for MyComputer. And modify the PermissionSetName to FullTrust.

PermissionSetName=”FullTrust”

Next modify the <ReportingServiceInstall>\ReportManager\web.config file, and modify the <identity> element to be false.

<identity impersonate=”false”/>

This concludes all the .config modifications, but now we need the ReportingServices.CustomSecurity.dll, Logon.aspx and UILogon.aspx pages.

To get the ReportingService.CustomSecurity.dll you’ll need to download the SQL 2005 samples. You can download the SQL 2005 Samples from codeplex.
http://www.codeplex.com/SqlServerSamples/Release/ProjectReleases.aspx?ReleaseId=4000

I chose to re-name the assembly taking off the Microsoft.Samples name space for ease of use and less typing in the config files. If you leave the Microsoft.Samples in then you’ll need to go back the the config files we modified and add it to the file name.

Once you have downloaded the project you’ll need to create a strongly typed key for the project. To do this open up the Visual Studio command prompt and navigate to the samples directory. By default this should be C:\Program Files\Microsoft SQL Server\90\Samples. Once in the directory type the following

sn –k SampleKey.snk

Next load the project C:\Program Files\Microsoft SQL Server\90\Samples\Reporting Services\Extension Samples\FormsAuthentication Sample\cs. From here you can remove the Microsoft.Samples namespace. You’ll also find your Logon.aspx and UILogon.aspx pages which we will discuss next. Compile the project and copy the generated library file. Next paste the ReportingServices.CustomSecurity.dll in <ReportingServiceInstall>\ReportServer\Bin and also in <ReportingServiceInstall>\ReportManager\Bin.

Now that we have the ReportingServices.CustomSecurity.dll in place we need to get our logon forms out there too. To do this go back to your project and copy the Logon.aspx and Logon.aspx.cs files to <ReportingServiceInstall>\ReportServer directory and copy the UILogon.aspx and UILogon.aspx.cs to <ReportingServiceInstall>\ReportManager\Pages directory.

Next we need to configure IIS to stop Windows Authentication and allow anonymous access to our Reporting Service. To do this start your IIS administration tool and select properties for your virtual dictory Reports. Select the “Directory Security” tab. Click the “Edit” button for “Authentication and access control” should be the first button on the form. Check the Enable anonymous access check box. Click “Ok”, Click “Apply”, and Click “Ok” again. Repeat for virtual directory “ReportServer”.