Impersonating another user with the Web Form Report Viewer control and SQL Server Reporting Services 2005

re: Impersonating another user with the Web Form Report Viewer control and SQL Server Reporting Services 2005

Raghu — Wed, 11 Jan 2006 19:49:23 GMT

I have used the above code to impersonate a specific user and can view the reports. But, I get an error when I click on Page Navigation, Refresh or any of the buttons on the Report Viewer Toolbar. Can you please help.

When I click on the page navigation button, the error that is displayed is:
"Page navigation is out of range "

Clicking on any other button will result in the error - "Execution session has expired"

The Report Server and the server hosting web application is on different servers.

re: Impersonating another user with the Web Form Report Viewer control and SQL Server Reporting Services 2005

russch — Fri, 13 Jan 2006 18:26:42 GMT

Raghu, I'm only aware of this error in conjunction with viewing a LINKED report inside the report viewer control..

Did you check your event log to see if the app pool or aspnet_wp is recycling? Try to narrow things down by running a report in LOCAL mode to see if it really is a problem with SSRS, the ReportViewer control, or the ASP.NET app hosting the control.

re: Impersonating another user with the Web Form Report Viewer control and SQL Server Reporting Services 2005

vamsi — Thu, 16 Feb 2006 01:35:52 GMT

This worked fot me. The only change I am forced to make this work is changing the web app session state to InProc.

Thanks,
vamsi.

re: Impersonating another user with the Web Form Report Viewer control and SQL Server Reporting Services 2005

nic — Thu, 09 Mar 2006 11:19:19 GMT

Hello Russell, I've implemented your ReportViewerCredentials class into my web app, now everything works fine except that sometimes when I try to change the ServerURL or ReportPath properties of the ReportViewer, I get an "Operation is not valid due to the current state of the object" error. I've tested this on many reports and found that the error only occurs when the report I'm viewing is a linked report (i.e. the property IsDrillthroughReport==true). You mentioned in your earlier comment "error in conjunction with viewing a LINKED report inside the report viewer control", so I wonder if my problem has to do with the impersonation and if so, is there any way to solve this?

Thanks!
Nic

re: Impersonating another user with the Web Form Report Viewer control and SQL Server Reporting Services 2005

russch — Wed, 15 Mar 2006 21:33:47 GMT

nic, I see what you are talking about. There are a few reports of this behavior, and if you were using the WebForm ReportViewer, all you'd need to do is call ReportViewer.Reset(), and you'd probably be in good shape...however we don't have this method in the web reportviewer. I'll poke around and see if I can find an equivalent technique.

re: Impersonating another user with the Web Form Report Viewer control and SQL Server Reporting Services 2005

russch — Wed, 15 Mar 2006 22:48:19 GMT

nic, see this workaround:

http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=212322&SiteID=1

re: Impersonating another user with the Web Form Report Viewer control and SQL Server Reporting Services 2005

Trish — Thu, 30 Mar 2006 16:27:11 GMT

We have implemented the above code. Everything was working fine until we had two users attempt to get to SRSS at the same time.

We are using the web reportviewer and always using the credentials of one windows users (ReportViewer).

The error we are getting is "Unhandled exception was caught: System.Web.HttpException: An error occurred while attempting to impersonate. Execution of this request cannot continue."

One user is able to view the report but the others get the above error message.

Any ideas?

re: Impersonating another user with the Web Form Report Viewer control and SQL Server Reporting Services 2005

Trish — Thu, 30 Mar 2006 18:26:37 GMT

It looks like the problem doesn't occur under Windows XP...but when we push it out to our build server that is Windows 2003 we start getting the messages.

re: Impersonating another user with the Web Form Report Viewer control and SQL Server Reporting Services 2005

Trish — Thu, 30 Mar 2006 18:49:51 GMT

Here is the applicaton error log message:

Event code: 3005
Event message: An unhandled exception has occurred.
Event time: 3/30/2006 10:39:10 AM
Event time (UTC): 3/30/2006 4:39:10 PM
Event ID: cf181f6f9e4f4460a6e0828711ba51e9
Event sequence: 6267
Event occurrence: 12
Event detail code: 0

Application information:
Application domain: /LM/W3SVC/52577887/root/ReportServer-2-127881193422582207
Trust level: RosettaSrv
Application Virtual Path: /ReportServer
Application Path: C:\Program Files\Microsoft SQL Server\MSSQL.2\Reporting Services\ReportServer\
Machine name: BUILD

Process information:
Process ID: 4500
Process name: w3wp.exe
Account name: NT AUTHORITY\NETWORK SERVICE

In our XP environment we are using ASPNET...in the windows 2003 environment it is using the NETWORK SERVICE.

re: Impersonating another user with the Web Form Report Viewer control and SQL Server Reporting Services 2005

Trish — Thu, 30 Mar 2006 21:47:38 GMT

Ok, we resolved it. We commented out the code in ImpersonateUser and just had it return null. That made it return the GetBasicCredentials that worked.

We figured we could eventually get the ImpersonateUser to work but this is much cleaner because we aren't having to use unsafe code. We also don't need to impersonate. The user we are passing in the the user we want...so we don't see why it would need to impersonate.

re: Impersonating another user with the Web Form Report Viewer control and SQL Server Reporting Services 2005

ReportViewer Control User — Wed, 10 May 2006 01:11:37 GMT

Hi,
I am using the above code but I need to connect to reportserver on the same domain(network). The way I did this is I return null from the ImpersonationUser method but now my NetworkCredentials property looks like the following:

public ICredentials NetworkCredentials
{
///Comment out for basic security
//// Comment out for basic security
get
{
CredentialCache cc = new CredentialCache();
cc.Add(new Uri(ConfigurationManager.AppSettings["ReportServerEndPoint"]), "Basic", new NetworkCredential(this.Username.ToString(), this.Password.ToString()));
return cc; // Not using NetworkCredentials to authenticate.
}
}

Is this the right way?. Does the user need to be a local user on the machine that has the report server?

Thanks

re: Impersonating another user with the Web Form Report Viewer control and SQL Server Reporting Services 2005

Luis — Thu, 18 May 2006 22:21:51 GMT

I have a problem with this, I have some reports that have multiple dropdownlist, when you select one dropdownlist it must refresh another dropdownlist, it works if you navigate to the report with reportmanager, but not with reportviewer, after refreshing one dropdowncontrol I got the same 401 unauthorized error.

Any help

re: Impersonating another user with the Web Form Report Viewer control and SQL Server Reporting Services 2005

Leon — Tue, 23 May 2006 00:05:00 GMT

I also got the same issue as Trish "Unhandled exception was caught: System.Web.HttpException: An error occurred while attempting to impersonate. Execution of this request cannot continue".

I am not sure whether Trish is using the same way as me, but I just create a seperate application pool and use the local account user to run my application (which only enable user to look at the reports right now). Then without using the Impersonation, I got the application running.

However, I am not sure what is the security impact of running my application by using a local account with much higher level permissions or how much is different than impersonation for security concern, anybody have a good idea? Thanks.

HTTP status 401: Unauthorized

Asaf — Wed, 24 May 2006 15:43:13 GMT

When trying to view the report I am receiving the error:

The request failed with HTTP status 401: Unauthorized.
* same user and password works fine on windows application
Also I have tried Administrator user.

My code for the report viewer is:

rvBlackListReport.ProcessingMode = ProcessingMode.Remote;

rvBlackListReport.ServerReport.ReportServerUrl = new
Uri("https://www.MyDomain.com/ReportServer");
rvBlackListReport.ServerReport.ReportPath = "/MyReports/TestReport";

ReportViewerCredentials rvc = new
ReportViewerCredentials("TestUser", "TestPassword", "");
rvBlackListReport.ServerReport.ReportServerCredentials = rvc;

Regards,
Asaf

re: Impersonating another user with the Web Form Report Viewer control and SQL Server Reporting Services 2005

furmangg — Wed, 27 Sep 2006 03:26:15 GMT

I've reported a bug regarding using the credentials code seen above... apparently the keepalive code ReportViewer uses doesn't pay attention to it, so the session in ReportServerTempDB gets dumped after 10 mins instead of being kept alive:

https://connect.microsoft.com/VisualStudio/feedback/ViewFeedback.aspx?FeedbackID=213131

Please see the workaround I posted there (changing the app pool identity)... and post a workaround yourself if you've figured out a better way around this problem.

re: Impersonating another user with the Web Form Report Viewer control and SQL Server Reporting Services 2005

BradB — Mon, 02 Oct 2006 22:19:07 GMT

For the page navigation problem, page navigation is a postback. Look at what you are doing in the PageLoad when IsPostBack == true.

re: Impersonating another user with the Web Form Report Viewer control and SQL Server Reporting Services 2005

Raquel — Wed, 01 Nov 2006 22:26:39 GMT

Hi Russel,

You just had a training in our site a couple of weeks ago and you gave you C# script for Impersonation but I got the script from the web below.

My question is, Using the script below How do I clean up the Impersonation? otherwise Is the user is still logged in using the Impersonated Account?

Thanks, hope to hear from you.

Raquel

Imports Microsoft.Reporting.WebForms

Imports System.web.Security

Imports Microsoft.VisualBasic

Imports System.Net

Public Class ReportServerCredentials

Implements IReportServerCredentials

Private _userName As String

Private _password As String

Private _domain As String

Public Sub New(ByVal userName As String, ByVal password As String, ByVal domain As String)

_userName = userName

_password = password

_domain = domain

End Sub

Public ReadOnly Property ImpersonationUser() As System.Security.Principal.WindowsIdentity Implements Microsoft.Reporting.WebForms.IReportServerCredentials.ImpersonationUser

Get

Return Nothing

End Get

End Property

Public ReadOnly Property NetworkCredentials() As ICredentials Implements Microsoft.Reporting.WebForms.IReportServerCredentials.NetworkCredentials

Get

Return New NetworkCredential(_userName, _password, _domain)

End Get

End Property

Public Function GetFormsCredentials(ByRef authCookie As System.Net.Cookie, ByRef userName As String, ByRef password As String, ByRef authority As String) As Boolean Implements Microsoft.Reporting.WebForms.IReportServerCredentials.GetFormsCredentials

userName = _userName

password = _password

authority = _domain

Return Nothing

End Function

End Class

re: Impersonating another user with the Web Form Report Viewer control and SQL Server Reporting Services 2005

russch — Sat, 04 Nov 2006 05:16:12 GMT

Hi Raquel --

It looks like you're trying to do two things at the same time here -- Get Forms Auth credentials, and then turn around and do Windows Impersonation...Is this correct?

re: Impersonating another user with the Web Form Report Viewer control and SQL Server Reporting Services 2005

Henry — Thu, 30 Nov 2006 05:31:55 GMT

Hi,russch:

I had developed a reporting service home page for our intranet . And I deployed this home page at "domain.server1" (for example) and my sql server database and reporting service is at another server "domain.server2"(for example). on the "domain.server1" , the Authentication methods is Integrated windows authentication. and on the "domain.server2" , with the reportingservice server properites and home folder, in the "permissions" tab, I had add the "domain.server1$" as system user role. so I can view my report via my home page and it works fine. If I remove the "domain.server1$" from the reporting service, there could be encountered an error "The permissions granted to user 'domain.server1$' are insufficient for performing this operation".

I used

rService.Credentials = System.Net.CredentialCache.DefaultCredentials;

in my home page to list the reports. But this function return nothing.I think this must be a problem, so I change this code as

System.Net.NetworkCredential myCreds = new System.Net.NetworkCredential();

myCreds.Domain = "domain";

myCreds.UserName = "UserName";

myCreds.Password = "Password";

rService.Credentials = myCreds;

and add this "UserName" to a local group "group1" on "domain.server2" , and grant this group "group1" to access the reporting service server. It works fine.

Because I need to access my home page and reporting service as the same Integrated windows authentication.I do not need the user to type in the user name and password again and again. So if they login the window system and then they can access their own home page functions and their groups own report server folders.

But now , I'm confused how to get the user's information .I can get the user domain and username by HttpContext,but I can not get the password infomation , even though encrypted.

Do I can get the user's password information from the AD or there is another choice for this condition?

could you give me some suggestion?

T.I.A

Henry

re: Impersonating another user with the Web Form Report Viewer control and SQL Server Reporting Services 2005

russch — Sat, 09 Dec 2006 19:30:02 GMT

Hi Henry -- I'm a tiny bit unclear on how you are displaying the report in your homepage (inside an IFrame? Using the Report Viewer control?), but this shouldn't be too difficult.

If you modify web.config on your homepage to use Impersonation, then display reports through the Report Viewer control, this should happen:

1. User hits the homepage, and logs in if necessary (as domain\user1, lets say)

2. From now on, everything they do happens under this security context.

3. They run your report through the Report Viewer, and the Report Viewer picks up the credentials of the user (domain\user1) automatically, passing them along to domain\server2, where SSRS lives.

re: Impersonating another user with the Web Form Report Viewer control and SQL Server Reporting Services 2005

Henry — Sun, 17 Dec 2006 12:11:30 GMT

Hi,Russch:

Thank your for your suggestion.

I had fixed this issue a few day ago.

I used a IFrame in my homepage and also use a report viewer control to display my report.

May be I had not described clearly.:( I don't want the user type in the password when they hits the homepage, so I integrated the windows authentication. And this security context can not access to SSRS server before.

I had configurated the domain.server1 as a trusted machine and use the Kerberos authentication and it work fine.

Anyway, thanks a lot!:)

Henry

re: Impersonating another user with the Web Form Report Viewer control and SQL Server Reporting Services 2005

Mike — Wed, 27 Dec 2006 23:34:48 GMT

Trying to access a remote server with ReportViewer and was getting the 401 error. I tried your impersonation suggestion below but get the following message:

"For security reasons DTD is prohibited in this XML document. To enable DTD processing set the ProhibitDtd property on XmlReaderSettings to false and pass the settings into XmlReader.Create method. "

I searched the web far and wide but could not find a reasonable solution. There are no errors in my event log.

I am using 2 machines on a peer to peer windows network (no domain).

Any clues?

Thanks!

re: Impersonating another user with the Web Form Report Viewer control and SQL Server Reporting Services 2005

Aaron — Fri, 29 Dec 2006 01:37:09 GMT

Hi Russch,

I am unclear on why you need to impersonate a Windows user. The documentation I have read online talks about having the ImpersonationUser return null and instead implement the GetFormsCredentials function.

Have you implemented forms authentication for ReportViewer using the function GetFormsCredentials() before?

I am having an *awful* time getting this set-up. Here is the url for the sample code I downloaded: http://www.devx.com/dotnet/Article/30610/0/page/4.

I followed the steps they gave on setting up the report but for some reason I get this error: The request failed with the error message: -- <html><head><title>Object moved</title></head><body> <h2>Object moved to <a href="/ReportServer/logon.aspx?ReturnUrl=%2fReportServer%2fReportExecution2005.asmx">here</a>.</h2> </body></html> --.

I'm sure that I'm close to figuring out this problem but I'm unable to figure out what the missing piece is. Could you please help me out?

re: Impersonating another user with the Web Form Report Viewer control and SQL Server Reporting Services 2005

Farshid — Mon, 08 Jan 2007 21:17:57 GMT

Use following credential and specify "NTLM"

CredentialCache cc = new CredentialCache();

cc.Add(uri, "NTLM", new NetworkCredential("administrator", "sierra", "dev3.agi"));

_reportViewer.ServerReport.ReportServerCredentials.NetworkCredentials = cc;

re: Impersonating another user with the Web Form Report Viewer control and SQL Server Reporting Services 2005

Doug S — Tue, 06 Feb 2007 20:35:46 GMT

Do you have this code in VB?

Do you have to do something similar to this in reporting services prior to 2005?

re: Impersonating another user with the Web Form Report Viewer control and SQL Server Reporting Services 2005

russch — Wed, 07 Feb 2007 15:27:00 GMT

I don't, sorry.

re: Impersonating another user with the Web Form Report Viewer control and SQL Server Reporting Services 2005

Rich — Thu, 08 Mar 2007 03:47:12 GMT

I was having a problem with one of my Report Servers and could not recall what I did to fix it in the past. I googled my problem and found this page but I remembered it was much easier than what is presented in this article. I asked myself why go through all this when you need to properly configure SSRS to fix this issue. I skimmed through the comments and did not see what I was looking for. Later it came to me that I needed to create a role for the user. Once I did that on my server it worked fine.

The problem I was having is that "NT AUTHORITY\NETWORK SERVICE" was not trusted to execute a report. To fix the issue I needed to go to the report server web interface http://<server>/Reports click the "Properties" tab, click the "New Role Assignment" button. In the "Group or user name:" text box I added "NT AUTHORITY\NETWORK SERVICE" and checked the "Browser" Role check box and clicked the "OK" button.

Hopefully this will help someone out.

Avoiding the '401 Unauthorized' Error when Using the ReportViewer in Your Web Application

StevenHarman.net — Thu, 22 Mar 2007 05:22:17 GMT

Avoiding the '401 Unauthorized' Error when Using the ReportViewer in Your Web Application

Impersonare un utente con ReportViewer Control

Impedance Mismatch — Thu, 21 Jun 2007 15:01:17 GMT

Oggi mi sono trovato nella necessità di impersonare un utente per accedere a dei report tramite il ReportViewer

re: Impersonating another user with the Web Form Report Viewer control and SQL Server Reporting Services 2005

John — Wed, 01 Aug 2007 13:52:23 GMT

Hi there

Which username and password is passed into the 'ReportViewerCredentials' method on your report viewer page? Is it the specific users account info or another account that has to be set up separately. If the latter, where does this account have to be set up?

I tried the code, passing in my own windows account username and password but just got an access denied error.

Also, in which web.config file do you set <identity impersonate="true"/> ? The one in your application or the one in the report server virtual directory (as it is in there by default)?

Many thanks

John

re: Impersonating another user with the Web Form Report Viewer control and SQL Server Reporting Services 2005

Shehzad Sheikh — Fri, 24 Aug 2007 03:35:11 GMT

Hi Russch,

I have been trying to search on Impersonation of through the report viewer control. I read your arctile and it was a help to some extent. I understand that we have implemented IReportServerCredentials interface. it is working fine when i hard code my username, password and domain while instantiating the class, but what if i have to impersonate dynamically with the logged on user windows credientials so that my code access the report server with the current user's credentials. For that matter i have failed so far finding a way to get the password for the current user. I can just use the User.Identity property on the page to get username and domain but not the password and hence cannot successfully impersonate the current user. Do you or anybody have any thoughts how can i overcome this problem??

re: Impersonating another user with the Web Form Report Viewer control and SQL Server Reporting Services 2005

Mridu — Thu, 06 Dec 2007 14:19:19 GMT

Hi,

I am also facing the problem with the error - -- <html><head><title>Object moved</title></head><body> <h2>Object moved to <a href="/ReportServer/logon.aspx?ReturnUrl=%2fReportServer%2fReportExecution2005.asmx">here</a>.</h2> </body></html> --.

This is quite because in forms authentication, a cookie is required but with the authentication we are providing , the cookie is still not passed along, so that's the reason SSRS authorization cancel's out the SOAP call and redirects us back to the ReturnURL.

I am figuring out the problem but solution is to no avail.

Please let me know if anyone comes across a solution for the same.

Thanks in advance.

- Mridu.

re: Impersonating another user with the Web Form Report Viewer control and SQL Server Reporting Services 2005

fredarwin — Thu, 27 Dec 2007 23:15:56 GMT

Hi,

I have a report in rpviewer in remote mode,inside my report i am using drillthrogh subreports and the navigation through it work fine, but, when i am in the subreport and after to choose export or print when i press the go parent button i haver a error:

Call back drilltroght

What can i do 4 resolve this issue?

re: Impersonating another user with the Web Form Report Viewer control and SQL Server Reporting Services 2005

fredarwin — Thu, 27 Dec 2007 23:28:08 GMT

Hi,

Back Call without drillthrough report.

I think is the sessionalive problem but how can solve this

re: Impersonating another user with the Web Form Report Viewer control and SQL Server Reporting Services 2005

KV — Sat, 16 Feb 2008 00:41:00 GMT

I tried with the ImpersonationUser returning null and public ICredentials NetworkCredentials

{

get

{

//return null; // Not using NetworkCredentials to authenticate.

CredentialCache cc = new CredentialCache();

cc.Add(new Uri("http://svr-devstation1/reportserver"),"Basic",

new NetworkCredential( "kviswanathan", "Pranav0206","Federation"));

return cc; // Not using NetworkCredentials to authenticate.

}

i get HTTP 401 not authorized error.

When i step through, i could see the correct domain,username and password in the ReportServerCredentials.

Any help is greatly appreciated.

thanks.

re: Impersonating another user with the Web Form Report Viewer control and SQL Server Reporting Services 2005

kanch_v — Sat, 16 Feb 2008 00:43:13 GMT

I forgot to mention that i use NT authentication.

thanks

HTTP status 401: Unauthorized

Mark — Fri, 07 Mar 2008 11:34:55 GMT

This example doesn't work with nested master pages. It says:"HTTP status 401: Unauthorized"?

I am working under Windows XP, SqlServer 2005.

Help please

HTTP status 401: Unauthorized

Mark — Fri, 07 Mar 2008 16:20:57 GMT

It's ok now, my domain name was wrong.

Thank you very much for this solution!!!

Running ReportViewer Control on Windows 2000 : BCE Solutions

Running ReportViewer Control on Windows 2000 : BCE Solutions — Thu, 01 May 2008 00:25:48 GMT

PingBack from http://bcesolutions.com/2008/04/30/running-reportviewer-control-on-windows-2000/

re: Impersonating another user with the Web Form Report Viewer control and SQL Server Reporting Services 2005

BS — Wed, 20 May 2009 15:44:37 GMT

Is there any way to give the current user to the report? I can fix it to some user, but it should return user-specific data and thus send the windows user to the server. It works for local IIS to server Reporting Server, but not for server IIS to server Reporting Server. Everyone has the rights to run the report and it works from the reporting server.

re: Impersonating another user with the Web Form Report Viewer control and SQL Server Reporting Services 2005

Tom — Wed, 29 Jul 2009 20:53:24 GMT

Using info from the support page you linked to, I was able to access the report viewer perfectly when I added this to my web.config

Using the code

Label1.Text = System.Security.Principal.WindowsIdentity.GetCurrent().Name;

I can see I am logged into <machine>\<user> and it passed in all my parameters correctly.

However, when I tried using your credentials code, the the page crashes when setting parameters and gives the error:

* The request failed with HTTP status 401: Unauthorized.

If I comment that out then the report viewer itself gives the same error. Note that with your code it logs me in as "NT AUTHORITY\NETWORK SERVICE" which I have given Browser rights.

Any clue on what is going wrong here?