After spending 2 days scratching my head on how to implement
forms authentication for SSRS 2012, I finally decided to use the forms
authentication sample provided for SSRS 2008 R2 although the official Microsoft
page says that it only works with SSRS 2008 R2 and earlier versions which was
worth a try. Most of the steps are same as in SQL Server 2008 R2.
Given below are the steps taken for implementing the forms
authentication sample in SQL Server 2012.
Building the sample -
Step 1 - Download the Security Extension Sample from and
install the same on your system from the link given here Link
Step 2 - The sample will be installed in the same folder
where you have installed your SQL Server. for example - <SQL Server
Installation Folder> \100\Samples\Reporting Services\Extension Samples\FormsAuthentication
Sample, you can see that there is one solution file for VB and one for C#. I
will be using the solution file for C# in this post. Open the solution you
might get a warning symbol next to Microsoft.ReportingServices.Interfaces, in
that case open Right Click on the Reference node and say Add Reference which
opens a dialog box, the click on browse and go to <ReportingService
Directory>/ReportServer/bin and click on add. Now you can see the warning symbol
disappears.
Step 3 - In the AuthenticationExtension.cs and AuthenticationUtilities.cs
files replace the localhost in connection string with the <servername>\RS_<instancename>
(remember to prefix RS_ to the instance name).
Step 4 - Open the file AuthenticationUtilities.cs and
replace the reportserverinstance with RS_<reportserver instance name>.
If you dont prefix RS_ for the instance name you might get
invalid namespace error when you restart the reportserver.
Step 5 - In the AuthenticationUtilities.cs go the line where
the wmiNameSpace has been declared and replace {0} with the RS_<report
server instance name> and replace V10 with V11 so the string should like @"\root\Microsoft\SqlServer\ReportServer\RS_<instancename>\v11"
Step 6 - After making all these changes now you are ready to
build the solution, but you would require a keyfile to complete this operation.
So go to the VisualStudio command prompt and navigate to the Samples folder and
execute the command "sn -k SampleKey.snk". If you navigate to the
folder in the windows explorer you should be able to see the SampleKey.snk
folder in it. Now right click on the project and click on build. You should be
able to see the message "Build
Succeeded" and now you are ready to deploy the sample.
Deploying the sample -
Step 1 - Go to the Solution folder/bin/debug and you can
find the files Microsoft.Samples.ReportingServices.CustomSecurity.dll, Microsoft.Samples.ReportingServices.CustomSecurity.pdb
files. Copy these 2 files into <SQL Server Reporting Services Path>\ReportServer\bin
directory and <SQL Server Reporting Services Path>\ReportManager\bin directory.
Step 2 - Copy Logon.aspx in the solution file into the and <SQL
Server Reporting Services Path>\ReportServer directory.
Step 3 - Copy UILogon.aspx from and <SQL Server Reporting Services Path>\ReportManager\Pages.
Modifying ReportServer and ReportManager configuration files -
Step 1 - Modifying ReportServer.config file located in <SQL
Server Reporting Services Path>\ReportServer
a) Open the ReportServer.config file and add replace the
<Authentication> tag with the code given below
<Authentication>
<AuthenticationTypes>
<Custom/>
</AuthenticationTypes>
<EnableAuthPersistence>true</EnableAuthPersistence>
<AuthenticationTypes>
<Custom/>
</AuthenticationTypes>
<EnableAuthPersistence>true</EnableAuthPersistence>
<RSWindowsExtendedProtectionLevel>Off</RSWindowsExtendedProtectionLevel>
<RSWindowsExtendedProtectionScenario>Proxy</RSWindowsExtendedProtectionScenario>
</Authentication>
</Authentication>
b) Replace the Security tag with the code given below
<Security>
<Extension Name="Forms"
Type="Microsoft.Samples.ReportingServices.CustomSecurity.Authorization,
Microsoft.Samples.ReportingServices.CustomSecurity" >
<Configuration>
<AdminConfiguration>
<UserName>username</UserName>
</AdminConfiguration>
</Configuration>
</Extension>
</Security>
<Authentication>
<Extension Name="Forms"
Type="Microsoft.Samples.ReportingServices.CustomSecurity.AuthenticationExtension,
Microsoft.Samples.ReportingServices.CustomSecurity" />
<Extension Name="Forms"
Type="Microsoft.Samples.ReportingServices.CustomSecurity.Authorization,
Microsoft.Samples.ReportingServices.CustomSecurity" >
<Configuration>
<AdminConfiguration>
<UserName>username</UserName>
</AdminConfiguration>
</Configuration>
</Extension>
</Security>
<Authentication>
<Extension Name="Forms"
Type="Microsoft.Samples.ReportingServices.CustomSecurity.AuthenticationExtension,
Microsoft.Samples.ReportingServices.CustomSecurity" />
c) Locate the UI tag and replace it with the code given
below -
<UI>
<CustomAuthenticationUI>
<loginUrl>/Pages/UILogon.aspx</loginUrl>
<UseSSL>True</UseSSL>
</CustomAuthenticationUI>
<ReportServerUrl>http://<server>/ReportServer</ReportServerUrl>
</UI>
<CustomAuthenticationUI>
<loginUrl>/Pages/UILogon.aspx</loginUrl>
<UseSSL>True</UseSSL>
</CustomAuthenticationUI>
<ReportServerUrl>http://<server>/ReportServer</ReportServerUrl>
</UI>
* Remember to place your url in the ReportServerUrl tag and
set UseSSL tag to false if you dont use SSL.
Step 2 - Modifying the RSSrvPolicy.config file located in
the <SQL Reporting Services Path>\ReportServer
a) Add the below code to the existing policy which has the URL
Membership of $CodeGen
<CodeGroup
class="UnionCodeGroup"
version="1"
Name="SecurityExtensionCodeGroup"
Description="Code group for the sample security extension"
PermissionSetName="FullTrust">
<IMembershipCondition
class="UrlMembershipCondition"
version="1"
Url="C:\Program Files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\Microsoft.Samples.ReportingServices.CustomSecurity.dll"
/>
</CodeGroup>
class="UnionCodeGroup"
version="1"
Name="SecurityExtensionCodeGroup"
Description="Code group for the sample security extension"
PermissionSetName="FullTrust">
<IMembershipCondition
class="UrlMembershipCondition"
version="1"
Url="C:\Program Files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\Microsoft.Samples.ReportingServices.CustomSecurity.dll"
/>
</CodeGroup>
Step 3 - Modifying RSMgrPolicy.config file located in <SQL
Reporting Services Path>\ReportManager folder.
You should locate the below code in the file and set
PermissionSetName to "FullTrust" which has been shown in bold.
<CodeGroup
class="FirstMatchCodeGroup"
version="1"
PermissionSetName="FullTrust"
Description="This code group grants MyComputer code Execution permission. ">
<IMembershipCondition
class="ZoneMembershipCondition"
version="1"
Zone="MyComputer" />
class="FirstMatchCodeGroup"
version="1"
PermissionSetName="FullTrust"
Description="This code group grants MyComputer code Execution permission. ">
<IMembershipCondition
class="ZoneMembershipCondition"
version="1"
Zone="MyComputer" />
Step 4 - Modifying the Web.config file located in the <SQL
Reporting Services Path>\ReportServer folder
a) Locate the authentication mode tag and replace it with
the code given below
<authentication mode="Forms">
<forms loginUrl="logon.aspx" name="sqlAuthCookie" timeout="60"
path="/"></forms>
</authentication>
<forms loginUrl="logon.aspx" name="sqlAuthCookie" timeout="60"
path="/"></forms>
</authentication>
b) Add the below code to below the Authentication Mode tag
to restrict access to the users who dont have access rights
<authorization>
<deny users="?" />
</authorization>
<deny users="?" />
</authorization>
Step 5 - Modifying the Web.Config file located in the <SQL
Reporting Services Path>\ReportManager folder.
a) set <identity impersonate ="false" />
b) set <authentication mode="forms">
c) Go to appSettings and add the 2 keys given below to it
<add key="ReportServer" value="<Server
Name>"/>
<add key="ReportServerInstance" value="<Instance Name>"/>
<add key="ReportServerInstance" value="<Instance Name>"/>
Creating Database -
Go to <SQL Server Install directory>\100\Samples\Reporting
Services\Extension Samples\FormsAuthentication
Sample\cs\FormsAuthentication\Setup you can see 2 scripts, use the
CreateUserStore.sql file and create database and tables which will be used for
forms authentication.
Setting up admin
access to the ReportManager
Step 1 -Open the ReportManager url and add a username and
password and click register.
Step 2 - Open <SQL server reporting services install
directory>\RSReportServer.config file
locate the Secuirty tag and you will see the tag Username
tag in it and it has a dummy value as of now. Replace this with the username
which you just registered.
<Security>
<Extension Name="Forms"
Type="Microsoft.Samples.ReportingServices.CustomSecurity.Authorization,
Microsoft.Samples.ReportingServices.CustomSecurity" >
<Configuration>
<AdminConfiguration>
<UserName>Bharath_RS</UserName>
</AdminConfiguration>
</Configuration>
</Extension>
</Security>
<Extension Name="Forms"
Type="Microsoft.Samples.ReportingServices.CustomSecurity.Authorization,
Microsoft.Samples.ReportingServices.CustomSecurity" >
<Configuration>
<AdminConfiguration>
<UserName>Bharath_RS</UserName>
</AdminConfiguration>
</Configuration>
</Extension>
</Security>
this will give that particular user complete access to the
ReportServer as well as ReportManager.
So we have a the forms authentication up and running on your
report server. If you get any error like unable to load Microsoft.Samples.ReportingServices.CustomSecurity.dll
in the log files, restart your system and you should be able to see the login
page for the reportserver or reportmanager.
Working on creating my own security extension instead of the one
provided in the sample. Will post it if I am successful. If you have any
problem while implementing this comment on this post, will try my best to
resolve it.