I have a report saved on a SQL2005 reporting server, and I want to return a rendered PDF of this report. I\'ve figured this out when working with a local *.rdlc file (and I\'ve
"Double hopping" is allowed - swith on Kerberos authentication ... (so long as it is working properly!)
We did finally figure out the problem. Our network administrators have disabled double-hopping, so while the impersonation was correctly connecting as domain\jmeyer
, the application was still attempting to connect to the SRS box with domain\web01$
. Why is it set up like this? Because double-hopping is a massive security hole. (Or so I was told. Does this sound like something you would read on The Daily WTF?)
Our solution was to create a generic domain\ssrs_report_services
user, and connect with that user with the following network credentials
public class CustomCredentials : IReportServerCredentials
{
public bool GetFormsCredentials(out Cookie authCookie, out string userName, out string password, out string authority)
{
authCookie = null;
userName = password = authority = null;
return false;
}
public WindowsIdentity ImpersonationUser
{
get { return null; }
}
public ICredentials NetworkCredentials
{
get { return new NetworkCredential("ssrs_report_services", "password", "domain") ; }
}
}
The above is the classic example solution that you can find all over the internets.