Microsoft has made some fundamental modifications with SQL Server 2008 Reporting Services security architecture. Reporting Services and Web Component now do not need IIS or Web Server as Reporting Services now run on it's own http.sys and serves the reports request from within http.sys.
The biggest challenge I faced while configuring Reporting Services was Anonymous Access as Anonymous Access is no more an option available to be configured easily. To enable Anonymous Access you need to configure config files and also compile dll to provide extension to Reporting Services to allow Anonymous access.
Here are the steps which can be performed to enable Anonymous Access in Reporting Services.
- Change the authentication mode in rsreportserver.config to Custom
- Change the Authentication mode in web.config file in ReportServer to None. Also change the Impersonation to false.
<authentication mode="None" />
- Compile the code from this location to bin folder as Microsoft.Samples.ReportingServices.AnonymousSecurity.dll Or copy it from this location and paste it to bin folder in ReportServer.
- Add Extensions in rsreportserver.config
- Add the additional extension in Security Tag
<Extension Name="None" Type="Microsoft.Samples.ReportingServices.AnonymousSecurity.Authorization, Microsoft.Samples.ReportingServices.AnonymousSecurity" />
- Add the additional extension in Authentication Tag
<Extension Name="None" Type="Microsoft.Samples.ReportingServices.AnonymousSecurity.AuthenticationExtension, Microsoft.Samples.ReportingServices.AnonymousSecurity" />
- Add the following codegroup to configure the code access security in rssrvpolicy.config
<CodeGroupRestart the reporting services, Anonymous Access should work.
Description="This code group grants custom code full trust. ">
Url="C:\Program Files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\bin\Microsoft.Samples.ReportingServices.AnonymousSecurity.dll"