Refactor SSRS Authentication

Last Post 08 Jan 2013 06:57 AM by lrobinsonjr. 0 Replies.
AddThis - Bookmarking and Sharing Button
Author Messages
lrobinsonjr
New Member
New Member

--
08 Jan 2013 06:57 AM
Hello team. After successfully setting up SSRS 2K5 in a production environment with hundreds of accounts, I think I need to revisit my implementation after reading an article about security best practices that suggested Anonymous Authentication should never be used in a production environment. Let me be clear, my users all log-in via forms authentication. But, to access their reports, they click a link in the web app which grants them anonymous access via a user account on the web server. The biggest security hole is the users can copy their report link and access the same folder and report without going through the original app. But, users cannot access reports for other accounts since security is at the folder level. Using forms authentication was an original consideration, however, it would have required a substantially larger effort and coding. Any suggestions about how to best fix this issue would be greatly appreciated. Thanks in advance!


Acceptable Use Policy
---