Refactor SSRS Authentication

Last Post 10 Jan 2013 06:21 AM by lrobinsonjr. 1 Replies.
AddThis - Bookmarking and Sharing Button Printer Friendly
  •  
  •  
  •  
  •  
  •  
Sort:
PrevPrev NextNext
You are not authorized to post a reply.
Author Messages
lrobinsonjr
New Member
New Member

--
08 Jan 2013 07:12 AM
Hello team. After successfully setting up SSRS 2K5 in a production environment with hundreds of accounts, I think I need to revisit my implementation after reading an article about security best practices that suggested Anonymous Authentication should never be used in a production environment. Let me be clear, my users all log-in via forms authentication. But, to access their reports, they click a link in the web app which grants them anonymous access via a user account on the web server. The biggest security hole is the users can copy their report link and access the same folder and report without going through the original app. But, users cannot access reports for other accounts since security is at the folder level. Using forms authentication was an original consideration, however, it would have required a substantially larger effort and coding. Any suggestions about how to best fix this issue would be greatly appreciated. Thanks in advance!
lrobinsonjr
New Member
New Member

--
10 Jan 2013 06:21 AM
Forms authentication seems the likely choice, however, setting up the Reporting Services database to point to hundreds of different databases for different accounts, plus the overhead of coding each account seemed like overkill. Surely there's a better approach, but maybe not. I welcome any and all suggestions.
You are not authorized to post a reply.

Acceptable Use Policy