I wrote and deployed my own security extension for SSRS 2008r2, and it works great, except when trying to deploy reports from BIDS 2008 / Visual Studio.
The security extension architecture processes logins through several permissions, and I manage this by creating a user session in LogonUser (), storing it in the database and then loading the session in the client proxy class for the RS web service using the UID passed by the cookie from the service, and then rewrites the authentication ticket to contain the session ID and user roles for the current user. These values can then be used in the user authorization extension to control user permissions for actions and SSRS objects.
The problem I ran into is that it does not work when deploying reports from BIDS. It accesses the service directly, so a proxy class is not required. I tried to handle the event after authentication in the HTTP context, but, alas, the session cookie is not saved by the RS service, so I can not access the session values.
So what am I missing? Is there any other way to manage user roles and permissions that do not require hard-coded usernames anywhere? As I said, logins can be made using several permissions, so managing permissions through just a username is impossible (and the thought of it makes me cringe).
One of the possible solutions that I was thinking about is to create an extension or plugin for BIDS, which essentially acts as a proxy server for the web service, which will allow me more control over the login process, but I have no idea if this is possible (google no help ...)
Any help would be greatly appreciated!
source
share