Security in accessing reports on Report Server

Once you deploy reports on to Report Server they can be accessed from any Web application with an established URL. However, I see a scenario when one wants to prevent some users from accessing reports (e.g. a user should be able to view reports presenting only their personal information).

The way around this is to view reports on an aspx page by employing ReportViewer control, which makes it possible to view reports hosted locally or deployed on (in particular remote) ReportServer. I’ve chosen the former approach.

In order to use ReportViewer with reports hosted locally, you need to:

  • change the extension of the report files from RDL to RDLC
  • configure ReportViewer control so it is associated with an appropriate RDLC file and DataSource (you will need to configure it by providing the connection details, specifying the SQL query or stored procedure that will retrieve the data)
  • in code behind for that aspx page (in Page_Load method) you can add some logics that checks if the currently logged user can access the report; if not, you can just throw an Exception
  • if you want to pass parameters to the ReportViewer, you will have to add a few lines to the above mentioned method:
    ReportParameter p = new ReportParameter(PARAM_NAME, PARAM_VALUE);
    reportViewer.LocalReport.SetParameters(new ReportParameter[] { p });
 Security in accessing reports on Report Server

2 Responses to “Security in accessing reports on Report Server”

  • Is there a simple fix to allow anonymous access to your reports over a lan.
    I keep on being asked for user name and password.
    I dont have security issues
    I want anybody to view the reports
    What would be the easiest way to achieve this


  • Theo,
    Right now I don’t have access to any machine where that is installed so I can’t check anything…
    From the top of my head, try playing with secuity settings in the Report manager / Report Server virtual directory properties. Also, when you go to Report Manager screen, there’s a securoty window which might provide some configuration against this. However, I believe here you can set only the priviledges of the user that can accept Report Manager.

    I wish you luck with that.
    Sorry I couldb’t be more of help.


Leave a Reply