Security in accessing reports on Report Server

Once you deploy reports on to Report Server they can be accessed from any Web application with an established URL. However, I see a scenario when one wants to prevent some users from accessing reports (e.g. a user should be able to view reports presenting only their personal information).

The way around this is to view reports on an aspx page by employing ReportViewer control, which makes it possible to view reports hosted locally or deployed on (in particular remote) ReportServer. I’ve chosen the former approach.

In order to use ReportViewer with reports hosted locally, you need to:

  • change the extension of the report files from RDL to RDLC
  • configure ReportViewer control so it is associated with an appropriate RDLC file and DataSource (you will need to configure it by providing the connection details, specifying the SQL query or stored procedure that will retrieve the data)
  • in code behind for that aspx page (in Page_Load method) you can add some logics that checks if the currently logged user can access the report; if not, you can just throw an Exception
  • if you want to pass parameters to the ReportViewer, you will have to add a few lines to the above mentioned method:
    ReportParameter p = new ReportParameter(PARAM_NAME, PARAM_VALUE);
    reportViewer.LocalReport.SetParameters(new ReportParameter[] { p });


Previous Post
Next Post