Impersonate in Reporting Services ASP.NET Web Clients


This issue comes up quite often with users who are building client Web applications that use the Reporting Services Web service. When you develop ASP.NET client applications that generate a Web service proxy, you can authenticate the current user to the Web service in your code. However, in ASP.NET, impersonation is turned off by default. This means that when you run your client application using integrated security, regardless of the current user, your client accesses the report server using the ASPNET account (for example NT AUTHORITY\NETWORK SERVICE under Windows 2003). This is not a very privileged user in Reporting Services (for good reason). You will need to enable impersonation in your Web application. The easiest way to do this is to modify the Web.config file for your client app. Simply add the following line within the <system.web> configuration element:


 


<identity impersonate=”true” />


 

Comments (5)

  1. Bryant Likes says:

    I still get a HTTP 401 error: Unauthorized if I access the site from a machine other than the one the site is hosted on.

  2. Bryan Keller says:

    This might be a double hop credential issue. If you are using integrated security, you may have to enable Kerberos delegation.

  3. Mark D. says:

    Just thought I would share a great link to help those trying to understand the confusing nature of delegation, so they can impersonate properly to SQL. I’ve had too many people ask, "How’d you do that…?"