Anonymous access in SQL RS 2008 – Part 2

Recently I received a few questions on Anonymous authentication. For anonymous auth in SSRS2005, I always had the question about how to give administrative permission to some users, while giving read permissions to the mass. Now I have my question answered. A duplicate RM/RS virtual directory was configured for anonymous authentication. Extranet users connect to the anonymous auth enabled vdir. Intranet users connect to the windows auth enabled vdir.

I am actually not 100% sure on the supportability of such deployments. But customers have found ways to do it. Unfortunately SSRS2008 does not allow you to create virtual directories. My suggestions was

"Unfortunately there isn't an easy alternative in SSRS2008. If you can afford to install a second instance and configure a web farm, you can make the second instance anonymous. Another solution is to create a front end application using the viewer control, and enable anonymous authentication there."

 I guess there are always some IIS configuration that we won't be able to support. However, anonymous auth seems to be a common request from customers. We do not want to make RS an all-purpose web server. I a still wondering what is the best way to support something like this ...

You can find the original discussion here: 

Comments (2)
  1. Sher says:

    Here is our dillema … we provide a service management application to our customers and we have a web portal application for their customers to be able to see / log service calls.  That portal has reports of which SSRS was our primary reporting tool.  These customer’s customers are outside of the environment running SSRS and our application as they are accessing this over the internet.  Without unanomyous access what is our option?

  2. says:

    In case, you are only looking at part 2:

    I am trying to get custom authentication to work, because the default is simply not applicable to our environment, and have tried two ways, but am stopped by errors out of my control:

    1. I got the Anonymous authentication in this blog to work, and have been trying to use that as a starting point and tighten security, but, whenever I try to get the user identity in the function GetUserInfo in AuthenticationExtension.cs, using the following code:

              if (System.Web.HttpContext.Current != null && System.Web.HttpContext.Current.User.Identity != null)


                  userIdentity = System.Web.HttpContext.Current.User.Identity;


    I get error:

    "Client found response content type of ‘text/html; charset=utf-8’, but expected ‘text/xml’. "

    2. I downloaded the latest Forms authentication sample for 2008 from MSDN, and converted it successfully to Visual Studio 2008 (instructions said it was only compatible with VS 2005, but that is not a reasonable requirement, since I am working on Windows 2008 with Visual Studio 2008 and SQL Server 2008, and am expected to get a license for an old VS 2005?), compiled and followed instructions (which need some editing work) to configure Reporting Services for it.  I get the logon page when invoking /Reports, but when I enter a username and password and click Logon, I get the error message: "An error occurred while attempting to get the ReportServer Url. Invalid namespace".  Taking a tip from some related blogs about this error, I changed the reportingservices.mof file, removing the "RS_" prefix from the instance name wherever namespace was mentioned, but still get the same error.

    I’ve contacted Microsoft Support, but am still playing phone tag with first-level support, who I am sure wouldn’t be able to help, anyway.  I am hoping this blog provides a short-circuit to the developers who can actually fix the code and provide working up-to-date samples.

Comments are closed.

Skip to main content