Export (0) Print
Expand All

Using Secure Web Service Methods

Certain Report Server Web service methods may require a secure connection when you invoke them. The methods that require a secure connection are determined by the SecureConnectionLevel setting in the RSReportServer.config file. The value of the setting is an integer value with a valid range of 0 to 3. The following table describes these values.

Level Description Web Methods Requiring SSL

0

Least secure. The report server does not check for a secure connection when Web service methods are invoked. However, all calls to the Web service can still be made to the report server over a secure connection.

None.

1

Minimally secure. All Web service calls that are made over an insecure connection and which might pass sensitive data such as user credentials are rejected. However, this setting does not guarantee security. It is still possible for sensitive data sent by the client to the report server to be exposed before the report server handles the request and rejects it.

Render (when the credential setting for the report that is being rendered is set to prompt), CreateDataSource, GetDataSourceContents, SetDataSourceContents, GetReportDataSources, SetReportDataSources, CreateReport, GetReportDefintion, SetReportDefinition, CreateDataDrivenSubscription, SetDataDrivenSubscriptionProperties, GetDataDrivenSubscriptionProperties, and PrepareQuery.

2

Secure. All rendered reports and all Web service calls require a secure connection. This includes all calls to the Render method and requests for rendered reports made through URL access.

All Level 1 methods, Render (all calls), and RenderStream.

3

Most secure. All calls made to the Reporting Services SOAP API require a secure connection.

All.

You can use the ListSecureMethods method of the Web service to return a list of Web service methods that require a secure connection according to the current configuration of the report server. In an SSL scenario, you should evaluate the list of methods that are returned by ListSecureMethods and change the scheme name of the Web service URI to "https" or "http" depending on the method being called.

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft