Export (0) Print
Expand All

Web Service Authentication

SQL Server 2000

Web Service Authentication

You can use either Windows Authentication or Basic authentication to authenticate the calls made to the Reporting Services Web service. Any client that makes SOAP requests to the report server must implement the client portion of one of the supported authentication protocols. If you are developing using the Microsoft .NET Framework, you can use the managed code HTTP classes to implement authentication. Using these APIs makes it easy to send authentication information along with the SOAP requests.

If you do not have appropriate credentials before you make a call to the Web service, the call fails. At run time, you can pass credentials to the Web service by setting the Credentials property of the client-side object that represents the Web service before you call its methods.

Note  The authentication method that you use depends on the security settings for your report server virtual directory in Internet Information Services (IIS). For more information about virtual directory security, see the IIS documentation.

The following sections contain example code that sends credentials using the .NET Framework.

Windows Authentication

The following code passes Windows credentials to the Web service:

Dim rs As New ReportingService()
rs.Credentials = System.Net.CredentialCache.DefaultCredentials

ReportingService rs = new ReportingService();
rs.Credentials = System.Net.CredentialCache.DefaultCredentials;

Basic Authentication

The following code passes Basic credentials to the Web service:

Dim rs As New ReportingService()
rs.Credentials = New System.Net.NetworkCredential("username", "password", "domain")

ReportingService service = new ReportingService();
service.Credentials = new System.Net.NetworkCredential("username", "password", "domain");

The credentials must be set before you call any of the methods of the Reporting Services Web service. If you do not set the credentials, you receive the error code an HTTP 401 Error: Access Denied. You must authenticate the service before you use it, but after you have set the credentials, you do not need to set them again as long as you continue to use the same service variable (such as rs).

Security Note  When possible, use Windows Authentication. If Windows Authentication is not available, prompt users to enter their credentials at run time. Avoid storing credentials in a file. If you must store credentials, you should encrypt them using the Microsoft Win32® CryptoAPI. For more information about the Win32 CryptoAPI, see this Microsoft Web site.

Custom Authentication

Reporting Services includes a programming API that provides developers with the opportunity to design and develop custom authentication extensions, known as security extensions. For more information, see Implementing a Security Extension.

See Also

Building Applications Using the Web Service and the .NET Framework

Reporting Services Web Service

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft