Web Service Authentication
You can use either Windows Authentication or Basic authentication to authenticate the calls made to the Reporting Services Web service. Any client that makes SOAP requests to the report server must implement the client portion of one of the supported authentication protocols. If you are developing using the Microsoft .NET Framework, you can use the managed code HTTP classes to implement authentication. Using these APIs makes it easy to send authentication information along with the SOAP requests.
If you do not have appropriate credentials before you make a call to the Web service, the call fails. At run time, you can pass credentials to the Web service by setting the Credentials property of the client-side object that represents the Web service before you call its methods.
Note The authentication method that you use depends on the security settings for your report server virtual directory in Internet Information Services (IIS). For more information about virtual directory security, see the IIS documentation.
The following sections contain example code that sends credentials using the .NET Framework.
The following code passes Windows credentials to the Web service:
The following code passes Basic credentials to the Web service:
The credentials must be set before you call any of the methods of the Reporting Services Web service. If you do not set the credentials, you receive the error code an HTTP 401 Error: Access Denied. You must authenticate the service before you use it, but after you have set the credentials, you do not need to set them again as long as you continue to use the same service variable (such as rs).
Security Note When possible, use Windows Authentication. If Windows Authentication is not available, prompt users to enter their credentials at run time. Avoid storing credentials in a file. If you must store credentials, you should encrypt them using the Microsoft Win32® CryptoAPI. For more information about the Win32 CryptoAPI, see this Microsoft Web site.
Reporting Services includes a programming API that provides developers with the opportunity to design and develop custom authentication extensions, known as security extensions. For more information, see Implementing a Security Extension.