Export (0) Print
Expand All
This topic has not yet been rated - Rate this topic

Using the ASP.NET ReportViewer Control in Partial Trust

In Visual Studio 2010 and above, the ASP.NET ReportViewer control can run in partial trust when it is in remote processing mode. This is useful when you deploy your Web application to commercial hosting services, many of which limit the hosted Web applications to a partial trust run time environment. For the ReportViewer control to run in remote processing mode and in a partial trust environment, you need to configure your Web application to use one of the default trust levels or use a custom security policy.

Important note Important

In local processing mode, the ReportViewer control must be run in full trust.

By default, some partial trust policies already contain the required permissions to run the ReportViewer control in remote processing mode. They contain the IPermission element for WebPermission with the Unrestricted=”true” attribute, which includes the permission to connect to any remote report server. The following table specifies which default policy contains the required permissions:

.NET Framework Version

High

Medium

Low

Minimal

3.5

Yes

No

No

No

4.x

Yes

Yes

No

No

For a policy supported by the ReportViewer control, you simply need to configure your application to use the specific trust level. For example, if you have a Web application that targets .NET Framework 4, you specify the <trust> tag in the Web.config file, like so:

<system.web>
  ...
  <trust level="Medium"/>
  ...
</system.web>

Because Medium trust in .NET Framework 4 already contains the required permissions for ReportViewer, your application automatically works. However, if you specify Low trust for the same application, the ReportViewer will display an error message that indicates the missing permissions. You must modify the default policy or create a custom policy that contains the permissions. See Using Custom Policies.

Because the .NET Framework supports custom security policies, you can create a custom policy based on one of the default policies and add the permissions needed to run the ReportViewer control in remote processing mode. Specifically, what you need to run the ASP.NET ReportViewer control in partial trust are:

For example, if you have a ReportViewer control in a Web application that targets .NET Framework 4 and want to run it in with Minimal trust, follow the steps below:

  1. Add a copy of the default web_minimaltrust.config file to your project. This file can be found at:

    C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\

  2. Open the web_minimaltrust.config file and add the highlighted sections in the respective locations:

    ...
    <PolicyLevel version="1">
      <SecurityClasses>
        ...
        <SecurityClass Name="WebPermission" Description="System.Net.WebPermission, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
        ...
      </SecurityClasses>
      <NamedPermissionSets>
        ...
        <PermissionSet
                class="NamedPermissionSet"
                version="1"
                Name="ASP.Net">
          ...
          <IPermission 
                  class="WebPermission" 
                  version="1"> 
            <ConnectAccess> 
              <URI uri="<protocol>://<servername>/<reportserverinstance>.*" /> 
            </ConnectAccess> 
          </IPermission>
          ...
        </PermissionSet>
        ...
      </NamedPermissionSets>
      ...
    </PolicyLevel>
    ...
    

    The string <protocol>://<servername>/<reportserverinstance>.* is a regular expression that includes all URLs on your report server. This grants access to all reports hosted on the report server. For greater simplicity (but with higher security risk), you can use the following IPermission section instead:

    <IPermission
            class="WebPermission"
            version="1"
            Unrestricted="true"
    />
    

    This allows connection attempts from or to any URI. Note that this is the same level of access granted by the default policies that support ReportViewer in remote processing mode, which are listed in Using Default Partial Trust Policies.

  3. Open the Web.config file and add the following highlighted tags:

    <system.web>
      ...
      <trust level="Minimal"/> 
      <securityPolicy> 
        <trustLevel name="Minimal" policyFile="web_minimaltrust.config"/> 
      </securityPolicy>
      ...
    <system.web>
    
Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft. All rights reserved.