Assembly: Microsoft.ReportViewer.WebForms (in microsoft.reportviewer.webforms.dll)
When implementing the IReportServerCredentials interface, it is important know that the ReportViewer control stores the instance of the object in ASP.NET session. If the server's ASP.NET session is being stored out of process, such as in Reporting Services, the class must be marked Serializable so that it may be serialized for storage.
Although it is not required, it is also a good practice to implement the IReportServerCredentials interface as a stateless object. This prevents the credential information, such as user name and password, from being stored when the object is serialized.
For more information about how to specify credentials with the ReportViewer control, see Specifying Connections and Credentials for the ReportViewer Web Server Control.
The following example provides an implementation of IReportServerCredentials that is marked Serializable so that it can be serialized for storage. The credential information is retrieved from the Web.config file. This implementation will connect to the report server with the same credentials for all client requests.
Before using the example, three key value pairs must be added to the application's Web.config file in the appSettings block: MyReportViewerUser, MyReportViewerPassword, and MyReportViewerDomain. These values correspond to the user name, password, and domain that will be used to connect to the report server.
Imports System.Net Imports System.Security.Principal Imports Microsoft.Reporting.WebForms Partial Class _Default Inherits System.Web.UI.Page Protected Sub Page_Init(ByVal sender As Object, _ ByVal e As System.EventArgs) _ Handles Me.Init ReportViewer1.ServerReport.ReportServerCredentials = _ New MyReportServerCredentials() End Sub End Class <Serializable()> _ Public NotInheritable Class MyReportServerCredentials Implements IReportServerCredentials Public ReadOnly Property ImpersonationUser() As WindowsIdentity _ Implements IReportServerCredentials.ImpersonationUser Get 'Use the default windows user. Credentials will be 'provided by the NetworkCredentials property. Return Nothing End Get End Property Public ReadOnly Property NetworkCredentials() As ICredentials _ Implements IReportServerCredentials.NetworkCredentials Get 'Read the user information from the web.config file. 'By reading the information on demand instead of storing 'it, the credentials will not be stored in session, 'reducing the vulnerable surface area to the web.config 'file, which can be secured with an ACL. 'User name Dim userName As String = _ ConfigurationManager.AppSettings("MyReportViewerUser") If (String.IsNullOrEmpty(userName)) Then Throw New Exception("Missing user name from web.config file") End If 'Password Dim password As String = _ ConfigurationManager.AppSettings("MyReportViewerPassword") If (String.IsNullOrEmpty(password)) Then Throw New Exception("Missing password from web.config file") End If 'Domain Dim domain As String = _ ConfigurationManager.AppSettings("MyReportViewerDomain") If (String.IsNullOrEmpty(domain)) Then Throw New Exception("Missing domain from web.config file") End If Return New NetworkCredential(userName, password, domain) End Get End Property Public Function GetFormsCredentials(ByRef authCookie As Cookie, _ ByRef userName As String, _ ByRef password As String, _ ByRef authority As String) _ As Boolean _ Implements IReportServerCredentials.GetFormsCredentials authCookie = Nothing userName = Nothing password = Nothing authority = Nothing 'Not using form credentials Return False End Function End Class