Using the ASP.NET ReportViewer Control in Partial Trust
In Visual Studio 2010 and above, the ASP.NET ReportViewer control can run in partial trust when it is in remote processing mode. This is useful when you deploy your Web application to commercial hosting services, many of which limit the hosted Web applications to a partial trust run time environment. For the ReportViewer control to run in remote processing mode and in a partial trust environment, you need to configure your Web application to use one of the default trust levels or use a custom security policy.
Important
In local processing mode, the ReportViewer control must be run in full trust.
Using Default Partial Trust Policies
By default, some partial trust policies already contain the required permissions to run the ReportViewer control in remote processing mode. They contain the IPermission element for WebPermission with the Unrestricted=”true” attribute, which includes the permission to connect to any remote report server. The following table specifies which default policy contains the required permissions:
.NET Framework Version |
High |
Medium |
Low |
Minimal |
|---|---|---|---|---|
3.5 |
Yes |
No |
No |
No |
4.x |
Yes |
Yes |
No |
No |
For a policy supported by the ReportViewer control, you simply need to configure your application to use the specific trust level. For example, if you have a Web application that targets .NET Framework 4, you specify the <trust> tag in the Web.config file, like so:
<system.web>
...
<trust level="Medium"/>
...
</system.web>
Because Medium trust in .NET Framework 4 already contains the required permissions for ReportViewer, your application automatically works. However, if you specify Low trust for the same application, the ReportViewer will display an error message that indicates the missing permissions. You must modify the default policy or create a custom policy that contains the permissions. See Using Custom Policies.
Using Custom Policies
Because the .NET Framework supports custom security policies, you can create a custom policy based on one of the default policies and add the permissions needed to run the ReportViewer control in remote processing mode. Specifically, what you need to run the ASP.NET ReportViewer control in partial trust are:
The security policy file for the trust level includes the WebPermission class
The IPermission element for WebPermission that grants connect access to the report server
For example, if you have a ReportViewer control in a Web application that targets .NET Framework 4 and want to run it in with Minimal trust, follow the steps below:
Add a copy of the default web_minimaltrust.config file to your project. This file can be found at:
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\
Open the web_minimaltrust.config file and add the highlighted sections in the respective locations:
... <PolicyLevel version="1"> <SecurityClasses> ... <SecurityClass Name="WebPermission" Description="System.Net.WebPermission, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/> ... </SecurityClasses> <NamedPermissionSets> ... <PermissionSet class="NamedPermissionSet" version="1" Name="ASP.Net"> ... <IPermission class="WebPermission" version="1"> <ConnectAccess> <URI uri="<protocol>://<servername>/<reportserverinstance>.*" /> </ConnectAccess> </IPermission> ... </PermissionSet> ... </NamedPermissionSets> ... </PolicyLevel> ...The string <protocol>://<servername>/<reportserverinstance>.* is a regular expression that includes all URLs on your report server. This grants access to all reports hosted on the report server. For greater simplicity (but with higher security risk), you can use the following IPermission section instead:
<IPermission class="WebPermission" version="1" Unrestricted="true" />This allows connection attempts from or to any URI. Note that this is the same level of access granted by the default policies that support ReportViewer in remote processing mode, which are listed in Using Default Partial Trust Policies.
Open the Web.config file and add the following highlighted tags:
<system.web> ... <trust level="Minimal"/> <securityPolicy> <trustLevel name="Minimal" policyFile="web_minimaltrust.config"/> </securityPolicy> ... <system.web>