This documentation is archived and is not being maintained.

IReportServerCredentials Interface

Allows applications to provide credentials for connecting to a Reporting Services report server.

Namespace: Microsoft.Reporting.WebForms
Assembly: Microsoft.ReportViewer.WebForms (in microsoft.reportviewer.webforms.dll)

public interface IReportServerCredentials
public interface IReportServerCredentials
public interface IReportServerCredentials

When implementing the IReportServerCredentials interface, it is important know that the ReportViewer control stores the instance of the object in ASP.NET session. If the server's ASP.NET session is being stored out of process, such as in Reporting Services, the class must be marked Serializable so that it may be serialized for storage.

Although it is not required, it is also a good practice to implement the IReportServerCredentials interface as a stateless object. This prevents the credential information, such as user name and password, from being stored when the object is serialized.

For more information about how to specify credentials with the ReportViewer control, see Specifying Connections and Credentials for the ReportViewer Web Server Control.

The following example provides an implementation of IReportServerCredentials that is marked Serializable so that it can be serialized for storage. The credential information is retrieved from the Web.config file. This implementation will connect to the report server with the same credentials for all client requests.

Before using the example, three key value pairs must be added to the application's Web.config file in the appSettings block: MyReportViewerUser, MyReportViewerPassword, and MyReportViewerDomain. These values correspond to the user name, password, and domain that will be used to connect to the report server.

using System;
using System.Data;
using System.Configuration;
using System.Net;
using System.Security.Principal;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
using Microsoft.Reporting.WebForms;

public partial class _Default : System.Web.UI.Page 
    protected void Page_Init(object sender, EventArgs e)
        ReportViewer1.ServerReport.ReportServerCredentials = 
            new MyReportServerCredentials();

public sealed class MyReportServerCredentials : 
    public WindowsIdentity ImpersonationUser
            // Use the default Windows user.  Credentials will be
            // provided by the NetworkCredentials property.
            return null;

    public ICredentials NetworkCredentials
            // Read the user information from the Web.config file.  
            // By reading the information on demand instead of 
            // storing it, the credentials will not be stored in 
            // session, reducing the vulnerable surface area to the
            // Web.config file, which can be secured with an ACL.

            // User name
            string userName = 

            if (string.IsNullOrEmpty(userName))
                throw new Exception(
                    "Missing user name from web.config file");

            // Password
            string password = 

            if (string.IsNullOrEmpty(password))
                throw new Exception(
                    "Missing password from web.config file");

            // Domain
            string domain = 

            if (string.IsNullOrEmpty(domain))
                throw new Exception(
                    "Missing domain from web.config file");

            return new NetworkCredential(userName, password, domain);

    public bool GetFormsCredentials(out Cookie authCookie, 
                out string userName, out string password, 
                out string authority)
        authCookie = null;
        userName = null;
        password = null;
        authority = null;

        // Not using form credentials
        return false;