Web Service Authentication
You can use either Windows Authentication or Basic authentication to authenticate the calls made to the Report Server Web service. Any client that makes SOAP requests to the report server must implement the client portion of one of the supported authentication protocols. If you are using the Microsoft .NET Framework, you can use the managed code HTTP classes to implement authentication. Using these APIs makes it easy to send authentication information along with the SOAP requests.
If you do not have appropriate credentials before you make a call to the Report Server Web service, the call fails. At run time, you can pass credentials to the Web service by setting the Credentials property of the client-side object that represents the Web service before you call its methods.
The authentication method that you use depends on the security settings for your report server virtual directory in Microsoft Internet Information Services (IIS). For more information about virtual directory security, see the IIS documentation.
The following sections contain example code that sends credentials using the .NET Framework.
The following code passes Windows credentials to the Web service.
[Visual Basic] Dim rs As New ReportingService() rs.Credentials = System.Net.CredentialCache.DefaultCredentials
ReportingService rs = new ReportingService(); rs.Credentials = System.Net.CredentialCache.DefaultCredentials;
The following code passes Basic credentials to the Web service.
Dim rs As New ReportingService() rs.Credentials = New System.Net.NetworkCredential("username", "password", "domain")
ReportingService service = new ReportingService(); service.Credentials = new System.Net.NetworkCredential("username", "password", "domain");
The credentials must be set before you call any of the methods of the Report Server Web service. If you do not set the credentials, you receive the error code an HTTP 401 Error: Access Denied. You must authenticate the service before you use it, but after you have set the credentials, you do not need to set them again as long as you continue to use the same service variable (such as rs).
Reporting Services includes a programming API that provides developers with the opportunity to design and develop custom authentication extensions, known as security extensions. For more information, see Implementing a Security Extension.