Introduction
When relying on Windows authentication to give your users access to SQL Server resources from Reporting Services, Active Directory will use either NTLM or Kerberos to resolve access rights. If Reporting Services isn’t running on the same server as the resources you’re trying to access, then Kerberos is your only option to allow Windows credentials to be passed through. If Kerberos isn’t pleased with your configuration, it will visit upon you the dreaded double-hop authentication issue. You can resolve this issue by configuring Active Directory to appease it. However, when Reporting Services is running on a server that’s also running IIS (Internet Information Services), things can become a bit trickier. In this harsh environment, appeasement of Kerberos is not enough for us. We will tame it.
Environment
In our environment we were running SQL Server Reporting Services 2005 (SSRS 2005) on a separate server that already had IIS installed. SSRS 2005 requires IIS to be able to handle the web side of things and we didn’t want IIS on our SQL Server. We also have SQL Server Analysis Services (SSAS) in our environment. There are reports that use SSAS as a data source, which always requires Windows authentication. So we had the web site for SSRS set up to run in IIS under an application pool that used a domain account while the Windows Service Identity for SSRS ran under NT Authority\NetworkService.
read on ... (http://www.sqlservercentral.com/articles/Reporting+Services+(SSRS)/116001/)
No comments:
Post a Comment