I have been searching through numerous blogs and MSDN/Technet posts for the answer to this but I can't seem to find anything concrete other than 'do something different.'
What I am attempting to do is setup reporting services to do a double hop when using Windows Authentication back to remote datasources.ÃÂ Here are the scenarios I am faced with so far;ÃÂ To the best of my knowledge I have setup the appropriate SPN's for kerberos, the server hosting the application is setup for Delegation, as is the Domain Service Account that RSÃÂ is running under.ÃÂ RS is running in native mode, not sharepoint integrated.
1) When the rsreportserver.config file is set to use NTLM a user can authenticate back to the report server and a report will return the USERID for as appropriate user.ÃÂ When making a connection to a remote datasource it tries to authenticate as NT Authority\Anonymous logon.ÃÂ obviously I am not going to setup the anon logon as a read only account on the server for security purposes.
The Web.config file for the report server is set to impersonate 'TRUE', when settingÃÂ to false the reports returns a userid of the service account RS is using, and attempts to connect to the remote datasource as the service account.ÃÂ There would be no way to filter roles for who is able to
View Complete Post