Configuring a Report Server for Internet Access

SQL Server Setup

Updated: 14 April 2006

Although SQL Server Reporting Services is not expressly designed for Internet report deployment scenarios, you can successfully place Reporting Services on an Internet-facing Web server to disseminate general information to the public at large or private corporate data to authorized and authenticated users. Depending on application and user requirements, you can choose any of the following approaches:

  • Embedded reports hosted in a ReportViewer Web server control in a custom Internet application that you create and deploy.
  • Report server deployment on an extranet, using Windows Authentication.
  • Report server deployment on an extranet, using custom authentication.
  • Report server configured to run as a back-end server in a larger deployment of a SharePoint product or technology, where you configure the front-end server for Internet deployment.
Note:
Although Report Manager was not designed as an Internet application, you can install just Report Manager on an Internet-facing Web server, and then install the report server and report server database behind the firewall. To install Report Manager on an Internet-facing Web server, you must select both Report Server and Report Manager as feature components. After setup is finished, you can use SQL Server Surface Area Configuration tool to disable the report server instance that installed with Report Manager. You can then configure Report Manager to use the second report server instance that is behind the firewall. You need to modify the <ReportServerVirtualDirectory> and <ReportServerUrl> settings in the RSWebApplication.config file to point Report Manager to the report server instance.

Using ReportViewer Web Server Controls to Host Reports in an Internet Application

To deploy reports in an Internet application, you can embed the ReportViewer Web server control in a custom Internet-ready application that you create and deploy. The ReportViewer Web server control is included in Visual Studio 2005 and can be distributed freely with your application. You can configure the control to display reports that run on a report server. The connection between your application and the report server is handled by the control, through the Web service programming interface. All authentication and authorization is handled by your application, which connects to the report server through a single, user-trusted connection.

Note:
ReportViewer controls can be used independently of Reporting Services to host client report definition (.rdlc) files that you provide in your application. For more information, see Comparing Reporting Services and ReportViewer Controls in SQL Server Books Online.

Deploying Report Server and Report Manager in an Extranet

To deploy a report server in an extranet scenario that supports connections from predefined Microsoft Active Directory accounts, you can use the default Windows Authentication security extension. Plan on configuring the server for Secure Sockets Layer (SSL) connections and Basic authentication in Internet Information Services (IIS).

To deploy a report server in an extranet scenario that supports connections from a single sign-on technology or a forms-based authentication model that stores user identity information in a database, you must create a custom authentication extension to replace the default Windows Authentication security extension. Forms-based authentication is typically used when you are opening up a report server to the public but only want authenticated users to view content. By default, SQL Server Reporting Services does not provide a forms-based authentication module. For more information about how to create one, see Implementing a Security Extension in SQL Server Books Online.

Caution:
Configuring a report server for Anonymous access is not recommended or encouraged unless you are also using custom authentication. If you do not use custom authentication, and you enable Anonymous access on a report server anyway, you will not be able to vary role assignments in a meaningful way. All users will access the report server under the Anonymous user account, and no one will have permission to administer the report server through Report Manager or Management Studio. Role assignments that you subsequently define will not vary for individual users; all users will have the same access to the same content and reports that require user-dependent data will not function.

Use the following guidelines to deploy a report server and Report Manager on the same computer:

  1. Install Reporting Services on an Internet-facing Web server using the files-only installation mode. In SQL Server Installation Wizard, this is the Install but do not configure option.
  2. Secure the connection between the Web server and the SQL Server Database Engine instance you plan to use to host the report server database. You can use IPSec to protect the connection.
  3. Run the Reporting Services Configuration tool after Setup is complete to configure the report server:
    1. Specify the service accounts and create the report server database.
    2. If the SQL Server instance is in a different domain and Kerberos 5.0 is not enabled, use SQL Server authentication for the report server database connection.
  4. Configure the report server and Report Manager virtual directories, choosing a Web site that you have configured for Internet access.
Note:
In previous versions, you had to modify configuration settings when deploying a report server instance on an Internet-facing Web server. This step is no longer required as long as Report Manager and report server are installed together.

Configuring Proxy Settings in Web.config Files

In SQL Server 2005, Reporting Services includes a Web.config setting that allows Report Manager to bypass the proxy server when sending requests to a local report server that is installed on the same computer.

The Web.config setting is the System.NET defaultProxy network setting. By default, defaultProxy is disabled in the Web.config file for Report Manager. This is the recommended configuration when Report Manager and the report server are deployed together on the same computer.

If you upgraded from SQL Server 2000 Reporting Services, the Report Manager Web.config file does not include the defaultProxy configuration setting. You can add and set the defaultProxy setting to bypass the proxy server for installations where Report Manager and report server are running on the same computer. Copy the following configuration settings into the Report Manager Web.config file:

Copy Code
<configuration>
...
<system.net>
  <defaultProxy enabled="false" />
</system.net>
</configuration>

For more information about these settings, see "Configuring Internet Applications" and "defaultProxy Element (Network Settings)" in the Microsoft .NET Framework Developer's Guide.

Verifying Internet Deployment

To verify that your report server connection is accessible, you should be able to view the report server folder namespace over an Internet connection by typing http: (or https:)//<your-web-server-fully-qualified-domain-name>/reportserver, where /reportserver is the default name of the report server virtual directory.

Note:
Deploying Reporting Services on an Internet-facing Web server requires careful evaluation on your part. Network and security software, network topology, and domain configuration can introduce variables that make it difficult to prescribe an exact set of steps for report server deployment. When evaluating a report server for Internet access, be sure that your test scenarios include all of the features you intend to use and that you always test using secure connections.

Running a Report Server in an Internet Deployment of a SharePoint Product or Technology

If you have an instance of a SharePoint product or technology that is configured for connections over the Internet, you can use that instance as a front-end server for reports that run on a Reporting Services report server. The authentication provider and permissions you configure for a SharePoint farm are used to access report server content and operations. By using the SharePoint security features, you eliminate the need to use a custom authentication extension on the report server that you must create and deploy yourself. It also eliminates the need to set up the report server site for Internet connections. For more information about server integration, see Reporting Services and SharePoint Technology Integration.

See Also

Concepts

Configuring Report Server Virtual Directories

Other Resources

RSWebApplication Configuration File
Deploying Reporting Services
Integrated Security and Elevated Permissions
Configuring Report Server Security