Security rules violation exception when running subscriptions with SSRS Custom Authentication

Question

I have implemented SSRS Custom Authentication using Microsoft.Samples.ReportingServices.CustomSecurity.

Everything works correctly in SQL Server 2022 ReportServer- except for subscriptions.

When I add new subscriptions and executed it, I get the following error:

ERROR: Exception caught instantiating Forms report server extension: System.TypeLoadException: 

Inheritance security rules violated while overriding member: 
'Test.RSecurity.Authorization.CreateSecurityDescriptor(Microsoft.ReportingServices.Interfaces.AceCollection, 
 Microsoft.ReportingServices.Interfaces.SecurityItemType, System.String ByRef)'.

Security accessibility of the overriding method must match the security accessibility of the method being overriden.

   at System.Reflection.RuntimeAssembly.GetType(RuntimeAssembly assembly, String name, Boolean throwOnError, Boolean ignoreCase, ObjectHandleOnStack type)
   at System.Reflection.RuntimeAssembly.GetType(String name, Boolean throwOnError, Boolean ignoreCase)
   at System.Reflection.Assembly.CreateInstance(String typeName, Boolean ignoreCase, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   at Microsoft.ReportingServices.Diagnostics.ExtensionClassFactory.<>c__DisplayClass15_0.<CreateExtensionObject>b__0()
   at Microsoft.ReportingServices.Diagnostics.RevertImpersonationContext.<>c__DisplayClass1_0.<Run>b__0(Object state)
   at System.Security.SecurityContext.runTryCode(Object userData)
   at System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode code, CleanupCode backoutCode, Object userData)
   at System.Security.SecurityContext.Run(SecurityContext securityContext, ContextCallback callback, Object state)
   at Microsoft.ReportingServices.Diagnostics.RevertImpersonationContext.Run(ContextBody callback)
   at Microsoft.ReportingServices.Diagnostics.ExtensionClassFactory.CreateExtensionObject(Extension extConfig, Boolean typeOnly)

library!WindowsService_0!2538!06/05/2025-14:15:28:: e ERROR: Throwing Microsoft.ReportingServices.Diagnostics.Utilities.ServerConfigurationErrorException: 
Could not load Authorization extension, 
Microsoft.ReportingServices.Diagnostics.Utilities.ServerConfigurationErrorException: The report server has encountered a configuration error.

Note: The custom assembly has `PermissionSetName="FullTrust"`.  

What I’ve tried:

Adding the following attribute in the assembly:

[assembly: SecurityRules(SecurityRuleSet.Level1)] 

Also tried marking the method with:

[SecurityCritical] 

Despite these, the subscription execution still fails.

---

Question: Is there any additional security configuration required to allow custom authentication assemblies to work with subscriptions in SSRS 2022?

Am I missing a key attribute or configuration for CreateSecurityDescriptor to pass CLR security checks?

Answer 1

It looks like issue is not a configuration problem but it is an access modifier mismatch in your CreateSecurityDescriptor method.

Why it might be happening:

• Regular report execution runs in user context - CLR security checks are relaxed
• Subscription execution runs unattended - CLR performs strict security validation
• If your overridden method has different access level than the base interface eg: protected instead of public

You can try following fix:

1. Verify all methods are public
2. Try deleting these lines, it looks like they are conflicting with your override signatures [SecurityCritical] [assembly: SecurityRules(SecurityRuleSet.Level1)]
3. Recompile and redeploy
4. Verify