Configure Custom or Forms Authentication on the Report Server

Reporting Services provides an extensible architecture that allows you to plug in custom or forms-based authentication modules. You might consider implementing a custom authentication extension if deployment requirements do not include Windows integrated security or Basic authentication. The most common scenario for using custom authentication is to support Internet or extranet access to a Web application. Replacing the default Windows Authentication extension with a custom authentication extension gives you more control over how external users are granted access to the report server.

In practice, deploying a custom authentication extension requires multiple steps that include copying assemblies and application files, modifying configuration files, and testing. This topic focuses on just the authentication settings that you specify in the configuration files.


Creating a custom authentication extension requires custom code and expertise in ASP.NET security. If you do not want to create a custom authentication extension, you can use Microsoft Active Directory groups and accounts, but you should greatly reduce the scope of a report server deployment. For more information about custom authentication, see Implementing a Security Extension.

Additionally, if you want to use Forms authentication or a custom authentication extension in a SQL Server Reporting Services environment that is integrated with a SharePoint product, you must configure the SharePoint site to use the authentication method that you choose. For more information about configuring authentication in SharePoint, see Authentication Samples on Microsoft Developer Network (MSDN).

To configure a report server to use Custom authentication

  1. Open RSReportServer.config in a text editor.

  2. Find <Authentication>.

  3. Copy the following XML structure:

                 <Custom />
  4. Paste it over the existing entries for <Authentication>.

    Note that you cannot use Custom with other authentication types.

  5. Save the file.

  6. Open the Web.config file for the report server. By default, it is located at \Program Files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\ReportServer.

  7. Find authentication mode and set it Forms.

    <authentication mode = "Forms" />
  8. Find identity impersonate and set it to False.

    <identity impersonate = "false" />  
  9. Add the PassThroughCookies element structure to the configuration file. For more information, see Configure the Web Portal to Pass Custom Authentication Cookies

  10. Save the file.

  11. If you configured a scale-out deployment, repeat all of the previous steps for other report servers in the deployment.

  12. Restart the report server to clear any sessions that are currently open.

See Also

Implementing a Security Extension
Reporting Services Custom Security Sample (GitHub)
Authentication with the Report Server
RsReportServer.config Configuration File
Configure Basic Authentication on the Report Server
Configure Windows Authentication on the Report Server
More questions? Try the Reporting Services forum