I have built a custom security extension for SSRS 2017 that accepts username, password, and a TOTP for 2FA that passes that onto a REST API to validate the information. The extension is working beautifully.
Now I'm trying to figure out the best way to have my BI/Report developers publish reports. Currently I have given them access to disable 2FA on their account, deploy inside of Visual Studio as normal with the forms credentials, and then enable 2FA again. It is working, but it has security issues I don't like and was trying to come up with a more elegant way.
Really, I think I just need help with authenticating programmatically. From there I have a lot of options. I'm leaning towards a VS Extension, but I can't quite seem to get the authentication piece. I see the SOAP API has a LogonUser() method, but it only supports username, password, and domain fields and not custom fields. I don't see any authentication endpoints in the REST API, so I guess it only works from an already authenticated browser.?.? As I'm typing this, I'm wondering if a .NET Core HttpClient could be used to mimic an interactive logon and share cookies between requests to use the REST API.?.?
Does anyone have any ideas on how to programmatically authenticate or any other clever solutions?
Thanks,
Justin
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(57.599999999999994, 66%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJJ%3C/text%3E%3C/svg%3E)
