We have an application developed under MVC4 and running on IIS 7, using asp.net 4.5.
Our application is configured for windows authentication (no provider is selected so I assume that means NTLM), regardless our domain users can log into the application without issue.
We have SQL 2016 Server Standard edition with reporting services installed and the active directory user that has access on the reporting server to execute those reports is MySSRSUser (completely different from authenticated user).
We need IIS to impersonate that user when we access the reports.
On localhost in our laptop dev environment we have tried accessing the application within IIS and enabling impersonation. Then we enter the credentials for MySSRSUser. Afterwards, we can see that the credentials and <impersonate = true> have been entered in the web.config.
Right before we access the report using an embedded URL we call the WindowsIndentity.Impersonate() method but it doesn't seem to have any effect.
Can someone help us? We don't want to create an A/D group with all the application users for security reasons. Although when we do this and give that group authorization to execute reports we can invoke the SSRS reports via embedded url.
Code Snippet:
WindowsIdentity wi = new WindowsIdentity(userName@fullyqualifieddomainName);
WindowsImpersonationContext ctx = null;
try
{
ctx = wi.Impersonate();
// Thread is now impersonating you can call the backend operations here...
catch
{
// Prevent exceptions propagating.
}
finally
{
// Ensure impersonation is reverted
ctx.Undo();
}