Setting up Anonymous Access for Reporting Services in SQL Server 2008 R2.

Setting up Anonymous Access for Reporting Services in SQL Server 2008 R2.

DISCLAIMER: ANONYMOUS ACCESS IS NOT RECOMMENDED as it may give direct access to your report server or report objects to any one who knows the URL of your reporting services. Additional security measurements are required while handling with anonymous access.
Microsoft has made some fundamental modifications with SQL Server 2008 Reporting Services security architecture. Reporting Services and Web Component now do not need IIS or Web Server as Reporting Services now run on it's own http.sys and serves the reports request from within http.sys.
The biggest challenge I faced while configuring Reporting Services was Anonymous Access as Anonymous Access is no more an option available to be configured easily. To enable Anonymous Access you need to configure config files and also compile dll to provide extension to Reporting Services to allow Anonymous access.
Here are the steps which can be performed to enable Anonymous Access in Reporting Services.

• Change the authentication mode in rsreportserver.config to Custom

true

• Change the Authentication mode in web.config file in ReportServer to None. Also change the Impersonation to false.

• Compile the code from this location to bin folder as Microsoft.Samples.ReportingServices.AnonymousSecurity.dll Or copy it from this location and paste it to bin folder in ReportServer.
• Add Extensions in rsreportserver.config
• Add the additional extension in Security Tag

• Add the additional extension in Authentication Tag

• Add the following codegroup to configure the code access security in rssrvpolicy.config

class="UnionCodeGroup"
version="1"
PermissionSetName="FullTrust"
Name="Private_assembly"
Description="This code group grants custom code full trust. ">

class="UrlMembershipCondition"
version="1"
Url="C:\Program Files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\bin\Microsoft.Samples.ReportingServices.AnonymousSecurity.dll"
/>

Restart the reporting services, Anonymous Access should work.

While Restoring the DB - Sql Exception: Cannot Find Server Certificate with Thumbprint

To resolve the issue complete the following steps:

1. Connect to SQL instance on the Agent machine via SQL Sever Management Studio.
2. Find the encrypted database and click through the context menu All tasks -> Encryption. You will see a certificate name.
3. Select master database and execute the following query to export the certificate:
   1. BACKUP CERTIFICATE cert_name TO FILE=’C:\1.certbak’
   2. WITH PRIVATE KEY (
   3. FILE=’C:\1.pkbak’,
   4. ENCRYPTION BY PASSWORD=’ENTER ANY PASSWORD HERE’)
   5. NOTE: cert_name – is the name of the certificate.
4. Copy C:\1.pkbak and  C:\1.certbak from the Agent to the Core machine.
5. On the Core machine, connect to Core SQL instance via SQL manager and execute the following query to import the certificate:
   1. REATE CERTIFICATE certificate_name
   2. FROM FILE=’C:\1.certbak’
   3. WITH PRIVATE KEY(
   4. FILE=’C:\1.pkbak’,
   5. DECRYPTION BY PASSWORD=’ENTER ANY PASSWORD HERE’)
   6. NOTE: certificate_name – this name should be unique.
6. In some cases SQL instance will ask you to create master key. To do this execute the following query:
   1. CREATE MASTER KEY
   2. ENCRYPTION BY PASSWORD = ’123′
7. Then perform query from step 4 once again.
   1. NOTE: Certificate with Unique Thumbrint should be imported only one time.
8. Perform these steps for every certificate in use on the Agent machine.
9. Perform attachability check to verify that the issue has been resolved.
10. Delete the files *.pkbak and  *.certbak from C drive of the Agent machine.