SQL Server 2008 Reporting Services no longer depends on IIS
It sometimes seems impossible to keep everyone happy all the time. The Reporting Services predict team thought it would be a good idea to remove the dependency on IIS in SQL Server 2008, to make it easier to configure and to reduce the attack surface of the report server.
However, there have been some concerns raised about this, e.g. is it secure, how do I know how it's configured etc.
- SQL Server 2008 uses http.sys to allow you to have total control of the of the URL's to be used. (https://msdn2.microsoft.com/en-us/library/aa364698.aspx).
- http.sys respect the same security registry settings as IIS6/7 (https://support.microsoft.com/kb/820129) .
- The authentication supported is a subset of what's available in IIS6/7 - except that anonymous authentication and authentication filters are not supported.
- ASP .Net security is essentially the same.
So what's not to like?
Technorati Tags: SQL Server 2008,Reporting Services
Comments
Anonymous
December 05, 2007
Microsoft has severed the IIS dependency for SQL Server Reporting Services (SSRS) in the 2008 version,Anonymous
December 05, 2007
Появилась пара источников в сети (http://blogs.msdn.com/bwelcker/archive/2007/12/04/everybody-why-leave-iis.aspx...Anonymous
December 26, 2007
Voila une nouvelle qui devrait ravir tous les administrateurs système rétissant à l'installation et l'utilisationAnonymous
December 27, 2008
Is this why I see no Reports & ReportManager virtual directories in the Default Web Site???Anonymous
December 30, 2008
Yep, you set up everything from the rpeortiing services configuration tool.Anonymous
January 25, 2009
While answering a forum post I was reminded that SQL Reporting Services 2008 no longer requires IISAnonymous
March 05, 2009
The comment has been removedAnonymous
May 21, 2009
The comment has been removedAnonymous
August 28, 2009
Because of removing Anonymous Authentication Reporting Services 2008 has become the VISTA of databases, its good but lacking, it leaves you deflated heading back to 2005Anonymous
August 28, 2009
Jekes That's a great analogy because just like Vista this is much more secure, easier to manage and easier to use.Anonymous
November 28, 2012
Is there a problem turning on IIS on a server that has SSRS? I would like to deploy a web app on a infrequently used SSRS server.Anonymous
December 09, 2012
Ritchie, No but you need to be careful what you are doing so you don't collide with what SSRS is doing as it won't show up in IIS Manager. Hopefully this article.. msdn.microsoft.com/.../bb630449.aspx will help AndrewAnonymous
January 16, 2014
Hi Andrew, we have configured SSRS 2008 and it is using Windows Authentication beautifully. However, the user must log in each time they try to access Report Manager. Can this log in be avoided since they have already signed in to their computer - a way that is configurable from the server - rather than Options on their browser?Anonymous
January 23, 2014
ReenaJust copying in my earlier reply for other readers1. Checking that that IE on their machines is set so that the report server is trusted. Do this on one of their machines or yourself with an account that works.. 2. If you have your SSRS service running on server A, and your source database is on server B, then you can’t get Kerberos delegation to client C as this is a double hop. So follow this blog post through with your infrastructure team.. http://blogs.technet.com/b/rob/archive/2011/11/23/enabling-kerberos-authentication-for-reporting-services.aspxAndrewAnonymous
June 03, 2014
Pingback from How To Install SQL Server 2008 R2 on Windows Server 2008 R2 » Adrian Costea's blog