We have a 3rd party coldfusion web app for customers and we want to use SSRS to display reports to them (securely). I have only used report manager so far, so I could do with some good pointers on how to implement this. Each customer should only see data for themself (GUID passed on the URL maybe?) and only after they have gone through the coldfusion logon page to ensure security.
Their is a SQL User table the user logs in against, but the o/s sees everybody as IUSR_blah as the web server is not on our normal domain.
Any pointers/ideas/best practices please?
TIA

SSRS wants to use Windows security by defualt. The "right" way to do this is to create a custom security extension but this can be rather complicated. Unless you take htis approach, to prevent the user form being prompted for Windows credentials, you'll need to open-up the Report Server using anon access and then add code to your reports to use a parameter for security. You're on the right track by passing some kind of cryptic key as a parameter. One idea is to use a consumer-side routine to send the hashed or encoded version of a key value of some kind. In the report, reference a server-side component that decodes or comares the hash. I've seeded the key using the date/time and allowed a five min. window before this value expires. Another idea is to set a database row in the client and the read and then delete it in the report. I'll be interested in knowing what you decide to do.

Paul Turley, MCSD, MCDBA, MCT, MSF Practitioner