Custom Authentication (Security Extension) with SSRS 2016

I recently did this work.

I searched in many sites. This example works for me: https://github.com/Microsoft/Reporting-Services/tree/master/CustomSecuritySample. Below, under the example of the project, there is a deployment manual.

Note, in my case, the web portal did not work without assigning machineKey in the files:

  • ...\Reporting Services\ReportServer\web.config
  • ...\Reporting Services\RSWebApp\Microsoft.Reporting­Services.Portal.WebHost.exe.config

In general, everything as described in the manual. Not missing a single step.

The site I used to generate the key: http://www.developerfusion.com/tools/generatemachinekey/

I hope this info helps someone.


I think you dont have a problem with get username and password or generating user token, some changes about Security Extentions in SQL Server 2016 refers CheckAccess function in IAuthorizationExtension interface.

In the following links you can find changes and sample codes especially for implementing a Security Extension for SQL Server 2016.

Implementing a Security Extension

Configure Custom or Forms Authentication on the Report Server

Authorization in Reporting Services

IAuthorizationExtension.CheckAccess Method (String, IntPtr, Byte[], CatalogOperation)


We stumbled upon a thread on the MSDN forums located here. This thread has had quite a bit of activity including responses from the product team.

For anyone having issues with getting a custom security extension to work with SSRS 2016 in the next couple of weeks, please have a look. After that, it is my understanding that all of this information will be included in the documentation when the product is in a RTM state.