I have written and deployed a custom security extension for SSRS 2008r2 and it works beautifully apart from when trying to deploy reports from within BIDS 2008/Visual Studio.

The architecture for the security extension handles logins via multiple authorities and I manage this by creating a user session in LogonUser(), persisting this in a database and then loading the session in the client proxy class for the RS web service using a UID passed by cookie from the service, then rewriting the authentication ticket to contain the session UID plus user roles for the current user. These values can then be used in the custom authorization extension to manage user permissions on SSRS actions and objects.

The problem I have run into is that it does not work when deploying reports from BIDS. Its accesses the service directly and therefore the service proxy class is not required. I have tried handling the post-authentication event on the HTTP context but alas the session cookie is not persisted by the RS service so I cannot access the session values.

So what am I missing? Is there another method for controlling user roles & permissions that does not require hard coding usernames anywhere? Like I said, logins can be made using multiple authorities so managing permissions via just a username is not possible (and the thought of it makes me cringe).

One possible solution I thought of is writing an extension or plugin for BIDS that essentially acts as a proxy for the web service which would allow me more control over the login process, but I have no idea if this is possible (google is no help…)

Any help would be gratefully accepted!