using form authentication with ssrs 2016

Is the SSRS report deployed on the Reporting Services server or used as a local report?

If you are using hosted report, you can go to report management web-site as http://<server name or ip>/Reports. Please do this preferably in IE and run IE as an Administrator.

Then click on the desired report, a context menu appears, click on 'Security' option or 'Manage' option. Page refreshes and report details are shown. Click on 'Data Sources' from left hand menu pane. Under normal / most circumstances, 'A custom data source' radio button would already be selected. Below that see 'Connect using'. Below that click on 'Credentials stored securely in the report server'. You can enter username and password here.

thanks for your response.  The report is running locally on the same server as the sql database and web application.

I think, I am confused here. Can you please clarify when username / password dialogue is presented they are using the Windows Authentication credentials? If yes, then this is Reporting Services authentication and not data source authentication. Unfortunately, Reporting Services provides ONLY windows authentication and no sql server authentication option is available.

So what do you do? Basically, while processing report, you provide the credentials programatically, as shown here.

Typically, a dedicated account is created for this purpose, so as not to compromise any other users account security.

I am using a sql user, "Reports", for the datasource login.

BTW,
MERRY CHRISTMAS!

I apologize, I was wrong.  the datasource user is a windows user I created on the server, <server>\ReportUser, not a sql user.

It is possible to configure data source authentication as i described earlier on Report server itself.

Your statement, "So what do you do? Basically, while processing report, you provide the credentials programatically, as shown here." , doesn't include anything.

The web portal, I assume, is where I'm having trouble.  There is nothing on IIS to point to it and I'm not clear on how to do this.

Here is a link I posted there...

https://msdn.microsoft.com/en-us/library/microsoft.reporting.winforms.reportservercredentials.networkcredentials.aspx

There must be some code, some way, you are delivering the report, isn't it? Can you please show / describe how exactly you are rendering the report. That would be helpful to understand the issue, i guess.

here is the controller code:

public class ReportController : Controller
 {
        private string ReportServer = "https://www.web.net/reports_sqlexpress/report/";

       public ActionResult CurrentOutOfTownList()
        {
            ViewBag.Url = ReportServer + "CurrentOutOfTownList?rs:embed=true";
            return View();
        }

}

Select allOpen in new window

here is the view:

<h2>Current Out of Town List</h2>
<br /><br />
<div>
    <iframe src="@ViewBag.Url" width="900" height="900"></iframe>
</div>

Select allOpen in new window

The user is prompted for the userid and password the first time a report is requested, but not on subsequent requests.

Can anyone answer this question ?  I really need some help here!

Hummm...Neither ever seen reports being delivered this way nor thought it could  be.

Essentially, what you are doing is delivering reports right from the report server, without using this url as a service url. If it is working it this way, it is fine.

What you have do is go to Report Manager url, this would typically be different than the Web-Service url, which actually delivers the report contents.

Once there, I recommend that if you haven't already, create folder to place all your reports, even if there is just one at the moment.

There is way to grant permissions under security context sensitive menu option of the folder. Go there and (once again, I recommend that create a separate Windows group) and grant a 'Browser' permission to a Group (or User) to the folder. And add intended users to that group. So you don't have keep on managing permissions. Just add and remove users from that group.

This link might of some help : https://docs.microsoft.com/en-us/sql/reporting-services/security/grant-user-access-to-a-report-server

And also have a look at the following.

On second thoughts, I believe you already did this that why it is prompting for the authentication. Which browser are they using? It is likely that they are not using IE. To my knowledge, IE automatically passes on the current user authentication (being a Microsoft browser) but other do prompt for it.

I am not seeing any other way that your delivering report in programatic way, which give much more control over security and allows you to supply that information in the code (without any user intervention).

The link I have already provided : https://msdn.microsoft.com/en-us/library/microsoft.reporting.winforms.reportservercredentials.networkcredentials.aspx

But I don't know how to achieve this in MVC way.

The delivery method I'm using is new ( as far as I know ) in sql server 2016.  That uses its own internal web server and allows reports to be embedded in a web page using the methods I am using.  Since I am using MVC application I don't have form controls to use.

Got that. However, I guess, there must be a way to achieve it. Try google with appropriate words may be. It's hugely unlikely that they would not think of this.

Yeah, I've tried the Google route without success.  I think I'm missing something basic here.