We need to use SQL Server Reporting Services in a website with server-side php and php authentication. At the moment we have two separate logins/authentication – the php and the SQL Server Reporting Services one (which I believe uses something similar to ASP.NET authentication). We need to have only the php login and we also need the reports to be secure (i.e. reports can’t be open to anonymous users).
Some of our reports only change at set times of the day, so we can generate pdfs programmatically, store them in a database or somewhere, and have the php retrieve them when the user makes a request. This is pretty straightforward.
The problem arises with one report which is changing all the time, and we’d therefore need to generate the pdf on-the-fly from the database whenever the user makes a request. This would require the php to call the reporting services directly (currently we have the reporting services link embedded in the webpage, the user clicks on this and then has to enter the secondary reporting services/windows-type login).
To get around the problem, I’m thinking we could wrap the call to reporting services in an executable, and have the php call the executable - which then spits out a pdf which php passes back to the user. We may even be able to wrap the reporting services into a CGI that is only accessible from the webserver hosting the php. Has anyone tried anything like this before? Would it work? Would it only require PHP authentication and still be secure???
Reporting Services could be either 2005 or 2008.
