SSRS check if user in group using Custom Assembly

Question

I have created a Custom Assembly for my SSRS Project.

The Custom Assembly has got 2 functions, IsInGroup and MyTest:

using System;
using System.Collections.Generic;
using System.Text;
using System.Security.Principal;

namespace SSRS_Custom_Fuctions
{
    public class Class1
    {

        public static bool IsInGroup(string user, string group)
        {
            using (var identity = new WindowsIdentity(user))
            {
                var principal = new WindowsPrincipal(identity);
                return principal.IsInRole(group);
            }
        }

        public static string MyTest()
        {
            return "Hello World";
        }
    }
}

1) The basic function MyTest which returns a string 'Hello World' works perfectly fine from the Report using the expression =SSRS_Custom_Functions.Class1.MyTest()

2) The function IsInGroup which returns a boolean value is not working. This is using the System.Security.Principal namespace to check if the username passed to the function exists in the group passed to the function. When trying to invoke it using expression =SSRS_Custom_Functions.Class1.IsInGroup(User.User1, "MyGroupName"), the report is bailing out with the following error message:

request for the permission of type System.Security failed

I have modified the configuration files rssrvpolicy.config in the ReportingServices file path and RSPreviewPolicy.config in the the VisualStudio file path according to Microsoft KB920769.

I added a CodeGroup which gives FullTrust to my custom assembly.

The following has been added to the policy level element:

<CodeGroup class="UnionCodeGroup"
           version="1"
           PermissionSetName="FullTrust"
           Name="SSRS_Custom_Fuctions"
           Description="Code group for my data processing extension">

<IMembershipCondition class="UrlMembershipCondition"
                      version="1"
                      Url="C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\SSRS_Custom_Fuctions.dll"/>
</CodeGroup>

I am still getting the same error message as above.

Answer 1

In your assembly, you need to Assert the SecurityPermission object first before using it.

using System;
using System.Collections.Generic;
using System.Text;
using System.Security.Principal;

namespace SSRS_Custom_Fuctions
{
    public class Class1
    {

        public static bool IsInGroup(string user, string group)
        {

        System.Security.Permissions.SecurityPermission sp = new System.Security.Permissions.SecurityPermission(System.Security.Permissions.PermissionState.Unrestricted);
        sp.Assert();

            using (var identity = new WindowsIdentity(user))
            {
                var principal = new WindowsPrincipal(identity);
                return principal.IsInRole(group);
            }
        }

        public static string MyTest()
        {
            return "Hello World";
        }
    }
}

Answer 2

In the AssemblyInfo file you need to add namespace System.Security and

[assembly: AllowPartiallyTrustedCallers()] .

Sign the assembly with certificate and also deploy the same in GAC of machine.