Hello: I am migrating an application from SQL Server 2000 to 2005. The application uses Reporting Services to display all reports. Authentication is implemented using forms authentication. However, the user does not use the form to login when viewing the report. The user logs into our web application; then, when they access the report, we log them into Reporting Services using the LogonUser method of the Reporting Server web service. I have tried a number of strategies to migrate this application, so far unsuccessfully. I tried running the application as is, since the original web service ReportService.asmx is still there. I then tried implementing a new solution using the following link as an example: http://msdn2.microsoft.com/en-us/library/ms160724.aspx I have been working on this for quite some time and am not able to get the authentication/authorization working correctly for anyone other than the admin. Two problems I am having: The way the authentication is supposed to work is that I call the LogonUser method of the ReportServerProxy, which turns around and calls my custom implemented method LogonUser. LogonUser checks the application database to confirm the authentication, and returns true or false. I have put in debug code and verified this is working correctly. The GetWebResponse method of ReportServerProxy is supposed to intercept the response, capture the reporting server generated cookie, and pass it along as an HTTP cookie for later use. The problem I am having here is the method never gets called. This seems strange, since GetWebRequest is called, and I should get some kind of response, either way. The second problem I am having is when I get to my CheckAccess method. This method is supposed to pass along a user name (the person requesting access), the required operation, and a security descriptor indicating what object was accessed (in this case, a report) and who has access to it so I can make the decision on whether or not the user name has access. A comment in the code indicates that this security descriptor is supposed to be created by the CreateSecurityDescriptor method. The problem I am having is that the CreateSecurityDescriptor method is never called. When I get to the CheckAccess method, the security descriptor is null, indicating no one has access to the object in question. I have set up my solution on two different machines and encountered these same two problems. This would seem to preclude errors in the install process (ex. typos in the config files) or a corrupt internal component of SQL Server. Everything else about the process seems to be working fine. Has anyone encountered this problem before or knows what I should check for? Since these methods are supposed to be called by Reporting Services rather than my own code, I am at a loss as to what to check for to make sure they are called correctly. Thanks in advance for any guidance you can provide.