Thursday, July 5, 2012

Request for the permission of type "System.DirectoryServices failed"

I created a ssrs report with custom dll execution. The custom dll would retrieve the active directory groups of the report user. Code of custom dll function was:

// Get groups of user with specific prefix and extract the store information
public static List GetStoresSecurity(string groupprefix, string userName)
List result = new List();
// establish domain context
PrincipalContext yourDomain = new PrincipalContext(ContextType.Domain);
// find your user
UserPrincipal user = UserPrincipal.FindByIdentity(yourDomain, userName);
// if found - grab its groups
if (user != null)
PrincipalSearchResult groups = user.GetAuthorizationGroups();
// iterate over all groups
foreach (Principal p in groups)
// make sure to add only group principals
if (p is GroupPrincipal)
if (p.Name.StartsWith(groupprefix))
result.Add(p.Name.Replace(groupprefix, ""));
return result;

When I deployed the report I added to rssrvpolicy.config the following permission assign (ReportFunctions.dll contains my function):


Name="Report Functions"
Description="This code group grants full permissions to directory functions ">
Url="C:\Program Files\Microsoft SQL Server\MSRS10_50.R2\Reporting Services\ReportServer\bin\ReportFunctions.dll"

When I tried to execute the report I got the error: Request for the permission of type "System.DirectoryServices failed". This was a permission error and the way I found to overpass it was to give full trust to .net assemblies. The way to do this was to edit again rssrvpolicy.config and make the following change:


Description="This code group grants default permissions for code in report expressions and Code element. ">

1 comment:

  1. Hi Nick,

    did you solved problem with Attemption by security transparent method to access security critical method in DirectorySearcher?

    I'm solving this problem right now. I see one solution - query AD by SQL... But it is not so nice... :-(

    Best regards, Tomas
