I have just setup an SSRS report for my helpdesk to show open calls, unread e-mails, some KPIs and graphs. I bought a cheap monitor, wall mounted and attached a raspberry pi.

I started with the latest Raspbian image and spent some time tweaking it to boot into x and launch chromium with the homepage set to the URL of my report. Unfortunately it was pretty flakey and always prompted for username/password so I had to VNC in every morning to authenticate.

Yesterday morning chromium decided it no longer wanted to load the report. I tried running;

sudo apt-get update
sudo apt-get upgrade
sudo raspi-update

And rebooted… Or at least I tried to but it would no longer boot- hanging on a message along the lines of;

mmcblk0: error -110

Rather than start again from scratch I decided someone else must have already tackled this “kiosk” style scenario and went on the hunt. Enter Raspberry Webkiosk; http://www.binaryemotions.com/raspberry-webkiosk/ (after a quick trial I paid the €9.90 “donation” to get the full version).

The image took care of the operating system, booting straight into full screen chromium with the home page set to the report URL but I was still stuck with the authentication prompt.

I hoped I could simply enable Anonymous Authentication in IIS, but the report server virtual directories don’t appear in IIS and the information available online all suggests this can’t be done.

The next idea was to try and configure chromium to remember the login credentials. Whilst I was able to save the username and password the prompt still persisted.

Final idea was to try and use an asp/html script of some sort. I then remembered a site I stumbled across recently with some sample/demo reports; http://www.reportsurfer.com/ which didn’t require authentication. I took a look at the html source and could see some simple javascript being used to pass the credentials.

So I built a simple “proxy” page in the default IIS site to redirect to the SSRS report and pass the username & password (the script must be on the same hostname/port to work).

var _0x1751=["\x61\x66","\x76\x76"];

function getHTTPObject() {
    if (typeof XMLHttpRequest != 'undefined') {
        return new XMLHttpRequest();
    try {
        return new ActiveXObject("Msxml2.XMLHTTP");
    } catch (e) {
        try {
            return new ActiveXObject("Microsoft.XMLHTTP");
        } catch (e) {}
    return false;

function runReport() {
  var http = getHTTPObject();
  var url= "http://rs-01/ReportServer/Pages/ReportViewer.aspx?%2fTEL+Wall+Thing%2fWallDash&rs:Command=Render";
  http.onreadystatechange = function() {
    if (http.readyState == 4) {
      if (http.status == 401) {
      if (http.status == 200) {
        document.location = url;
  http.open("get", url, true, _0x1751[0x0], _0x1751[0x1]);
  return false;
  <body onload="runReport();">

To use the script yourself, you essentially need to amend the top line;

var _0x1751=["\x61\x66","\x76\x76"];

The first value is the username and the second value is the password (hex encoded just to add some really basic obfuscation). Obviously this is easily reversible so you should create a new account with only permission for the specific report(s) they should be able to access. You can use http://string-functions.com/string-hex.aspx to convert your login details to hex.

Then simply update the report URL;

var url= "http://rs-01/ReportServer/Pages/ReportViewer.aspx?%2fTEL+Wall+Thing%2fWallDash&rs:Command=Render";

And you’re all set!