I have read a million documents on this question and I still don't get it. I would greatly appreciate any insights. I start a new WebSite. I put these specs in web.config: <authentication mode="Windows"/> <identity impersonate="true" userName="AIB\ablh" password="blah" /> <authorization> <deny users="?"/> </authorization> I put a ReportViewer control on my only page. I set the URL and the ReportName and run the application which returns HTTP 401, authorization error. What else do I have to do to make this little demonstration work? I have read entries about credentials, about delegation, about application pools, about just about everything. Isn't this just supposed to work? This works without difficulty on a Windows form. Much thanks.

Is your web application and Report Server on the same IIS box? Do your virtual directories (Reports / ReportServer) have Anonymous checked or unchecked? Does this happen if you run the web application on the server or just on a client (not the web server)? Are the credentials you provide in the web.config domain or a machine specific windows account?

What have you entered for the ReportViewer's ReportPath property? I don't see how it can "just work" unless you tell it what report to run...