I am currently implementing custom authentication for SSRS using the official sample repository.
I implemented both methods (IAuthenticationExtension2.GetUserInfo(IIdentity, IntPtr) and IAuthenticationExtension2.GetUserInfo(IRSRequestContext, IIdentity, IntPtr)) and they work correctly for my use case.
I would like to know when the SSRS calls either method and how it decides which to call, as there is no information I could find about this either on Google or using LLMs. All I managed to find are questions about why code didn't work.
In SSRS, there are these two methods you've probably seen: GetUserInfo(IIdentity, IntPtr) and GetUserInfo(IRSRequestContext, IIdentity, IntPtr). They're like SSRS's way of figuring out who's trying to access reports and whether they should be allowed.
So, when does SSRS decide to call which one?
The first method, GetUserInfo(IIdentity, IntPtr), is like when SSRS just wants to know who you are. It's like a basic identity check. If SSRS only needs to check your identity without caring much about what you're trying to do, it'll pick this method.
The second method, GetUserInfo(IRSRequestContext, IIdentity, IntPtr), is more detailed. SSRS rings this up when it needs more info about what you're up to. Besides your identity, it might want to know specifics about the report you're trying to access or any extra details you're providing. So, if SSRS needs a deeper understanding of your request, it'll go with this method.
So, which one SSRS goes for depends on what it needs from your authentication process. If it's just a straightforward ID check, it'll use the simpler method. But if it needs to dig into the specifics of your request, it'll opt for the more detailed one.
If both methods are doing the job for you, it could mean SSRS is picking the more detailed method because it likes having that extra info, even if your setup doesn't strictly need it. So, it's wise to handle both cases in your authentication setup, just to cover all the bases.