I am running MS RS SP1 Developer Edition, and I have implemented forms
authentication based on the various online articles. I have custom
authentication and authorization providers which are working great. I
access the Report Manager on my local development machine, my custom
logon page appears, I enter my credentials and I'm authenticated.
Excellent.

Then, I tried to access the Report Manager from a remote machine where
I was logged on as a local Windows user. Instead of taking me directly
to my custom logon page, the Windows logon dialog appeared. I had to
enter in valid credentials on the Report Manager machine in order for
it to take me to my custom logon page.

This is clearly not what I want. If I'm implementing forms
authentication, I don't want end users to have to enter in Windows
credentials first.

It was at this point that I noticed that the Microsoft how-to article
leaves the authentication mode = Windows in the
ReportManager\web.config file. So I tried to change the authentication
mode to None or to Forms. That gave me a NullReferenceException in the
Report Manager web site code:

[NullReferenceException: Object reference not set to an instance of an
object.]

Microsoft.ReportingServices.UI.GlobalApp.Application_AuthenticateRequest(Object
sender, EventArgs e)

System.Web.SyncEventExecutionStep.System.Web.HttpApplication+IExecutionStep.Execute()
+60
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean&
completedSynchronously) +87

At this point, I'm not sure any more if this is supported. How do I
allow end users to access the Report Manager using forms authentication
but without having the Windows logon dialog appear first? I've read
tons of posts regarding Forms Authentication on this newsgroup but I
don't see this answered anywhere.

Thanks in advance for your help.

OK, I think I figured this one out. Here are the settings required in
order to prevent a Windows authentication dialog from appearing when
connecting to a Report Manager that uses forms authentication/custom
security extension:

IIS Authentication: Anonymous access checked (Integrated Windows
Authentication can be checked or unchecked)
ReportManager\web.config authentication mode: Windows
ReportManager\web.config authorization mode: <allow users="*"> (the
default)
ReportManager\web.config identity impersonation: false
File access in ReportManager directory: Grant Read & Execute to
IUSR_[MACHINE] and ASPNET

Now, if you change the ReportManager\web.config authentication mode to
None, the aforementioned NullReferenceException occurs. The problem is
that in the AuthenticationRequest event, the Reporting Services code
attempts to access HttpContext.Current.User.Identity. When the
web.config authentication mode is Windows, the context user is set to
an unauthenticated identity. When the web.config mode is None, the
context user is null. (It's not entirely clear that this distinction is
documented anywhere.) The Reporting Services code does not check for
null, hence the exception.

This seems to be a minor bug that should be fixed in a future release.

References:

http://msdn.microsoft.com/library/en-us/dnnetsec/html/SecNetch08.asp
http://msdn.microsoft.com/library/en-us/dnnetsec/html/SecNetAP04.asp
http://msdn.microsoft.com/library/en-us/dnnetsec/html/SecNetAP05.asp

Can you deploy from Visual Studio? What settings did you have t
apply? to work with forms authentication/custom security