SSRS, ReportViewer and ASP.NET Access Denied

I've got an ASP.NET application that has a ReportViewer control on it:

<rsweb:ReportViewer ID="rv" runat="server" ProcessingMode="Remote" 
            ShowParameterPrompts="False"AsyncRendering="true" >
    <ServerReport ReportPath="<My Report>" ReportServerUrl="<Report Server URL>" />
</rsweb:ReportViewer>

The report server is running on different server than my app server so I'm p开发者_开发百科assing credentials when I call the report:

rv.ServerReport.ReportServerCredentials = New ReportCredentials()
rv.ServerReport.SetParameters(params)
rv.ServerReport.Refresh()

Credentials are in this class:

<Serializable()> _
Public Class ReportCredentials
Implements Microsoft.Reporting.WebForms.IReportServerCredentials


Public Function GetFormsCredentials(ByRef authCookie As System.Net.Cookie, ByRef userName As String, ByRef password As String, ByRef authority As String) As Boolean Implements Microsoft.Reporting.WebForms.IReportServerCredentials.GetFormsCredentials
    authCookie = Nothing
    userName = Nothing
    password = Nothing
    authority = Nothing

    Return False
End Function

Public ReadOnly Property ImpersonationUser() As System.Security.Principal.WindowsIdentity Implements Microsoft.Reporting.WebForms.IReportServerCredentials.ImpersonationUser
    Get
        Return Nothing
    End Get
End Property

Public ReadOnly Property NetworkCredentials() As System.Net.ICredentials Implements Microsoft.Reporting.WebForms.IReportServerCredentials.NetworkCredentials
    Get
        Return New NetworkCredential(AppSettings("ReportUser"), Helpers.GetReportPassword(), AppSettings("ReportDomain"))
    End Get
End Property

End Class

In my web.config file I've got impersonate="true".

The problem I'm having is that most users get this error:

Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))

If I run the application under my account and then have them try under their account it works. I can reproduce the error for them by recycling the App Pool the app is running under. If I make a user a local admin (like I am) on the app server then it will work but obviously I don't want to do this. Any ideas on what I'm doing wrong and also why the application all of sudden works for them after I run it once?

---

Found out the issue was access to the machine.config file on the app server. Since I'm running with impersonation and integrated authentication in IIS, the app was running as the logged in user. Apparently when getting the NetworkCredentials, machine.config is accessed. Since the users didn't have access to machine.config, it failed. I'm guessing machine.config is cached so that's why it worked after I ran the app as myself (an admin). I went ahead and gave read access to machine.config to my users for now and that has solved the issue. Not sure if there's a better way to do it.