I'm investigating the viability of embedding reports using the HTML5/Angular report viewers and using Report Server to manage and render the reports.
The reports will contain confidential information, so we need to ensure that report rendering/retrieval requests are secure.
Using the guest account or putting report server credentials in plain text in the client-side Javascript is not an option.
Ideally, we would like to send the report parameters to the report server in an encrypted manner (Using only SSL is susceptible to man-in-the-middle attacks).
What are our options for using custom authentication tokens with Report Server or putting a reverse proxy in front of Report Server to secure the embedding requests?
Any help will be greatly appreciated.