If you're doing any SharePoint development, then you will almost certainly be familiar with WebParts. WebParts are pretty much just fancy ASP.Net controls that allow the user to place them into WebPart Zones and save a personalized state, all of which is managed by SharePoint. WebParts are created using Visual Studio.Net (or a .Net compilier if you're into that type of thing).
One of the biggest problems I've run into so far when developing WebParts was in regard to web services. One of the WebParts that I've been working on was a Reporting Services WebPart. To program against Reporting Services you have to use the Report Services web service. This web service handles security using Windows NT authentication, so when you make calls to the service you have to provide it with credentials.
All of this is fine except for the fact that you can't take the credentials that you get in the WebPart (which are the ones passed in via the browser) and then pass those same credentials to the web service. This is known as a “double-hop” and isn't supported due to the way NT authentication is done (an interesting read). So what can you do?
Currently I've been doing a lot of client side javascript programming to get around this. To do this you create an MSXML http request and call the web service directly from the client and then parse the results and populate the web part using client side javascript. This actually works pretty well. I came across this method when I was porting the Office 2003 WebParts to an Office XP WebParts package that I created. However, when you add in postbacks, client script blocks, and code maintenance, this approach gets pretty complex pretty quickly.
Some other approaches can be taken such as using basic authentication with https. I'm also looking into seeing if I can make the web service calls using an administrator account but using a security check that passes in the userid to see if the user has permission to access the report. But I've had to put the project on a backburner for a bit while I build some more MDX reports.
Update: I've posted my first article on Reporting Services webparts here which covers the client side script approach.