Tuesday, May 11, 2010

Sharepoint 2010 BCS connection getting started and authentication issues

There is a very good "get you started" article here, walking you through creating a SharePoint List to an external SQL table. Whilst all the steps were clear it did not deal with security and authentication to the SQL server.

Several methods are available to connect through to back end data providers, however "Connect with User's Identity" (or Pass Through) will only work with Kerberos enabled, and if it is not you will get a Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON' error.

With SP2010 it is much better to use either the Impersonate Windows (or Custom) Identity - which makes use of the SharePoint 2010 Secure Store Service.

If however you dont want to use these or havnt set them up then you can use RevertToSelf which uses the BCS's application pool credentials.

Microsoft warn against this method as a potential security risk and if you try to select it as a connection property it will give you an error saying that revert has to be enabled for the application pool. (See this link)

This is done by setting RevertToSelfAllowed for the BCS model's authentication mode wont work without using powershell to set the Sharepoint Server setting for this to True.

$apps = Get-SPServiceApplication
$bcs = Get-SPServiceApplication where {$_ -match ""}

## If you’re doing this by hand, just type $apps and look #for the Business Data one, then index into it like $apps[i].#If you’re doing it for automation, filter by #$_.GetType.FullName (not $_.TypeName, which is localized).

$bcs.RevertToSelfAllowed = $true

Remember that if you do use this method then the BCS's application pool credentials must have the appropriate rights to the SQL Server Table.

References:
Authenticating to Your External System - BCS Team blog
BCS and External List Learning – Part1
BCS and External List Learning – Part2
Getting started with Business Connectivity Services (BCS) in SharePoint 2010

1 comment:

Unknown said...

Information was good, I like your post.
Looking forward for more on this topic.
SharePoint 2013 Administrator Certification Training Online