| Name | SPD | Model |
| Pass Through | User’s Identity | PassThrough |
| SSO (Windows) | Impersonated Custom/Windows Identity | RdbCredentials / WindowsCredentials |
| Revert To Self | BDC Identity | RevertToSelf |
Let's go through them one by one to get a general idea quickly.
1. Pass Through: authenticate to the external system with the same credentials that were used to authenticate to SharePoint. Kerberos supports only. It will not function by default in NTLM, because NTLM does not allow for delegation of identity
2. SSO: we can use the credentials in Secure Store to sign you in again on the server.
3. Revert To Self: Using Revert To Self means to connect to the external system as the IIS application pool that is servicing the request. Because the application pool of a SharePoint farm is a very highly privileged account, it is not a recommended security practice to use Revert To Self in deployment environments.
All right! We already knew what they stand for currently. Let's focus on how to resolve our issue.
----------------------------------------------
Okay. Based on BCS modes, we have three solutions.
1. Use Kerbero authentication. I haven't try this one.
2. Use SQL Authentication and save the credential into Secure Store service application (Recommend)
For this solution, you can refer to Laura Rogers's post
http://www.sharepoint911.com/blogs/laura/Lists/Posts/Post.aspx?ID=90
The only one point you need to notice is the SQL Server user must have the SQL Authentication permission
3. Use Revert to Self mode.
a. Click Start -> All Programs -> Microsoft SharePoint 2010 Products -> SharePoint 2010 Management Shell
b. In the opening window, enter the following commands
$bdc = Get-SPServiceApplication | where {$_ -match "Business Data Connectivity Service"}
$bdc.RevertToSelfAllowed = $true
$bdc.Update()
c. Restart your server
No comments:
Post a Comment