Skip to content
May 2, 2011 / red1s

Creating an External Content Type using the Secure Store Service in SharePoint 2010


In the following blog post I’ll walk you through the steps for creating an external content type using the secure store service in SharePoint 2010

The post is split into four main sections as the process is quite lengthy:

Creating the required Active Directory Accounts / Security Groups

Create the Secure Store Service in SharePoint’s Central Admin

Create the External Content Type in SharePoint Designer

Add the data enabled lists t to your SharePoint site

Firstly I’ll need to create an AD user account:

clip_image001

Once that’s been created I’ll need too proceed to the Security section of central admin:

clip_image002

Within here I need to select the configure managed account under the ‘General Security’ heading

clip_image003

Depending on your environment you should have 1 to several different accounts pre-created :

clip_image004

Select register managed account at the top of the page:

In the username type the username of the account previously created: (in my case SecureStoreSvc) and the password

clip_image005

Then below this is a section to configure whether you had selected whether you wanted the password changed based on settings created previously in the setup of your active directory account

clip_image006

clip_image007

For this example I’ve left my password to not expire

Once you click OK, you should notice the account being listed:

clip_image008

Now we’ll need to start the secure store service on one of the application servers in t he farm.

This can be done by going back to Central Admin

And Manage servers in this Farm under System settings:

clip_image009

Your secure store service might be stopped:

clip_image010

If it is make sure to start it (by clicking on the start link)

1

Quick Note: If you have multi servers, make sure you star the service on at least one of your servers

clip_image011

Make sure to refresh the page to see that it is started:

clip_image012

Lets go ahead and create a service application for Secure Store (which is where it will be hosted from )

From with Application management Select Manger service application

clip_image013

Select new from the Ribbon and Secure store service from the drop down:

clip_image014

From here provide the necessary details for the Secure Store Service

clip_image015

I generally prefer to create new application pools – SecureStoreAppPool in this instance

Now important note here, make sure to use the account you created and registered in Sharepoint server:

clip_image016

There is also an audit log which is carried on the service application which can be useful for troubleshooting authentication issues if you run in t them

clip_image017

Click OK

Wait for the process to complete

clip_image018

And a success screen:

clip_image019

Now it should appear in the Service applications list:

clip_image020

Click on the secure store service application:

clip_image021

And you should get the following screen which will request you generate a new key

clip_image022

Provide a passphrase and click OK

clip_image023

Once done Our secure store service is ready to use:

clip_image024

Click New to generate a new Secure Store ID:

clip_image025

Provide the necessary details:

clip_image026

Click on Next and complete/update the Field name:

clip_image027

Multiple types of Fields can be used to authenticate, in this instance I chose windows user name and password

Click Next

Provide the target application administrator account and Members mapped to the credentials defined for this target application (the account defined previously)

clip_image028

In Members, you can see that i have my AD Group Account earlier. This means that I dont have to meddle with the SSS App anymore, just add and subtract from the AD Security Group.

Once I click OK and it processes the item you’ll notice our newly created ID:

clip_image029

To set the details for the impersonated – Select ‘Set Credentials’ from the menu

clip_image030

Section 3

From within SP Designer connect to my site and create a new External Content type(from the ribbon menu):

clip_image031

image

We’ll need to add a connection:

image

Now make sure you select: Connect with Impersonated Windows Identity and provide the ID name used during the secure store service creation process – in my case ( BCSConnectionID )

clip_image034

A big note

Make sure that the machine that you are using to do this is attached to the dmain
Even though it requests the credentials in another dialog (which I provided with the correct dmain credentials ) I still received te beloww error

clip_image035

Your new database should now appear in the list

image

For the purposes of this demo I’ll create all Operation types:

image

clip_image038

Once I save the ECT – I will get the following window notify me that it is saving back to the BDC metadata store :

clip_image039

Now that that is saved we’d need to go back into central administration

If you go to your list and you see the following error:

clip_image040

That is because you haven’t set credentials to the data source fo the user

And into the Business Data Connectivity Services Application:

clip_image041

We should see our newly craaetd External Content Type:

clip_image042

We now need to set the permissions for this:

clip_image043

As you can see it’s added my account in here which is the account I specified during the creation of the ECT in SP Designer which I know I will use

clip_image044

– however this can be a user group as well

clip_image045

Now that you’ve made sure the permissions are correct – lets go ahead and create the External List form our site (which can also be done via SP Designer)

clip_image046

image

You can use the External Content Type Picker if you’re nt sure of the name of the Data Source

clip_image048

image

Don’t be surprised if you get this:

clip_image050

As you’ll need to make sure you have logged in with the correct user to get the data to appear as below – Voila!

clip_image051

A few troubleshooting tips below

If you get the following note after the user has been added to the BDC list you need to :

Unable to display this web part. To troubleshoot the problem, open this web page in a Microsoft SharePoint foundation-compatible html editor such as Microsoft SharePoint designer.

clip_image052

As it recommends opening up the page in SP designer shows the following:

clip_image053

Checking the ULS Logs shows the following:

 

clip_image054

Hints on Error:

Cannot use External Content Type in SharePoint 2010 Foundation

http://social.technet.microsoft.com/Forums/en/sharepoint2010customization/thread/25e40347-6cd5-4613-9efc-f5074f6ca9fc

Another side note regarding the BDC service is that you might need to give it some time to update SharePoint (probably processes as this process takes a while to register )

References:

Great video describing the secure store service process

http://technet.microsoft.com/en-us/library/ee806866.aspx

Fabian G Williams

http://fabiangwilliams.wordpress.com/2010/04/16/how-to-create-configure-consume-sharepoint-2010-secure-store-in-business-connectivity-services/

BCS in Foundation 2010

http://msdn.microsoft.com/en-us/library/ee557646.aspx

 

Planning your secure store service

http://technet.microsoft.com/en-us/library/ee806889.aspx

 

Great BCS Model Overview pic:

image

http://zoom.it/wHCA#full

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: