Skip to content
May 2, 2011 / red1s

Creating an External Content Type using the Secure Store Service in SharePoint 2010

In the following blog post I’ll walk you through the steps for creating an external content type using the secure store service in SharePoint 2010

The post is split into four main sections as the process is quite lengthy:

Creating the required Active Directory Accounts / Security Groups

Create the Secure Store Service in SharePoint’s Central Admin

Create the External Content Type in SharePoint Designer

Add the data enabled lists t to your SharePoint site

Firstly I’ll need to create an AD user account:


Once that’s been created I’ll need too proceed to the Security section of central admin:


Within here I need to select the configure managed account under the ‘General Security’ heading


Depending on your environment you should have 1 to several different accounts pre-created :


Select register managed account at the top of the page:

In the username type the username of the account previously created: (in my case SecureStoreSvc) and the password


Then below this is a section to configure whether you had selected whether you wanted the password changed based on settings created previously in the setup of your active directory account



For this example I’ve left my password to not expire

Once you click OK, you should notice the account being listed:


Now we’ll need to start the secure store service on one of the application servers in t he farm.

This can be done by going back to Central Admin

And Manage servers in this Farm under System settings:


Your secure store service might be stopped:


If it is make sure to start it (by clicking on the start link)


Quick Note: If you have multi servers, make sure you star the service on at least one of your servers


Make sure to refresh the page to see that it is started:


Lets go ahead and create a service application for Secure Store (which is where it will be hosted from )

From with Application management Select Manger service application


Select new from the Ribbon and Secure store service from the drop down:


From here provide the necessary details for the Secure Store Service


I generally prefer to create new application pools – SecureStoreAppPool in this instance

Now important note here, make sure to use the account you created and registered in Sharepoint server:


There is also an audit log which is carried on the service application which can be useful for troubleshooting authentication issues if you run in t them


Click OK

Wait for the process to complete


And a success screen:


Now it should appear in the Service applications list:


Click on the secure store service application:


And you should get the following screen which will request you generate a new key


Provide a passphrase and click OK


Once done Our secure store service is ready to use:


Click New to generate a new Secure Store ID:


Provide the necessary details:


Click on Next and complete/update the Field name:


Multiple types of Fields can be used to authenticate, in this instance I chose windows user name and password

Click Next

Provide the target application administrator account and Members mapped to the credentials defined for this target application (the account defined previously)


In Members, you can see that i have my AD Group Account earlier. This means that I dont have to meddle with the SSS App anymore, just add and subtract from the AD Security Group.

Once I click OK and it processes the item you’ll notice our newly created ID:


To set the details for the impersonated – Select ‘Set Credentials’ from the menu


Section 3

From within SP Designer connect to my site and create a new External Content type(from the ribbon menu):



We’ll need to add a connection:


Now make sure you select: Connect with Impersonated Windows Identity and provide the ID name used during the secure store service creation process – in my case ( BCSConnectionID )


A big note

Make sure that the machine that you are using to do this is attached to the dmain
Even though it requests the credentials in another dialog (which I provided with the correct dmain credentials ) I still received te beloww error


Your new database should now appear in the list


For the purposes of this demo I’ll create all Operation types:



Once I save the ECT – I will get the following window notify me that it is saving back to the BDC metadata store :


Now that that is saved we’d need to go back into central administration

If you go to your list and you see the following error:


That is because you haven’t set credentials to the data source fo the user

And into the Business Data Connectivity Services Application:


We should see our newly craaetd External Content Type:


We now need to set the permissions for this:


As you can see it’s added my account in here which is the account I specified during the creation of the ECT in SP Designer which I know I will use


– however this can be a user group as well


Now that you’ve made sure the permissions are correct – lets go ahead and create the External List form our site (which can also be done via SP Designer)



You can use the External Content Type Picker if you’re nt sure of the name of the Data Source



Don’t be surprised if you get this:


As you’ll need to make sure you have logged in with the correct user to get the data to appear as below – Voila!


A few troubleshooting tips below

If you get the following note after the user has been added to the BDC list you need to :

Unable to display this web part. To troubleshoot the problem, open this web page in a Microsoft SharePoint foundation-compatible html editor such as Microsoft SharePoint designer.


As it recommends opening up the page in SP designer shows the following:


Checking the ULS Logs shows the following:



Hints on Error:

Cannot use External Content Type in SharePoint 2010 Foundation

Another side note regarding the BDC service is that you might need to give it some time to update SharePoint (probably processes as this process takes a while to register )


Great video describing the secure store service process

Fabian G Williams

BCS in Foundation 2010


Planning your secure store service


Great BCS Model Overview pic:


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: