Sign in
 
HomeSharePoint Server 2010SharePoint Foundation 2010LibraryForums
SharePoint Products > SharePoint Products and Technologies Forums > SharePoint - Business Data Catalog (pre-SharePoint 2010) > Making BDC with SSO work with Forms based authentication
Ask a questionAsk a question
Search Forums:
 

QuestionMaking BDC with SSO work with Forms based authentication

  • Tuesday, August 19, 2008 8:07 AMThomas N. Sørensen Users MedalsUsers MedalsUsers MedalsUsers MedalsUsers Medals
     
    Sign In to Vote
    0
    Sign In to Vote
    We are struggling with how to correctly set up BDC to work with FBA (forms based authentication). The scenario is as follows:

    We have built a BDC definition for MS CRM 3.0 and are using standard BDC webparts to show some custom entities from CRM. The BDC connects directly to the CRM database, so we set up SSO (single sign-on) to provide mapping to an SQL account with read access to the database (all domain accounts are mapped to use the same SQL user in SSO). This part is working just fine.

    Now we need to set up dual authentication to enable external users to view the same info. The site is extended and the new zone is configured to authenticate using Forms Based Authentication. But how do we map FBA users within SSO? Apparently you can only map an domain group within the page "Manage Account Information for an Enterprise Application Definition" in central admin.

    Any help or input to getting the external users access to the BDC info is appreciated. All external users will have the same access rights (no need to map rights per user basis).


    Thanks in advance
    Thomas N. Sørensen
     

All Replies

  • Saturday, September 06, 2008 4:17 AMBen Cline1MVPUsers MedalsUsers MedalsUsers MedalsUsers MedalsUsers Medals
     
    Sign In to Vote
    0
    Sign In to Vote
    This sounds like you would need the App pool to have permissions in the SSO. If you have ASP.NET to impersonate the user account of the current user via Windows authentication this will not work with the SharePoint SSO unless you add all of the accounts to SSO.

    Thanks,
    If this answers your question, please use the "Answer" button to say so | Ben Cline
     
  • Sunday, September 07, 2008 4:18 PMDaniel Bugday Users MedalsUsers MedalsUsers MedalsUsers MedalsUsers Medals
     Has Code
    Sign In to Vote
    0
    Sign In to Vote
    Hi Thomas,
    follow this steps:

    1.       First extend the default Shared Service provider to another zone. (The web application hosting the SSP, extend to internet zone)
    2.       Configure the other zone to use FBA. (The extended web's web.config file add the <connectionString/> data from the FBA)
    3.       Assign a form based authenticated user as secondary site administrator for Shared Service provider.
    4.       Grant this form based authenticated user privileges on BDC. (In the new SSP)
    5.       You should be able to make BDC work by setting the AuthenticationMode to either RdbCredentials or RevertToSelf (provided Anonymous access is enabled in the site).

    Do an IISReset and you should be good to go!



    Daniel Bugday Web: http://www.sharepointforum.com/ Blog: http://www.sharepointforum.com/en-US/Blog/
     
  • Tuesday, November 17, 2009 3:38 PMJ Siegmund [MCTS] Users MedalsUsers MedalsUsers MedalsUsers MedalsUsers Medals
     
    Sign In to Vote
    0
    Sign In to Vote
    Hi Thomas,

    did you ever solve this. And if you did, may I ask how? :)

    I managed giving individual FBA users the appropriate rights to the BDC entities, but I want to take it one step further and grant all FBA users at least read select / execute rights.

    MCTS in Web Application Development in .NET 2.0
     
  • Wednesday, November 18, 2009 9:38 AMThomas N. Sørensen Users MedalsUsers MedalsUsers MedalsUsers MedalsUsers Medals
     
    Sign In to Vote
    0
    Sign In to Vote
    As far as I remember we skipped using SSO, so unfortunately I haven't got a clear solution for you.