Implementing Security on custom BCS/.net class?

Michael Stum
  • Implementing Security on custom BCS/.net class? Michael Stum

    I'm implementing a custom BCS Model to get data from a backend system. As the backend uses it's own user management, I'm accessing it through a service account.

    All of this works well and allows me to pull data into SharePoint. However because it's channeled through the service account, everyone can access it, which is bad.

    Can anyone give me some tips which method to implement? The backend does not give me NT ACLs, but I wonder if I could just "fake" them somehow? (Essentially saying "This NT Group has Read Access" is good enough).

    I am aware of ISecurityTrimmer2 for Search Results, but ideally I want to cover security inside the BCS Model so that it applies to external lists as well. I want to avoid using Secure storage and mapping each individual user to the backend.

Related questions and answers
  • I have created several custom user controls that I added to the Redering templates of some forms in a custom solution for WSS 3. Most of these templates have codebehind and they all are correctly... setting in the web.config file to use the 3des algorithm as I had found on many sites. This fixed most of the issues except for my custom forms .ascx pages as everyone of them still give a FIPS error... is set to false in the web.config file as well. It is only my user controls that are causing the issue, but I do not know why. So it would be nice if there was a list of known .Net assembles that were

  • applications inside Sharepoint), but I wouldn't want to do it that way even though it would be much easier for me to develop such applications, because I'm primarily hardcore MVC developer... on the BCS level within Sharepoint then, but I'd still need my rich custom controls, that would display data in unusual ways. What about sandboxed solutions? Is this something I should use...I'm about to start developing a custom business application on top of Sharepoint 2010. I haven't done anything on this product but client insists on it so I don't have a choice. Application info I

  • We want to write a Custom Webservice to pull the User Profile Properties from SharePoint 2007 and should be able to consume the same Webservice in BCS (SharePoint 2010). AIM: 1. Read a User Profile Properties from a Custom Webservice 2. Consume the same Webservice in BCS 3. BCS properties have to be merged with AD properties for the User Profile Properties in SharePoint 2010. Can anybody let me know how it can be done? Update: I would like to follow the steps given below Create a user defined class "MissedUserProfileProperties" with various attributes Override the GetList Method in BCS

  • User Steven has the Active Directory account however his profile is not yet populated into SSP User profiles. NT Authenticated users have the access permission on "Shared Documents - Document Library". So, will Steven be able to access the "Shared Documents"? I guess, IIS will authenticate the user Steven to access the "Shared Documents" and SharePoint will authorize the user to View the items in "Shared Documents", is that right?

  • The BCS Model can't create a form for the "Update" operation if the key of Entity has a type of uint, int, long or ulong when I use WCF as a data source. It works fine with the string type. Does anybody know why?

  • have list of sites and sub-sites with URL's. More details: Let me describe one solution I have now. I’ve found tool Data Juggler ( which can automate repetitive web tasks... and this two sub sites have different set of user. So to summarize my question. I want to get as result of SQL query table with username (NT\login) with information about... name and site owner could be added in second step. For me it is more logical to have just information pulled from site Site/sub-site URL, NT\login of user and permission level (contribute, read, …) So

  • of business systems and thereby access the data within these systems. State Service Provides temporary storage of user session data for SharePoint Server components. Usage and Health data collection This service collects farm wide usage and health data and provides the ability to view various usage and health reports. Update 1: I'm running Windows 2008 R2. I... like to create a Search Service Application after installing Search Server Express 2010. Do I need to run the Farm Configuration Wizard and install the below if I can create a Search Service

  • We have an issue in accessing custom a DB from a SharePoint custom webpart. When we try to access the custom DB from SharePoint webpart we are getting the error "Login Failed for User NTAuthority...; The connection string we are using is "Data Source=xxxx; Initial catalog=yyy; Integrated security=true;" We have tried with a small change in conneciontion string as well "Data Source=xxxx; Initial catalog... impersonate="true" username=”domain\someuser” password=”***” /> If we add “NTAuthority\Anonymous Logon” as a user in custom DB server instance. If we use Sql Authentication “Data Source=xxxx

  • After following Spence Harbar's Rational Guide to implementing SharePoint Server 2010 User Profile Synchronization ( exactly (and having it work several times for other implementations) in this particular instance, starting the user profile synchronization service generates the following errors (these can be found in the windows logs of the server... server are starting and are using the FARM account. The ILMMA and MOSS- folders are NOT present in %Programfiles%\Microsoft Office Servers \14.0\Synchronization Service\MaData. A similiar thread

Data information