Logo
programming4us
programming4us
programming4us
programming4us
Home
programming4us
XP
programming4us
Windows Vista
programming4us
Windows 7
programming4us
Windows Azure
programming4us
Windows Server
programming4us
Windows Phone
 
Windows Azure

Securing Your SharePoint and Windows Azure Solutions : Configuring BCS Security - Create an Application ID, Assess Permissions on the ECT

11/20/2012 6:11:55 PM
- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019
Create an Application ID
  1. Open SharePoint Central Administration.

  2. Click Manage Service Applications and Secure Store Service.

  3. Click the New button on the ribbon, as shown in the following graphic. Note that if this is the first time you’ve done this, you might be required to generate a new key.

    image with no caption
  4. Now as shown in the following graphic, provide a target application ID name, a display name, and a contact email address. Leave the other options set to their defaults.

    image with no caption
  5. Click Next. Change the user name and password field names to something more descriptive (such as SQL Azure User Name and SQL Azure Password). Make sure that you select User Name and Password as the field types. Keep the password masked.

    image with no caption
  6. Click Next. Now provide a valid Active Directory alias as the administrator of the target application definition. You can designate multiple administrators, separating them with semicolons.

    image with no caption

    You now have an application ID that you can use to connect to the SQL Azure external system. You would use this Application ID when creating your ECT. For example, you created an ECT by using SharePoint Designer. In the following graphic, you can see that you select Connect With Impersonated Custom Identity and then add the Secure Store Application ID to complete the handshake with the external system.

    image with no caption

    SharePoint Designer prompts you to enter your credentials when connecting to SQL Azure, and you’ll again be prompted for credentials when you load the external list for the first time. Credentials are then saved. If the credentials change, you will be prompted to enter your credentials again.

The second level of permissions is the ECT; you can assess permissions for a specific user against the external system for Edit, Execute, Selectable In Clients, and Set Permissions. (This second level of permissions applies equally to either a SQL Azure external data source or a WCF endpoint that you model by using the Business Data Connectivity Model template in Microsoft Visual Studio.) Each of these permissions provides different levels of access to BCS resources. For example, Edit enables you to create new external systems and edit the model file. Execute enables you to execute the method within the ECT. Selectable In Clients enables you to create external lists by using the ECT. And Set Permissions enables you to set any permissions in the metadata store. For more information on these permissions, see the following TechNet article: http://technet.microsoft.com/en-us/library/ee661743.aspx.

Assess Permissions on the ECT

  1. Open SharePoint Central Administration.

  2. Click Manage Service Applications, and then click Business Data Connectivity Service.

  3. Select an ECT in the list, and then click Set Object Permissions.

  4. Type the Active Directory alias for a user and click Add. After the name resolves, select the permissions you want for that user, as shown in the following graphic. Note that in this screen shot, you’ve selected the highest level of privileges, which should be reserved for administrators (or power users). In many cases, you only need to give users Execute permissions so they can execute all of the methods within the ECT.

    image with no caption
  5. Click OK to finish.

Assessing the user permissions by using the application ID is a very simple process, and it provides you with a per-user filter on an otherwise open outbound connection. For example, suppose you create a WCF service ECT  and create web methods to support create, read, update, and delete (CRUD) operations. Although the calling of your service supports CRUD, and the ensuing ECT you create against that WCF service would support CRUD, you can limit specific users to read-only access (or, of course, give them CRUD access). In this sense, a claims-aware WCF service might not be required because you can secure an individual method on the ECT.

The most important point in this first section is that you have granular control over who has access to SQL Azure data using BCS and external lists. You should see Execute as the fundamental, baseline privilege you assess users and then proceed more deeply based on your needs.

Another type of data storage for which you built an application was Windows Azure BLOB storage, which has a flexible security model. In the next section, you’ll see how you can use shared access permissions to control access to resources in BLOB storage.

Other -----------------
- Deploying to Windows Azure : Changing live configuration, Upgrading the deployment, Running the deployment
- Deploying to Windows Azure : Preparation application for deployment, Ready for deployment
- Setting up hosted service in Windows Azure
- Azure Monitoring and Diagnostics : Logging config data in our application, Transferring and persisting diagnostic data
- Azure Monitoring and Diagnostics : Azure Diagnostics­ under the hood, Enabling diagnostic logging
- Web Services and Azure : Our WCF web services
- Web Services and Azure : Creating a new WCF service web role
- Azure Blob Storage : Windows Azure Content Delivery Network, Blob Storage Data Model
- Azure Blob Storage : Blobs in the Azure ecosystem, Creating Blob Storage
- The Nickel Tour of Azure : How are Azure costs calculated?
 
 
Top 10
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
 
programming4us
Windows Vista
programming4us
Windows 7
programming4us
Windows Azure
programming4us
Windows Server