BCS OData Custom Authentication using Extension Provider
Business Connectivity Services (BCS) in SharePoint 2013 supports connecting to OData-based LOB systems. BCS supports the following authentication modes for authenticating against the OData service:
- PassThrough
- RevertToSelf
- Credentials
- Windows Credentials
- Digest Credentials
- Custom Authentication using OData Extension Provider
In this article, we cover in detail how to connect from SharePoint on-premises to any OData service with custom authentication using an OData extension provider.
Some examples of custom authentication schemes that the OData service provider could support are:
- Authenticating using Windows Azure Access Control Service (ACS)
- Client certificate-based authentication
To enable these custom authentication mechanisms, you need to implement an OData extension provider and configure the same in BCS. The OData extension provider is invoked by BCS for every call to the OData LOB Service.
Note: BCS supports custom authentication using an OData extension provider only for apps hosted in on-premises SharePoint or for those apps that connect using hybrid (SharePoint Online to on-premisea-based LOB through hybrid). This restriction is because it is not possible to install custom assemblies in SharePoint Online.
Implementing an OData extension provider
- Create a new project in Visual Studio 2010. Select Class Library as the project type:
![ODataExtensionFigure1[2]](https://msdntnarchive.z22.web.core.windows.net/media/MSDNBlogsFS/prod.evol.blogs.msdn.com/CommunityServer.Blogs.Components.WeblogFiles/00/00/01/41/88/metablogapi/2476.ODataExtensionFigure12_thumb_4BC2B2D0.png "ODataExtensionFigure1[2]")
- Change the file name and class name to ODataOAuthExtensionProvider.
- Add a reference to the Microsoft.BusinessData.dll assembly to the project. Add the namespace Microsoft.BusinessData.SystemSpecific.OData to the class.
- The empty custom OData extension provider implementation should be as follows:
![ODataExtensionFigure2[2]](https://msdntnarchive.z22.web.core.windows.net/media/MSDNBlogsFS/prod.evol.blogs.msdn.com/CommunityServer.Blogs.Components.WeblogFiles/00/00/01/41/88/metablogapi/2376.ODataExtensionFigure22_thumb_1B2F3518.png "ODataExtensionFigure2[2]")
- Sign the assembly by selecting the “Signing” options under the project settings. Build the SampleODataExtensionProvider.dll assembly.
![ODataExtensionFigure1[2]](https://msdntnarchive.z22.web.core.windows.net/media/MSDNBlogsFS/prod.evol.blogs.msdn.com/CommunityServer.Blogs.Components.WeblogFiles/00/00/01/41/88/metablogapi/4454.ODataExtensionFigure12_62EE2D4E.png "ODataExtensionFigure1[2]")
![ODataExtensionFigure2[2]](https://msdntnarchive.z22.web.core.windows.net/media/MSDNBlogsFS/prod.evol.blogs.msdn.com/CommunityServer.Blogs.Components.WeblogFiles/00/00/01/41/88/metablogapi/7178.ODataExtensionFigure22_195EDF51.png "ODataExtensionFigure2[2]")
Installing the OData extension provider assembly
Install the SampleODataExtensionProvider.dll in the global assembly cache (GAC) on the SharePoint web front-end (WFE) machines.
If BCS is configured to connect from SharePoint Online to an on-premises LOB system through a hybrid, then the SampleODataExtensionProvider.dll has to be installed in the GAC in the SharePoint on-premises WFE.
Configuring a connection to the OData service from SharePoint on-premises
In order to connect to the OData service from BCS, a connection setting has to be created in SharePoint using a BCS Windows PowerShell commandlet.
The connection setting contains information required by SharePoint BCS to connect to the OData LOB system (OData Service URI, OData Service Metadata URI, Authentication Mode, and Extension Provider).
New-SPODataConnectionSetting -Name "ContosoServiceApp" -ServiceContext "https://contoso" -ServiceAddressURL "https://tv.telerik.com/services/OData.svc" -AuthenticationMode "Anonymous" -ExtensionProvider "SampleODataExtensionProvider. ODataOAuthExtensionProvider, SampleODataExtensionProvider, Version=1.0.0.0, Culture=neutral, PublicKeyToken=34c4d4fa89a6bb3b
Parameter Name |
Description |
Name |
Connection setting Id should be mentioned in the BCS model and should be unique. |
ServiceContext |
SharePoint Site Collection URI |
ServiceAddressUrl |
OData Service Address URI. The OData metadata URI is the service URI+ $metadata. If the OData Metadata URI is different, specify through the parameter MetadataAddressUrl. |
AuthenticationMode |
The authentication mode to be used while authenticating against the OData Service URI. “Anonymous” here indicates that BCS does not do any authentication. |
ExtensionProvider |
Fully qualified assembly name of the OData extension provider. This assembly should have been installed in the GAC on the SharePoint WFEs. |
Configuring the connection in the BCS model
The connection information has to be specified in the BCS model. The BCS runtime uses the connection information for invoking the OData LOB service.
To specify the connection information, add the following property in the BCS model by adding it to the LOB System and LOB System Instance.
<Property Name="ODataConnectionSettingsId" Type="System.String"> ContosoServiceApp </Property>
![ODataExtensionFigure3[2]](https://msdntnarchive.z22.web.core.windows.net/media/MSDNBlogsFS/prod.evol.blogs.msdn.com/CommunityServer.Blogs.Components.WeblogFiles/00/00/01/41/88/metablogapi/7853.ODataExtensionFigure32_15E9380C.png "ODataExtensionFigure3[2]")
Summary
This article describes in detail how to support custom authentication with a BCS OData connector using an OData extension provider.
By following the steps mentioned here, you should be able to import a BCS model that connects to an OData service with an extension provider that does custom authentication. In the next article, we will change the OData extension provider to authenticate against Windows Azure ACS.
Comments
Anonymous
December 10, 2012
Nive walkthrough, thanks for including screenshots.Anonymous
January 16, 2013
solo trato desolucionar este problema de dacebook y de archibos que aguarde enmi computadora y esta bloquiada si solo eran archibos aguardados y ahora motengo ni facebook y es un monto de problemasAnonymous
March 04, 2013
Hi Nice article I would like to know " OData extension provider to authenticate against Windows Azure ACS."Could you post some thing on this Thanks Showkath