Secure Store Service

Overview

The Secure Store Service is an authorization service that runs on an application server. The Secure Store Service provides a database that is used to store credentials. These credentials usually consist of a user identity and password, but can also contain other fields that you define. For example, SharePoint Server 2010 can use the secure store database to store and retrieve credentials for access to external data sources. The Secure Store Service provides support for storing multiple sets of credentials for multiple back-end systems.

How to do

1.     Create database “BCSForSharepoint2010” and create table “Customers” follows as:

2.     Open Sharepoint Designer 2010, connect to your site. In left panel, click to External Content Types, then click to External Content Types on Ribbon >> Click to External Content Types Icon

3.     Click to “Click here to discover external data sources and define operations…”

4.     Click to Add Connection

5.     On dialog, choose SQL Server at “Data Source Type” dropdown list

6.     Input your Database server, database name

7.     Here is all table of database. Click to Customer table | Create All Operations

8.     Click Next

9.     Choose CustomerID column and check to “Show In Picker”

10.  Choose CustomerName column check to “Show In Picker” of each column.

11.  Choose CustomerPhone column check to “Show In Picker” of each column then click Next

12.  Click to Finish

13.  On ribbon, click to “Create Lists & Form”

14.  Click to yes when dialog appear

15.  Configure follow as:

16.  Go to central admin >> Application management >> Manage services application on Service Applications section >> Business Data Connectivity Service >> Click to Set Object Permissions

17.  Input your account which have full permission

18.  Go to your site collection, you will see Customer List and all item form SQl Server

19.  Go to central admin >> Application management >> Manage services application on Service Applications section >> Secure Store Service

20.  Before proceeding further we have to generate a key by clicking on Generate New Key from ribbon and it will popup page section, you need to provide a Pass Phrase, based on that Secure Store Service will create encrypted. Also remember there is no way to retrieve Pass Phrase. From ribbon, click on the New button

21.  Create new Target Application and enter Target Application ID, Display Name, Contact Email, Target Application Type and Target Application Page URL

22.  Input The first Field name SQLUser with Field Type: User Name. The second Field name SQLPassword with Field Type: Password then click Next

23.  Input your account with Full Control

24.  Go back Sharepoint designer. Click to the New External content type which was created

25.  Click to BCSForSharepoint2010 external system

26.  From Authentication Mode, Change to Impersonate Custom Identity. Input “CustomerSSO” Target Application ID

27.  Go back to your Site collection, click to Customers list you will see the “Click here to authenticate “ link then click to it

28.  Click to Continue to this Site

29.  Go to SQl server, create new user “test” and mapping “BCSForSharepoint2010” database

30.  Back to site collection, on current UI input SQLUser and SQL Password

31.  Access successful!!!

32.  Sign in as Different User

33.  Access denied with another user

34.  Go back permission of BCS, only hungdo have permission

35.  Add new other user with full permission on BCS

36.  Go back to site collection with new user, and have permission to access