BCS OData Custom Authentication using Extension Provider

Business Connectivity Services (BCS) in SharePoint 2013 supports connecting to OData-based LOB systems. BCS supports the following authentication modes for authenticating against the OData service:

  • PassThrough
  • RevertToSelf
  • Credentials
  • Windows Credentials
  • Digest Credentials
  • Custom Authentication using OData Extension Provider

In this article, we cover in detail how to connect from SharePoint on-premises to any OData service with custom authentication using an OData extension provider.

Some examples of custom authentication schemes that the OData service provider could support are:

  • Authenticating using Windows Azure Access Control Service (ACS)
  • Client certificate-based authentication

To enable these custom authentication mechanisms, you need to implement an OData extension provider and configure the same in BCS. The OData extension provider is invoked by BCS for every call to the OData LOB Service.

Note: BCS supports custom authentication using an OData extension provider only for apps hosted in on-premises SharePoint or for those apps that connect using hybrid (SharePoint Online to on-premisea-based LOB through hybrid). This restriction is because it is not possible to install custom assemblies in SharePoint Online.

Implementing an OData extension provider

  1. Create a new project in Visual Studio 2010. Select Class Library as the project type:
    ODataExtensionFigure1[2]
  2. Change the file name and class name to ODataOAuthExtensionProvider.
  3. Add a reference to the Microsoft.BusinessData.dll assembly to the project. Add the namespace Microsoft.BusinessData.SystemSpecific.OData to the class.
  4. The empty custom OData extension provider implementation should be as follows:
    ODataExtensionFigure2[2]
  5. Sign the assembly by selecting the “Signing” options under the project settings. Build the SampleODataExtensionProvider.dll assembly.

Installing the OData extension provider assembly

Install the SampleODataExtensionProvider.dll in the global assembly cache (GAC) on the SharePoint web front-end (WFE) machines.

If BCS is configured to connect from SharePoint Online to an on-premises LOB system through a hybrid, then the SampleODataExtensionProvider.dll has to be installed in the GAC in the SharePoint on-premises WFE.

Configuring a connection to the OData service from SharePoint on-premises

In order to connect to the OData service from BCS, a connection setting has to be created in SharePoint using a BCS Windows PowerShell commandlet.

The connection setting contains information required by SharePoint BCS to connect to the OData LOB system (OData Service URI, OData Service Metadata URI, Authentication Mode, and Extension Provider).

New-SPODataConnectionSetting -Name "ContosoServiceApp" -ServiceContext "https://contoso" -ServiceAddressURL "https://tv.telerik.com/services/OData.svc" -AuthenticationMode "Anonymous" -ExtensionProvider "SampleODataExtensionProvider. ODataOAuthExtensionProvider, SampleODataExtensionProvider, Version=1.0.0.0, Culture=neutral, PublicKeyToken=34c4d4fa89a6bb3b

Parameter Name

Description

Name

Connection setting Id should be mentioned in the BCS model and should be unique.

ServiceContext

SharePoint Site Collection URI

ServiceAddressUrl

OData Service Address URI. The OData metadata URI is the service URI+ $metadata. If the OData Metadata URI is different, specify through the parameter MetadataAddressUrl.

AuthenticationMode

The authentication mode to be used while authenticating against the OData Service URI. “Anonymous” here indicates that BCS does not do any authentication.

ExtensionProvider

Fully qualified assembly name of the OData extension provider. This assembly should have been installed in the GAC on the SharePoint WFEs.

Configuring the connection in the BCS model

The connection information has to be specified in the BCS model. The BCS runtime uses the connection information for invoking the OData LOB service.

To specify the connection information, add the following property in the BCS model by adding it to the LOB System and LOB System Instance.

<Property Name="ODataConnectionSettingsId" Type="System.String"> ContosoServiceApp </Property>

ODataExtensionFigure3[2]

Summary

This article describes in detail how to support custom authentication with a BCS OData connector using an OData extension provider.

By following the steps mentioned here, you should be able to import a BCS model that connects to an OData service with an extension provider that does custom authentication. In the next article, we will change the OData extension provider to authenticate against Windows Azure ACS.