WCF: Consuming Claims-Enabled WCF Web Services as SharePoint 2010 External Content Types (Part 4 of 4)

Summary:  Learn how to use SharePoint Designer 2010 to consume a claims-enabled web service. This article is the fourth in a series. Before following the procedures in this article, read and follow the procedures in the first three articles.

Available in SharePoint Online

Applies to: Business Connectivity Services | Office 2010 | Open XML | SharePoint Designer 2010 | SharePoint Foundation 2010 | SharePoint Online | SharePoint Server 2010 | Visual Studio

Provided by:   Eric White, Microsoft Corporation | Saji Varkey, Microsoft Corporation | Bin Zhang, Microsoft Corporation

Contents

• Introduction

• Creating External Content Types from Web Services

• Conclusion

• Additional Resources

This article is the fourth in a four-part series of articles that show how to create and consume a claims-aware web service using Microsoft Business Connectivity Services (BCS).

• WCF: Building WCF Web Services for SharePoint 2010 Business Connectivity Services (Part 1 of 4)

• WCF: Determining Caller Identity within WCF Web Services (Part 2 of 4)

• WCF: Establishing Trust Between WCF Web Services and SharePoint 2010 Security Token Service (Part 3 of 4)

• WCF: Consuming Claims-Enabled WCF Web Services as SharePoint 2010 External Content Types (Part 4 of 4) (This article)

Introduction

Consuming a claims-enabled web service as an external content type is similar to using a non-claims-enabled web service as an external content type. If you are already familiar with setting up external content types, you should be familiar with most of the steps in this procedure. The only steps that are specific to using claims are steps 28, 29, and 30.

Creating External Content Types from Web Services

To create an external content type from the web service

1. Open Microsoft SharePoint Designer 2010.

2. Open the SharePoint site that you configured to use the external content type.

3. In the Site Objects list, click External Content Types.

   Figure 1. External content type in the Site Objects list

   

4. In the ribbon, click New External Content Type.

   Figure 2. External content type on ribbon

   

5. In the New external content type tab, click New external content type.

   Figure 3. New external content type link

   

6. Type the name of the external content type. For this example, give it the name of Customers.

   Figure 4. Naming the external content type

   

7. Press the Tab key.

   When you press the Tab key, SharePoint Designer 2010 sets the Display Name to be the same as the Name. If you want, you can change the Display Name to make it different from the Name.

8. Click the link Click here to discover external data sources.

   Figure 5. Discovering external data sources

   

9. Click Add Connection.

   Figure 6. Adding a connection

   

10. This displays the External Data Source Type Selection dialog box.

    Select WCF Service from the list and then click OK.

11. In the WCF Connection dialog box, in the Service Metadata URL field, type the service metadata URL for the web service that you created in the previous article in this series. The metadata URL resembles the following, with the server name replaced with the value of the Subject field that you determined in the procedure, Binding the Certificate to HTTPS in the article, WCF: Establishing Trust Between WCF Web Services and SharePoint 2010 Security Token Service (Part 3 of 4).

    http:// ericwhit209.redmond.corp.microsoft.com/Customers/Customers.svc?wsdl
    

    Figure 7. Providing the service metadata URL

    

    Note

    Note that the metadata URL does not use https.

12. Type the Service Endpoint URL for the web service.  The service endpoint URL resembles the following, with the server name replaced with the fully qualified computer name in the domain.

    https:// ericwhit209.redmond.corp.microsoft.com/Customers/Customers.svc
    

    Figure 8. Typing the Service Endpoint URL

    

13. Type Customers into the Name (optional) field.

    Figure 9. Typing the connection name

    

14. Click OK. SharePoint Designer displays one or more progress bars while it discovers the web service.

15. In Data Source Explorer expand the Customers data source node.

    Figure 10. Expanding the Customers data source

    

16. In Data Source Explorer expand the Web Methods node.

    Figure 11. Expanding the web methods

    

17. Right-click GetAllCustomers and then click New Read List Operation.

    Figure 12. New Read List Operation

    

18. In the Operation Properties dialog of the wizard, click Next.

19. In the Input Parameters Configuration dialog of the wizard, click Next.

20. In the Return Parameter Configuration dialog of the wizard, in the Data Source Elements tree, click CustomerID. In Properties, click the Map to Identifier check box.

    Figure 13. Click Map to Identifier

    

    Click Finish.

21. In the Data Source Explorer, right-click GetCustomerByID, and then click New Read Item Operation.

    Figure 14. New Read Item Operation

    

22. In the Operation Properties dialog of the wizard, click Next.

23. In the Input Parameters Configuration dialog of the wizard, click CustomerID for Data Source Elements, and then click the Map to Identifier check box.

    Figure 15. Map to Identifier

    

    Click Next.

24. In the Return Parameter Configuration dialog of the wizard, in Data Source Elements, click CustomerID and then click the Map to Identifier check box.

    Figure 16. Map to Identifier

    

    Click Finish.

25. In the toolbar, click Save. SharePoint Designer saves the external content type.

    Figure 17. Click Save

    

26. In the ribbon, click Create Lists and Forms.

    Figure 18. Click Create Lists and Forms

    

27. In the Create List and Form for Customers dialog box, in the List Name field, type Customers. Click OK.

    Figure 19. Type Customers in the List Name field

    

28. Next, you must enable claims for the external content type that you previously created.in the Navigation pane, click Customers (the content type name).

    Figure 20. Navigate to Customers

    

29. In the ribbon, click Edit Connection Properties.

    Figure 21. Click Edit Connections Properties

    

30. In the Connection Properties dialog box, click Use claims based authentication. Click OK.

    Figure 22. Connections Properties dialog box

    

31. Next, you must assign appropriate permissions for the external content type that you previously created. On the computer that is running SharePoint Foundation 2010, start SharePoint Central Administration.

32. Under Application Management, click Manage service applications.

33. On the Service Applications page, click Business Data Connectivity Service.

    Figure 23. Service Applications in SharePoint Central Administration

    

34. Click the check box next to the content type that you previously created, and then click Set Object Permissions.

    Figure 24. Set Object Permissions

    

35. In the Set Object Permissions dialog box, type the alias of the user for which you want to set permissions into the field that lets you to add an account or group. In my case, I entered my alias, ericwhit. Click Check Names, and then click Add.

    Figure 25. Enter the alias and check names

    

36. After clicking Add, give this user all permissions for this content type.

    Figure 26. Specify permissions for the user

    

37. In the Set Object Permissions dialog box, type all authenticated users into the field that lets you to add an account or group. Click Check Names, and then click Add.

    Figure 27. Enter the alias and check names

    

38. Click the Execute check box to give authenticated users execute permissions for the external content type. Click OK.

    Figure 28. Specify permissions for authenticated users

    

    The external content type is now setup correctly to use claims-based authentication.

39. Use a browser to browse to the SharePoint site. Open the Customers list, and you should see the data that the external content type retrieved from the web service.

    Figure 29. External list that contains data from the web service

    

40. As a last step, you can validate that the web service has access to the identity claim, and that the identity claim is correctly returned. On the computer that is hosting the web service, open the log file at C:\MyWebService\log.txt. You should see that the log file has an entry for the latest access of the external content type. You can see the identity of the user who accessed the list. This identity was retrieved from a claim.

    Figure 30. Identity retrieved from a claim

    

    When you retrieve the identity as a claim, the characters "0#.w|" are prepended to the identity because this is an encoded SharePoint identity claim value. The prefix indicates that this was issued by a Windows claim provider.

Conclusion

In this series of articles, you built a web service that uses claims. You were able to configure Business Connectivity Services to consume that web service. You were able to drive the original user identity all the way to the web service without any additional user interaction, and without storing user credentials in a Secure Store. The web service can see the claims, and based on the claims, can give access to protected resources.

These articles showed only the basics of connecting to a web service that uses claims. In a more advanced scenario, the web service could access security group information as a claim, and give access to certain resources based on that security group.

Claims-based authentication for a web service eliminates the double hop issues that you typically see when you configure SharePoint Foundation 2010 or SharePoint Server 2010 to access other resources in a secure manner.

Additional Resources

• Developer Center: SharePoint Developer Center

• Blog: Eric White's Blog

• Blog: Business Connectivity Services Team Blog

• Download: Microsoft .NET Framework 3.0 Redistributable Package

• Download: Installing IIS