Sunday, May 10, 2015

RevertToSelf authentication

SharePoint 2013 BCS uses the one RevertToSelf authentication to connect the external system behalf of currently logged in user (Impersonation).


This BDC authentication uses the IIS application pool account (Service account / SharePoint Farm account) for connecting the external system.

That means user can have full access permission on the external system as SharePoint Farm account.
This should not be used on deployment environment.

When revertToSelf should be choose,

  1. If you are using the SharePoint Foundation (No Secure Store option available)
  2. If you trust your designer.(Usually external content type designed through SPD)
  3. If you don't haver resources to user the Secure Store Service (Farm administration and prior knowledge on BCS authenticaion skills).

If you off the reverToSelf,your existing model still uses the reverToSelf,so you need to delete and re-create the model.