network

users

express

SQL Server K2\Standard instance and SQL Server Queen default instance are set to "Windows Authentication mode", too.

pool

Domain Users have the CONTRIBUTE permissions to SharePoint site.

permission

queensql

SharePointSQL

Database connection to SQL Server in SharePoint Designer 2010

Configure Queen:SQL Server with "SQL Server and Windows Authentication mode"

Enable SA account with a password

SharePoint Designer 2010

Open the site http://k2

connection

Open a site page and insert a DataFormWebPart into a [p] tag or [div] tag box and associate the DataFormWebPart with the database connection.

dataformwebpart

Nicole can view the "Courses on ShareDB" on all computers:K1,K2,queen and Man (the non-domain member). I did not create a login in SQL Server of Queen computer, though.

Everybody uses the sa account to retrieve the data from SQL server.

No double-hop problem.

Remove the DataFormWebPart

Remove the Database Connection with "Save username and password"

Set SQL Server security to "Windows Authentication mode"

External Content Types (ECTs)

userIdentity

When "Add Connection" with "Connect with User's Identity" is configured, Kerberos delegation must be configured. see Kerberos Delegation.

After Kerberos delegation is configured, Domain members (K1,K2, Queen) can retrieve the External List data from Queen SQL Server but from not non-domain member (Man).

Don't create the SQL Server Connection with "Connect with User's Identity".

 

SSS

With the default Standalone installation, the Secure Store Service is created and started.

01

Generate New Key

02

Create "New Secure Store Target" by clicking on New menu

Target Application ID: VanartsGroup
Display Name: Vanarts Group
Contact E-mail:administrator@aaa.com

Target Application Type:Group

Click Next button

03

Target Application Administrators: aaa\Administrator

Members: aaa\nicole;aaa\simon;aaa\Stuart;aaa\administrator

Click OK button

06

07

08

10

If aaa\sam doesn't have permission on the database, SharePoint Designer cannot create a database connection to Queen SQL server by impersonated Windows Identity.

11

SharePoint Designer 2010

09

04

 

12

13

15

16

17

18

19

Nicole, Sam, and Stuart can open the external list from all computers.

Single Sign On is achieved.

DataFormWebPart

When you click a link on an external list, it will open a brand new web page with the external content. It is OK.

How about show to an external list in DataFormWebPart control?

SharePoint Designer 2010 opens http://k2 site

20

 

21

The K1TestDB-Parts will retrieve data from K1 SQL server. The QueenCourses external list will retrieve data from Queen SQL Server. Both SQL Servers are using "Windows Authentication mode".

DataFormWebPart control cannot have a Data Source connection with "Integrated Security" or "Trusted_Connection" key words, which is needed to connect a SQL Server in Windows Authentication mode. Through the external list, DataFormWebPart control can access data from a SQL Server in Windows Authentication mode.

By the DataFormWebPart, I could display SQL server data in a specified section ([p] or [div]) of a web page.