Business Connectivity Services PassThrough & RevertToSelf

 BCS, BCS Meta Man, Business Connectivity Services, SharePoint 2010.

As a continuation from the post ‘Business Connectivity Services Authentication’, this post will explain how to setup PassThrough and RevertToSelf authentication modes within SharePoint Designer 2010.

When you are creating a connection to a datasource within SharePoint Designer 2010, you are presented with a choice of authentication modes including Users Identity, Impersonate Windows Identity, and Impersonate Custom Identity. These choices are explained below.

Users Identity

Connecting with the User’s Identity is referring to what used to be known as PassThrough authentication in BDC. This means that the Windows Authenticated user security token will be passed from the browser to IIS, and then SQL. This works well in Development environment for reasons described in the first post regarding the Double Hop Issue.

Impersonated Windows Identity

These two options are referring to the Secure Store Service (SSS) which will be explained fully tomorrow. SSS allows you to connect through Windows users or Custom such as a Federated SAML user account.


One of the options that you will not see in the above dialog box is ‘RevertToSelf’. To configure RevertToSelf, firstly select ‘Connect with User’s Identity’ and then choose ok. Once the connection is established, Edit the Connection Properties and choose ‘BDC Identity’ as shown below.

clip image002 thumb Business Connectivity Services PassThrough & RevertToSelf

Note: The Above screenshot was taken from SharePoint Designer 2010 Beta 2 and this may have changed by the time the product is released.

There is no real configuration required to connect using User’s Identity (PassThrough) or RevertToSelf (BDC Identity) other than to ensure that all of the required users have permission to read and write to the data source. To configure SSS, you have to complete quite a few extra steps.

In our next post we will be describing how to configure Secure Store Service (SSS) in SharePoint 2010.

  1. Anne

    Hi, I tried using the RevertToSelf authentication but got this error:

    The metadata object has a Property with name ‘AuthenticationMode’ and value ‘RevertToSelf’. This value indicates that the runtime should revert to the identity of the application pool, but reverting to the application pool must be explicitly enabled for the service application by a farm administrator.

    Can you help me determine how to set this up?


  2. Hi Anne,

    I ran into the same problem. Check out this link:

    You can enable it using PowerShell :-).


  3. To my mind it is a great article.


Leave a Comment

Your email address will not be published. Required fields are marked *


* Copy This Password *

* Type Or Paste Password Here *