Business Connectivity Services PassThrough & RevertToSelf

As a continuation from the post ‘Business Connectivity Services Authentication’, this post will explain how to setup PassThrough and RevertToSelf authentication modes within SharePoint Designer 2010.

When you are creating a connection to a datasource within SharePoint Designer 2010, you are presented with a choice of authentication modes including Users Identity, Impersonate Windows Identity, and Impersonate Custom Identity. These choices are explained below.

Users Identity

Connecting with the User’s Identity is referring to what used to be known as PassThrough authentication in BDC. This means that the Windows Authenticated user security token will be passed from the browser to IIS, and then SQL. This works well in Development environment for reasons described in the first post regarding the Double Hop Issue.

Impersonated Windows Identity

These two options are referring to the Secure Store Service (SSS) which will be explained fully tomorrow. SSS allows you to connect through Windows users or Custom such as a Federated SAML user account.


One of the options that you will not see in the above dialog box is ‘RevertToSelf’. To configure RevertToSelf, firstly select ‘Connect with User’s Identity’ and then choose ok. Once the connection is established, Edit the Connection Properties and choose ‘BDC Identity’ as shown below.


Note: The Above screenshot was taken from SharePoint Designer 2010 Beta 2 and this may have changed by the time the product is released.

There is no real configuration required to connect using User’s Identity (PassThrough) or RevertToSelf (BDC Identity) other than to ensure that all of the required users have permission to read and write to the data source. To configure SSS, you have to complete quite a few extra steps.

In our next post we will be describing how to configure Secure Store Service (SSS) in SharePoint 2010.