準備環境以 Business Connectivity Services 混合式案例Prepare your environment for the Business Connectivity Services hybrid scenario

摘要:了解如何準備內部部署帳戶和安全性群組來控制 OData 端點存取的 Business Connectivity Services (BCS) 混合式案例。Summary: Learn how to prepare the on-premises account and security group to control access to an OData endpoint for the Business Connectivity Services (BCS) hybrid scenario.

Microsoft Business Connectivity Services (BCS) 混合式案例的此範例會示範如何使用標準的 Windows 網域安全性控制的存取權的內部部署 OData 服務端點。您設定一個用來存取 OData 服務端點、 以及一部通用安全性群組的同盟的使用者帳戶的網域帳戶。然後您群組帳戶使用對應的 Secure Store Service 目標應用程式。This example of the Microsoft Business Connectivity Services (BCS) hybrid scenario shows you how to use standard Windows domain security to control access to the on-premises OData service endpoint. You configure one domain account with which to access the OData service endpoint, and one global security group for your federated user accounts. Then, you map the group to the account by using a Secure Store Service target application.

若要準備內部部署 BCS 混合式案例的安全性To prepare on-premises security for the BCS hybrid scenario

  1. 識別您需要使用 BCS 混合式解決方案,並確定他們是同盟的帳戶的內部部署網域中的所有使用者帳戶。您會將這些帳戶新增至網域全域安全性群組稍後在此程序。Identify all the user accounts in your on-premises domain that need to use the BCS hybrid solution and make sure that they are federated accounts. You will add these accounts to a domain global security group later in this procedure.

  2. 在您的內部網域、建立服務帳戶會存取 OData 服務端點。這些程序會使用名為ODataAccount的帳戶。In your on-premises domain, create a service account that will access the OData service endpoint. These procedures use an account named ODataAccount.

  3. 在您的內部網域、建立通用安全性群組。這些程序會使用名為ODataGroup的群組。In your on-premises domain, create a global security group. These procedures use a group named ODataGroup.

  4. 將帳戶新增您所識別的步驟 1 至ODataGroup群組。Add the accounts that you identified in step 1 to the ODataGroup group.

建立並設定 Secure Store 目標應用程式Create and configure a Secure Store target application

在此程序,您連結ODataGroup ODataAccount使用安全認證儲存目標應用程式。如此一來, ODataGroup中的使用者透過只有一個帳戶, ODataAccount存取 OData 服務端點。In this procedure, you link the ODataGroup to the ODataAccount by using a Secure Store target application. This way, users in the ODataGroup access the OData service endpoint through only one account, the ODataAccount.

在此程序,您可以建立及設定名為ODataApp BCS 混合式案例的內部部署 Secure Store 目標應用程式。(您可以可以選擇不同的名稱如果您想)。In this procedure, you create and configure the on-premises Secure Store target application named ODataApp for the BCS hybrid scenario. (You can choose a different name if you want.)

建立目標應用程式To create a target application

  1. 在管理中心首頁上,按一下 [應用程式管理] 區段中的 [管理服務應用程式]。On the Central Administration home page, in the Application Management section, click Manage service applications.

  2. 按一下 [Secure Store Service 應用程式]。Click the Secure Store service application.

  3. 在 [管理目標應用程式] 群組中,按一下 [新增]。In the Manage Target Applications group, click New.

  4. 在 [目標應用程式識別碼] 方塊中輸入文字字串。例如,ODataApp。In the Target Application ID box, type a text string. For example, ODataApp.

  5. 在 [顯示名稱] 方塊中輸入目標應用程式的名稱。例如,ODataApp。In the Display Name box, type a name for the target application. For example, ODataApp.

  6. 在 [連絡人電子郵件] 方塊中輸入連絡人的電子郵件。In the Contact Email box, type a contact e-mail.

  7. 在 [目標應用程式類型] 下拉式清單中,選取群組。這表示許多使用者認證或安全性群組至一個認證的對應。在此例中,目標應用程式頁面 URL ,則不需要與自動選取。按一下 [下一步]。In the Target Application Type drop-down list, select Group. This indicates the mapping of many user credentials or a security group to one credential. In this case, the Target Application Page URL is not needed and automatically selects None. Click Next.

  8. 在 [建立新 Secure Store 目標應用程式] 頁面上的欄位名稱] 和 [欄位類型,接受預設值的Windows 使用者名稱Windows 密碼。按一下 [下一步]。On the Create New Secure Store Target Application page, for both Field Name and Field Type, accept the default values of Windows User Name and Windows Password. Click Next.

  9. 在 [目標應用程式管理員] 欄位中新增的伺服器陣列管理員帳戶,且具有伺服器陣列管理員權限的帳戶。在 [成員] 欄位中加入網域安全性群組您用來控制存取權 BCS 混合式案例方案;例如, ODataGroupIn the Target Application Administrators field, add the Farm Administrators account and an account that has farm administrator rights. In the Members field, add the domain security group you are using to control access to the BCS hybrid scenario solution; for example, ODataGroup.

  10. 按一下 [ OK ]。Click OK.

接下來,我們需要新增我們將使用的認證。Next, we need to add the credentials that we'll be using.

設定目標應用程式的認證To set credentials for a target application

  1. 目標應用程式] 清單中,在目標應用程式指向剛建立、 按一下出現箭號,然後] 功能表上按一下 [設定認證In the target application list, point at the target application that you just created, click the arrow that appears, and then, in the menu, click Set credentials.

    如果目標應用程式的類型是 [群組],請輸入外部資料來源的認證。根據外部資料來源所需要的資訊,用來設定認證的欄位也會不同。If the target application is of type Group, type the credentials for the external data source. Depending on the information that is required by the external data source, the fields for setting credentials will vary.

    如果目標應用程式的類型是 [個人],請輸入會對應至外部資料來源上這一組認證之個人的使用者名稱,並輸入外部資料來源的認證。根據外部資料來源所需要的資訊,用來設定認證的欄位也會不同。If the target application is of type Individual, type the user name of the individual who will be mapped to this set of credentials on the external data source, and type the credentials for the external data source. Depending on the information that is required by the external data source, the fields for setting credentials will vary.

  2. 在 [ Windows 使用者名稱] 方塊中,輸入將會以_網域 \ 使用者名稱_格式 ; 可以存取 OData 服務端點之帳戶的帳戶名稱例如, Adventureworks\ODataAccountIn the Windows User Name box, type the account name for the account that will have access to the OData service endpoint in domain\username format; for example, Adventureworks\ODataAccount.

  3. 輸入並確認該帳戶的密碼並再按一下 [確定]Type and confirm the password for that account, and then click OK.

建立和設定 OData 服務端點Create and configure the OData service endpoint

BCS 混合式案例支援連接僅到 OData 來源。如果外部資料已經 OData 服務端點,然後您可以略過建立 OData 服務端點部分此程序。您仍必須設定的權限的服務端點的ODataAccount。基於這些程序,我們使用Adventureworks 範例資料庫的 SQL Server 和AdventureWorks 2012 LT 範例資料的資料來源為並建立 OData 服務端點來提供資料給 BCS 混合式方案。您可以使用 Visual Studio 2012 來建立和設定 OData 服務。The BCS hybrid scenario supports connecting only to an OData source. If your external data already has an OData service endpoint, then you can skip the creating an OData service endpoint portions of this procedure. You will still need to configure permissions on the service endpoint for the ODataAccount. For the purposes of these procedures, we use the SQL ServerAdventureworks sample database and the AdventureWorks 2012 LT sample data as the data source and create an OData service endpoint to make the data available to the BCS hybrid solution. You use Visual Studio 2012 to create and configure the OData service.

建立和設定 OData 服務端點、 執行中的程序How to: 建立將通知傳送至 SharePoint 2013 中的 BCS OData 資料服務MSDN 程式庫中。您將需要安全網際網路資訊服務 (IIS) 7.0 中的服務端點的ODataAccount帳戶。To create and configure the OData service endpoint, perform the procedures in How to: Create an OData data service that sends notifications to BCS in SharePoint 2013 in the MSDN Library. You will need the ODataAccount account to secure the service endpoint in Internet Information Services (IIS) 7.0.

準備 SharePoint Online 網站和應用程式目錄Prepare the SharePoint Online site and App Catalog

BCS 混合式案例將選取的 SharePoint Online 使用者的內部部署資料發佈。您可以透過 SharePoint Online 的外部清單的方式或應用程式資料呈現 sharepoint。在其中一個案例中,您必須識別或 SharePoint Online 透過將提供資料中建立網站。如果您選擇使用 SharePoint 應用程式,您也必須設定 SharePoint OnlineApp 目錄。The BCS hybrid scenario publishes on-premises data to select users of SharePoint Online. You can present the data either through a SharePoint Online external list or through an app for SharePoint. In either case, you must identify or create a site in SharePoint Online through which the data will be offered. If you choose to use an app for SharePoint, you must also have a SharePoint OnlineApp Catalog configured.

若要準備的 SharePoint Online 網站和應用程式目錄To prepare the SharePoint Online site and App Catalog

  1. 識別或建立網站SharePoint Online 中的外部清單或 SharePoint 的應用程式。請確定所有的同盟的使用者會使用 BCS 混合式解決方案已新增至成員群組的網站的存取權。(執行這項作業的最簡單方式是成員中加入您 ODataGroup)。Identify or create a site in SharePoint Online for your external list or app for SharePoint. Ensure that all the federated users who will be using the BCS hybrid solution are added to the Members group for access to the site. (The easiest way to do this is to add your ODataGroup as a Member.)

  2. 如果您打算要使用 SharePoint 應用程式,您必須啟用應用程式目錄If you're going to be using a app for SharePoint, you must enable the App Catalog.

    注意

    此案例中會顯示如何將直接在至您已準備網站的 sharepoint 部署您的應用程式。它也可將您的應用程式的 SharePoint 部署至應用程式目錄。This scenario shows you how to directly deploy your app for SharePoint into the site you have prepared. It is also possible to deploy your app for SharePoint into the App Catalog.

在 SharePoint Online BDC 中繼資料存放區上設定權限Set permissions on the BDC Metadata Store in SharePoint Online

Business Data Connectivity service (BDC) 中繼資料儲存區保留外部內容類型、 外部系統與 BDC 模型定義 BDC Service 應用程式。在此程序,您可以設定系統管理權限中繼資料儲存區和將包含的所有項目。稍後在此案例中,如果您使用手動匯入的外部內容類型方法,您會使用 BDC 中繼資料存放區。跨 SharePoint Online 會提供此外部內容類型。如果您將只會使用自動化的應用程式部署 sharepoint,然後將無法使用 BDC 中繼資料存放區與外部內容類型的範圍設為只在該應用程式。The Business Data Connectivity service (BDC) Metadata Store holds external content types, external systems, and BDC model definitions for the BDC Service Application. In this procedure, you configure administrative permissions on the Metadata Store and everything that it will contain. Later in this scenario, if you are using the manual import of the external content type method, you will be using the BDC Metadata Store. This external content type will be available across SharePoint Online. If you will only be using the automated deployment of an app for SharePoint, then you will not use the BDC Metadata Store, and the external content type is scoped to the app only.

在 SharePoint Online BDC 中繼資料存放區上設定權限To set permissions on the BDC Metadata Store in SharePoint Online

  1. 開啟 SharePoint Online 系統管理中心所使用的系統管理帳戶。Open the SharePoint Online Administration Center by using an administrative account.

  2. [快速啟動] 上按一下 [ BCS,然後按一下 [管理 BDC 模型及外部內容類型On the Quick Launch, click BCS, then click Manage BDC Models and External Content Types.

  3. 按一下 [設定中繼資料儲存區權限,然後至少新增與所有經過驗證的使用者執行」 權限。這可讓您使用的中繼資料存放區中的外部內容類型的 SharePoint Online 租用來進行驗證的所有使用者。Click Set Metadata Store Permissions, and add All Authenticated Users with at least Execute permissions. This will allow all users who authenticate to your SharePoint Online tenancy to use the external content types stored in the Metadata Store.

  4. BDC 中繼資料存放區中選取權限傳播至所有的 BCS 模型、 外部系統和外部內容類型。這樣會覆寫現有的權限] 核取方塊。Select the Propagate permissions to all BCS Models, External Systems and External Content Types in the BDC Metadata Store. Doing so will overwrite existing permissions check box.

  5. 按一下 [ OK ]。Click OK.

驗證外部存取反向 proxy 發佈 URLValidate external access to reverse proxy published URL

此時中部署 BCS 混合式案例,您應該確認您可以存取內部部署 SharePoint 伺服器陣列已設定要從 SharePoint Online 的混合式接聽。此網站已設定在SharePoint Server 2016 混合式組態藍圖程序。及其 URL 是您發佈到您的反向 proxy。At this point in deploying the BCS hybrid scenario, you should confirm that you can access your on-premises SharePoint Server farm that has been configured to receive hybrid calls from SharePoint Online. This site was already configured in the SharePoint Server 2016 hybrid configuration roadmaps procedures. Its URL is the one you published through your reverse proxy.

開始此程序之前,請先確定您具備下列項目:Before you begin this procedure, make sure you have the following:

  • 設定外部 URL,例如,如果您的內部伺服器陣列的 web 應用程式已與備用存取對應的"hybridexternal.sharepoint.com"和您發佈出"https://hybridexternal.sharepoint.com"通過反向 proxy,您將會使用"https://hybridexternal.sharepoint.com"此程序。The external URL, for example, if your on-premises farm web application was configured with an alternate access mapping of "hybridexternal.sharepoint.com" and you published out "https://hybridexternal.sharepoint.com" through the reverse proxy, you will use "https://hybridexternal.sharepoint.com" for this procedure.

  • 在外部網路是從瀏覽至電腦。例如,使用的電腦不是在公司網路上並不是公司網域的成員。A computer to browse from that is in the extranet. For example, use a computer that is not on your corporate network and is not a member of your corporate domain.

  • 安全通道憑證儲存在 SharePoint OnlineSecure Store Service 目標應用程式中。在SharePoint Server 2016 混合式組態藍圖程序中設定此目標應用程式。在範例它命名為SecureChannelTargetApp。您需要的憑證,以及密碼。The Secure Channel certificate that is stored in the SharePoint OnlineSecure Store Service target application. This target application was configured in the SharePoint Server 2016 hybrid configuration roadmaps procedures. In the example it was named SecureChannelTargetApp. You will need the password for the certificate as well.

  • 同盟帳戶的認證。The credentials of a federated account.

    若要確認存取外部 URLTo confirm access to external URL

  1. 將憑證複製到您網路的電腦,並再按一下 [憑證]。將會提示您輸入憑證密碼。這將憑證新增至您的個人憑證存放區。Copy the certificate to your extranet computer, and then click the certificate. You will be prompted for the certificate password. This adds the certificate to your personal certificate store.

  2. 開啟網頁瀏覽器並瀏覽至外部發佈您的內部部署伺服器陣列的 URL。應該會提示您輸入認證。如果不使用,檢查您的瀏覽器設定並確定您已登入認證不會被自動的傳遞。Open a web browser and browse to the externally published URL of your on-premises farm. You should be prompted for credentials. If not, check your browser settings and make sure that your logged on credentials are not being automatically passed.

  3. 提供同盟使用者的認證。在此記錄檔必須成功,您應該會看到已發佈的網站。如果這不會解決問題,請連絡設定混合式基礎結構的管理員。不繼續進行任何進一步與 BCS 混合式案例直到此問題已解決。Provide the credentials of the federated user. This log on must succeed and you should see the published site. If this does not work, contact the administrators who set up your hybrid infrastructure. Do not proceed any further with the BCS hybrid scenario until this issue is resolved.

建立及設定連線設定物件Create and configure the connection settings object

不同 SharePoint Server 中的 BCS、 SharePoint Online 中的 BCS 會要求您設定連線設定物件,其中包含建立連線至外部系統及 OData 來源的其他資訊。Unlike BCS in SharePoint Server, BCS in SharePoint Online requires that you configure a connection settings object, which contains additional information to establish the connection to the external system and the OData source.

開始此程序之前,請先確定您具備下列項目:Before you begin this procedure, make sure you have the following:

  • URL 或您所設定的內部部署 OData 服務的已發佈的服務端點。The URL or published service endpoint of the on-premises OData service that you configured.

  • 您已設定的安全認證儲存目標應用程式識別碼。The ID of the Secure Store target application that you configured.

  • Office 365 用來連線到服務位址,而且網際網路對向 URL 已由反向 proxy 發佈。這是您用來瀏覽至加上 /_vti_bin/client.svc 的最後一個程序中的外部服務的地址。The Internet-facing URL that Office 365 uses to connect to the service address and that was published by the reverse proxy. This is the address that you used to browse to the external service in the last procedure, with the addition of /_vti_bin/client.svc.

  • Office 365 中的安全通道憑證的安全認證儲存目標應用程式識別碼。The ID of the Secure Store target application for the Secure Channel certificate in Office 365.

    若要設定 BCS 混合式案例的連線設定物件To configure the connection settings object for the BCS hybrid scenario

  1. 使用系統管理員帳戶,開啟 SharePoint Online 系統管理中心和快速啟動] 上按一下 [ bcs]。Open the SharePoint Online Administration Center by using an administrator account, and on the Quick Launch, click bcs.

  2. 按一下 [管理連線至內部部署服務Click Manage connections to on-premises services.

  3. 按一下 [新增]。Click Add.

  4. 提供連線設定物件的名稱。Give the connection settings object a name.

    重要

    追蹤的此名稱 ;您將會使用它的下一個程序中建立外部內容類型時。Keep track of this name; you will use it when you create the external content type in the next procedure.

  5. 在 [服務位址] 方塊中輸入您建立 OData 服務端點的 URL。In the Service Address box, type the URL of the OData service endpoint that you created.

  6. 此案例中,選取 [驗證] 選項,以使用認證儲存在 Sharepoint 內部,,然後輸入 [保留群組帳戶對應的目標應用程式識別碼的名稱。在此案例中,它是ODataApp您所建立。For this scenario, select the Use credentials stored in Sharepoint on-premises as the authentication option, and then type the name of target application ID that holds the group to account mapping. In this scenario, it is ODataApp that you created.

  7. 在 [驗證模式] 下拉式清單中,選取 [模擬視窗身分識別In the Authentication Mode drop-down list, select Impersonate Window's Identity.

  8. 在 [網際網路對向 URL ] 方塊中輸入外部 URL /_vti_bin/client.svc 副檔名。例如https://hybridexternal.sharepoint.com/_vti_bin/client.svc。In the Internet-facing URL box, type the external URL with the /_vti_bin/client.svc extension. For example https://hybridexternal.sharepoint.com/_vti_bin/client.svc.

  9. 在 [安全認證儲存目標應用程式識別碼] 方塊中輸入保留安全通道憑證的目標應用程式的識別碼。例如SecureChannelTargetAppIn the Secure Store Target Application ID box, type the ID of the target application that holds the Secure Channel certificate. For example SecureChannelTargetApp.

  10. 按一下 [建立]。Click Create.

建立及設定外部內容類型Create and configure the external content type

在每個 BCS 解決方案中的外部內容類型會定義至 SharePoint Server 外部資料。包含資料的結構方式、 如何加以受到保護,您想要與、 互動的外部資料的特定部分和允許的作業的說明。當外部清單或 SharePoint 的應用程式或商務資料網頁組件進行外部資料要求、 Business Data Connectivity service 參照的清單或應用程式或網頁組件以了解如何將通訊與外部資料的外部內容類型來源。In every BCS solution, the external content type defines the external data to SharePoint Server. It includes descriptions of how the data is structured, how it is secured, the specific portions of the external data that you want to interact with, and the permitted operations. When an external list or app for SharePoint or business data Web Part makes a request for external data, the Business Data Connectivity service refers to the external content type for the list or app or Web Part to understand how to communicate with the external data source.

在 BCS 混合式案例,支援僅 OData 來源並進行 OData 來源的外部內容類型的慣用的方法是使用 Visual Studio 2012。Visual Studio 2012 簡化直接連線到 OData 來源、 讀取,並為您建立的外部內容類型 XML 外部內容類型建立程序。建立之後,您必須進行一些小幅變更至 XML,例如插入要使用哪個連線設定物件並再部署至 SharePoint Online 用於 BCS 混合式案例中移除一些重複使用程式碼。In the BCS hybrid scenario, only OData sources are supported and the preferred way to make an external content type for an OData source is to use Visual Studio 2012. Visual Studio 2012 simplifies the external content type creation process by directly connecting to the OData source, reading it, and building the external content type XML for you. Once created, you have to make some minor changes to the XML, such as inserting which connection settings object to use and removing some of the boilerplate code, before you can deploy it to SharePoint Online for use in the BCS hybrid scenario.

開始之前,請先確定您具備下列項目:Before you begin, make sure you have the following:

  • 安裝在電腦上的 visual Studio 2012 的公司網路上。Visual Studio 2012 installed on a computer that on your corporate network.

  • OData 服務端點 URLThe OData service endpoint URL

  • Visual Studio 2012 的 Microsoft Office 工具Microsoft Office Tools for Visual Studio 2012

之後的所有,完成的步驟How to: 從 SharePoint 2013 中的 OData 來源建立外部內容類型MSDN 程式庫中。Once you have all of that, complete the steps in How to: Create an external content type from an OData source in SharePoint 2013 in the MSDN Library.

當您完成建立外部內容類型、部署至外部清單的混合式案例When you are done creating the external content type, deploy the hybrid scenario to an external list.

另請參閱See also

概念Concepts

部署 sharepoint Business Connectivity Services 混合式解決方案Deploy a Business Connectivity Services hybrid solution in SharePoint

SharePoint Server 的 Business Connectivity Services 安全性工作概觀Overview of Business Connectivity Services security tasks in SharePoint Server