This article is the conclusion of a three-part series about SharePoint 2010 Business Connectivity Services (BCS). In "Business Connectivity Services, Part 1", I discussed BCS models, external content types (ECTs), external lists, and Business Data Catalog (BDC) Web Parts and demonstrated how to use them to implement functionality common to line of business (LOB) applications. In "Business Connectivity Services, Part 2", I discussed advanced data access techniques with BCS. In this article, I’ll show you how to build custom UI components that work with BCS data, including how to work around limitations in sandboxed solutions.
Understanding Sandbox Limitations
As you work more with BCS, you might find that SharePoint 2010’s out-of-the-box BCS components don’t always meet your needs from a UI perspective. In such scenarios, you can develop custom UI components to interact with BCS data. Before you begin developing such components, though, it’s important to understand the limitations that the sandbox imposes on BCS because those limitations can affect how you build your custom UI component:
- You can deploy BCS models two ways: by using a farm solution, which is also known as a full trust solution, or by using SharePoint Designer. If you can deploy only sandboxed solutions in your SharePoint server farm, you must use SharePoint Designer to create and deploy your BCS models. You can’t use Visual Studio 2010.
- There are several different APIs that you can use to interact with BCS data, including the BCS object model, the SharePoint server object model, and the SharePoint client object models (ECMA and Silverlight implementations). However, you can’t use the BCS object model in sandboxed solutions. You can only use it in full trust solutions, as Table 1 shows.
- Sandboxed solutions require that you use an external list to interact with BCS data. For example, if you’re using the SharePoint ECMA client object model, you need to create an external list based on the ECT that corresponds to the BCS data with which you want to interact. Table 1 identifies which APIs require an external list.
- When using the SharePoint server object model in a sandboxed solution, you can encounter a runtime error if you use a certain solution pattern. I’ll discuss this limitation in detail and how to work around it shortly.
Table 1: API Comparison
Note that the limitations the sandbox imposes on BCS are by design; they enhance the security and stability of the SharePoint server farm.
Using Sandbox-Compatible APIs
Let’s look at three examples of how to access BCS data through custom UI components that can be deployed in sandboxed solutions.
SharePoint server object model. Listing 1 demonstrates how to use the SharePoint server object model to return BCS data and display it in a sandbox-compatible Visual Web Part. This solution pattern will look familiar to developers who have worked with previous versions of SharePoint. In this pattern, the SPQuery class is used to return items from an external list based on a Collaborative Application Markup Language (CAML) query.
When you deploy a Visual Web Part that uses this pattern in a sandboxed solution, an error occurs at runtime, as Figure 1 shows. This error occurs because the identity of the currently logged-on user is stripped from the thread when the SharePoint User Code Service executes the code. BDC denies access to the external list data because there’s no user associated with the request.
Figure 1: Runtime error message
To prevent this error, you can set up a target application in the Secure Store Service, as shown in Figure 2. The target application maps the account that the User Code Service executes to an account that has access to the data in the external list. After the target application is set up, you need to edit the BCS model. As Listing 2 shows, the BCS model needs to use the Secure Store Service to authenticate to the external data source.
Figure 2: Target application in the Secure Store Service
Note that the Secure Store Service is available in SharePoint Server but not SharePoint Foundation. Thus, you can’t use the pattern shown in Listing 1 for sandboxed solutions in a SharePoint Foundation environment.
You can find a complete walkthrough of this type of solution in the “Reference Implementation: External Lists” web page in the SharePoint 2010 Patterns & Practices documentation.