Programming with the SharePoint 2010 Taxonomy API - SPTechCon 2013
Building Apps for SharePoint 2013 by Andrew Connell - SPTechCon
description
Transcript of Building Apps for SharePoint 2013 by Andrew Connell - SPTechCon
www.AndrewConnell.com
@AndrewConnell
Building Apps for SharePoint 2013
Andrew Connell
MVP, SharePoint Server
Andrew Connellwww.AndrewConnell.com [email protected]
@andrewconnell
Independent Consultant, Developer, Speaker, Instructor
Hands-On SharePoint Training Critical Path Training - www.CriticalPathTraining.com
On-Demand SharePoint TrainingPluralsight – www.Pluralsight.com
www.AndrewConnell.com
@AndrewConnell
Agenda
SharePoint App ModelApp Model ShapesApp Identity
AuthenticationAuthorizationOAuth
www.AndrewConnell.com
@AndrewConnell
SharePoint 2013 Deployment Options
•Installed 100% on company servers•Access to 100% of SharePoint’s features & capabilities
On-Premises (aka: on-
prem / behind firewall)
•Installed 100% and managed in the cloud•Most common context: Office 365 / SharePoint Online•Some features not available in the cloud
Hosted(aka: Office
365 / SharePoint
Online)
www.AndrewConnell.com
@AndrewConnell
Overview of the SharePoint App Model
SharePoint app model based on these assumptions
Apps supported in Office 365 and in on-premises farms
App code never runs in SharePoint host environment
Apps talk to SharePoint using Web service entry points
App code is authenticated and has established identity
App has permissions independent of user permissions
Apps deployed to catalogs using a publishing scheme
Published apps are easier to find, install and upgrade
www.AndrewConnell.com
@AndrewConnell
App Installation Scopes
Site-Scoped Installation App is installed in a specific site App is launched from same site This site is known as host web
Tenancy-Scoped Installation App installed > app catalog site App available many host webs Host webs access one app instance Centralizes app management
www.AndrewConnell.com
@AndrewConnell
SharePoint App Architecture
SharePoint-Hosted Apps App resources added to SharePoint host Stored in child site known as app web App can have client-side code App cannot have server-side code
Cloud-Hosted Apps App resources deployed on remote server Remote site known as remote web App can have client-side code App can have server-side code
www.AndrewConnell.com
@AndrewConnell
Creating SharePoint Hosted &
Cloud-Hosted Apps
www.AndrewConnell.com
@AndrewConnell
App Web
App web is created during app installationApp web created as child to site where app is installed
SharePoint-Hosted apps must create app webApp must add start page and related resourcesApp can add other SharePoint elements (e.g. lists)
Cloud-Hosted apps can create app webMost cloud-hosted apps will not create an app webCloud-hosted app can create app web if needed
www.AndrewConnell.com
@AndrewConnell
Inspecting the AppWeb
www.AndrewConnell.com
@AndrewConnell
App Shapes
What SharePoint Tells you…SharePoint-Hosted AppsCloud-Hosted Apps
What Visual Studio Forces You to Select…SharePoint-Hosted AppProvider-Hosted AppAuto-Hosted App
www.AndrewConnell.com
@AndrewConnell
App Shapes – What It Really Is
SharePoint-Hosted Apps Everything resides in SharePoint
All Other Types Majority resides external to SharePoint (IIS, Azure, etc.) By default, don’t trigger creation of AppWeb…
Unless they include SharePoint artifacts
Auto-Hosted Apps SharePoint handles deployment of external assets
Azure Web SiteSQL Azure Database
www.AndrewConnell.com
@AndrewConnell
Inspecting App Shapes
www.AndrewConnell.com
@AndrewConnell
Authentication in SharePoint 2013
Authentication Flow in SharePoint 2013 User authentication stays the same with standard sites In calls to app web, app authentication occurs internally Internal authentication occurs in calls to app web External authentication used for calls from remote web Call context can contain both user and app identity
Requirements for establishing app identity Host web application must be a claims-based Incoming calls must target CSOM/REST endpoints
Supported CSOM/REST endpoints not extensible
www.AndrewConnell.com
@AndrewConnell
User vs. App Authentication Flow
call from user SAMLtoken
call from appOAuthtoken
SharePoint Farm
Web Servers
www.AndrewConnell.com
@AndrewConnell
SharePoint 2013 Authentication Flow
startauthentication
SAML Token?
OAuth token?
request toapp web
CSOM/RESTendpoint?
user infoin token?
endauthentication
set up call context with user identity
set up call context with user identity and app identity
set up call context with app identity
set up call context with no identity
(anonymous access)
YES NO
YESNO
NO
YES YES YES
NO
NO
www.AndrewConnell.com
@AndrewConnell
Provider-Hosted Apps & App Identity
OAuth (via Azure ACS)
High-Trust (via S2S Trust & certificates)
• Apps can obtain an identity using one of two methods:
www.AndrewConnell.com
@AndrewConnell
OAuth 2.0 Primer
What is OAuth?Internet protocol for creating and managing app identityA cross-platform mechanism for authenticating appsInternet standard used by Facebook, Google
and Twitter
SharePoint 2013 use OAuth to establish app identitySharePoint integration with OAuth based on Azure ACSOAuth authentication used in Office 365 but not on-premises farms
www.AndrewConnell.com
@AndrewConnell
Windows Azure ACS
Windows Azure Access Control Service (ACS)Required to use OAuth with SharePoint 2013ACS server acts as authentication serverACS server must be trusted by content serverACS server must be trusted by client app
How is ACS configured as authentication server?It's configured automatically in Office 365 tenanciesNot supported in on-prem farms in SharePoint 2013
www.AndrewConnell.com
@AndrewConnell
What is a Server-to-Server (S2S) Trust
Trusted connection between client app and SharePoint Eliminates need for ACS when running apps in on-premises farm
Trust between servers configured using SSL certificates
App code requires access to private key of SSL certificate
Requires creating Security Token Service on SharePoint server(s)
www.AndrewConnell.com
@AndrewConnell
Developing Apps that use S2S Trusts
What are the developer responsibilities with an S2S app? Expose an endpoint to SharePoint to
discover service metadata Authenticate the user (can use Windows Auth, FBA, etc.) Create security tokens to send to SharePoint server
Details of creating the S2S security token S2S token like OAuth token but differs from
OAuth specification Security token must contain app identity Security token can optionally include user identity Security token must be signed using certificate’s private key
www.AndrewConnell.com
@AndrewConnell
OAuth & S2S Trusts
OAuth Enabled Apps Before deployment marketplace, app must be registered with Azure ACS Apps obtain their identity / token from Azure ACS When calling SharePoint, app includes OAuth token SharePoint trusts Azure ACS
On-Prem deployments will typically use S2S Before deployment, app must be
registered with SharePoint Developer registers a certificate with SharePoint & associates app with
certificate App creates token using private key of certificate SharePoint trusts this token because it was signed with the private key
www.AndrewConnell.com
@AndrewConnell
What You Might Not Be Aware Of: #1
OAuth is only supported in Office 365No support in On-Prem deployments at RTMWhy?
Possible update to this story after RTMExtra steps?Hotfix?Cumulative Update?Service Pack?Next Version?
www.AndrewConnell.com
@AndrewConnell
Creating Apps with Identities & Permissions
www.AndrewConnell.com
@AndrewConnell
What You Might Not Be Aware Of: #2
Office 365 Azure
•“Private Cloud”•Azure Web Sites•SQL Azure DBs•Access Control Service
Windows Azure
•www.azure.com•Cloud services•Web Sites•Virtual Machines•Storage (blob / queue / table)•Service Bus•SQL Azure•Access Control Service•…
Office 365 Azure != Windows Azure
www.AndrewConnell.com
@AndrewConnell
The Sandbox Isn’t Dead
Where you build sandbox solutions, try to replace them with SharePoint Apps
There are many scenarios where Apps can’t replace sandbox solutions
Some things are ONLY possible with sandboxed solutions in a hosted deployment
Remember, they are deprecated, not dead!
www.AndrewConnell.com
@AndrewConnell
App Model Parting Thoughts
SharePoint ALM has always been hard .NET ALM > SharePoint ALM
More tools, more mature, more documentation & support No longer limited to what SharePoint supports
Latest version of the .NET Framework New “toys” (MVC, Entity Framework, etc) Not limited to any technology stack / infrastructure
Working with service layer vs. server side API More community tools & libraries to choose from Can follow more “standards”
Don’t have to scale SharePoint, can now just scale the app
www.AndrewConnell.com
@AndrewConnell
Questions? Want to Learn More?
SharePoint Courses for Everyone SharePoint 2007, 2010 & 2013 Developers, Administrators & End Users
Get Training How You Like it Hands-On (classroom with hands-on
labs) Online (live webcast with take-away labs)
Private Classes Available for Large Groups
SharePoint Courses for Everyone SharePoint 2007, 2010 & 2013 Developers, Administrators & End Users
Individual, Small Business & Enterprise Plans Monthly or Annual Subscriptions Watch Online & Offline
Subscribers Have Access to Entire Catalog
www.CriticalPathTraining.com
Hands-On & Virtual Training
www.Pluralsight.com
On-Demand Training