FEDSPUG November 2013: Developing Apps SharePoint 2013 by Danny Jessee

59
Develop Apps for SharePoint 2013 Danny Jessee @FEDSPUG November 7, 2013

TAGS:

Transcript of FEDSPUG November 2013: Developing Apps SharePoint 2013 by Danny Jessee

Page 1: FEDSPUG November 2013: Developing Apps SharePoint 2013 by Danny Jessee

Develop Apps for SharePoint 2013

Danny Jessee@FEDSPUGNovember 7, 2013

Page 2: FEDSPUG November 2013: Developing Apps SharePoint 2013 by Danny Jessee

Passed exams:70-488, 70-48970-331, 70-332

9 yearsSharePoint experience

[email protected]

Who Am I?

Photo courtesy Marie Sly | mariesly.com

@dannyjessee

SharePoint DeveloperFulcrum IT Services, LLC

Page 3: FEDSPUG November 2013: Developing Apps SharePoint 2013 by Danny Jessee

Agenda SharePoint development options (pre-2013) Shortcomings of legacy approaches SharePoint 2013 development improvements

Apps for SharePoint Geolocation data in SharePoint 2013 Demo time!

Page 4: FEDSPUG November 2013: Developing Apps SharePoint 2013 by Danny Jessee

What we won’t be discussing… Administrative configuration required to support apps for SharePoint Setting up the app domain in DNS (new Forward Lookup Zone, new

CNAME alias), configuring the App Management and Subscription Settings service applications, configuring app URLs and setting up an app catalog

Cloud-hosted apps (beyond an introduction) Office 365 + Windows Azure Services + SQL Azure Office 365 “Napa” development tools

Advanced app permissions scenarios/OAuth in detail

SharePoint Store or app licensing

Page 5: FEDSPUG November 2013: Developing Apps SharePoint 2013 by Danny Jessee

Before we begin… How many of you are:

Developers? System administrators? IT pros? Others?

Who has already seen or worked with SharePoint 2013?

Is anyone already building apps for SharePoint?

Page 6: FEDSPUG November 2013: Developing Apps SharePoint 2013 by Danny Jessee

Development optionsSharePoint 2007

Page 7: FEDSPUG November 2013: Developing Apps SharePoint 2013 by Danny Jessee

2007 development options Farm solutions (*.wsp) Full server-side object model, no limitations in functionality or scope (unless bin/CAS policy in use)

All deployments require physical access to the server

Potentially harmful solutions, privileged identities Have you met my best friend RunWithElevatedPrivileges? I’m supposed to Dispose() these objects? Oh, just do another

IISRESET…

Made environments difficult and costly to upgrade

Page 8: FEDSPUG November 2013: Developing Apps SharePoint 2013 by Danny Jessee

Development optionsSharePoint 2010

Page 9: FEDSPUG November 2013: Developing Apps SharePoint 2013 by Danny Jessee

2010 development options Enter sandbox!

“We’re off to never never-land” (or is it the cloud?)

With sandboxed solutions: Code has access to a limited, “safe” subset of the SharePoint object

model Assemblies are loaded by an isolated process that uses a low-

privilege identity Solution framework terminates code if it does not respond to

requests within a specified duration

Deployed by site collection administrators IT involvement no longer needed (they still set/manage resource

quotas)

Farm solutions still a viable option on-premises

Page 10: FEDSPUG November 2013: Developing Apps SharePoint 2013 by Danny Jessee

What’s wrong with this picture?

Page 11: FEDSPUG November 2013: Developing Apps SharePoint 2013 by Danny Jessee

Shortcomings Code is executing on the SharePoint frontend servers

Difficult to run code anywhere but within SharePoint Ever try coding against the .asmx web services? CSOM wasn’t fully “there” yet

SharePoint developers required for everything Need to know Visual Studio, .NET, SharePoint server-side object

model

Solutions are notoriously bad at cleaning up after themselves on uninstall

Farm solutions are a non-starter in the cloud

Page 12: FEDSPUG November 2013: Developing Apps SharePoint 2013 by Danny Jessee

Steps in the right direction SharePoint 2010 introduced CSOM (client.svc) WCF entry point – direct access from clients NOT supported, proxy

required Client class library for managed .NET/Silverlight Browser-based JavaScript class library (limited)

RESTful interface to access lists/libraries (listdata.svc)

Allow for interaction with SharePoint capabilities without executing code on the SharePoint server

Still fairly limited/restricted compared to server-side object model

Page 13: FEDSPUG November 2013: Developing Apps SharePoint 2013 by Danny Jessee

Development optionsSharePoint 2013

Page 14: FEDSPUG November 2013: Developing Apps SharePoint 2013 by Danny Jessee

2013 development options Farm solutions still supported

Recommended only for administrative extensions (timer jobs, custom cmdlets)

Full-trust only (CAS policies are now ignored)

Sandboxed solutions still allowed, but deprecated

.asmx web services and owssvr.dll (RPC) deprecated

Objectives are to maximize flexibility and capability while minimizing footprint on the SharePoint server This has been the goal since at least SharePoint 2010, but Microsoft

has made VERY significant investments to make this a reality in SharePoint 2013

Page 15: FEDSPUG November 2013: Developing Apps SharePoint 2013 by Danny Jessee

2013 improvements CSOM WCF entry point can now be accessed directly via REST-based calls (no proxy required!) /_vti_bin/client.svc /_api Much easier for JavaScript (and other non-.NET clients) to leverage

Now possible to fully interact with SharePoint from external platforms

Many new APIs added to CSOM Additional SharePoint Server functionality: user profiles, search,

taxonomy, feeds, publishing, sharing, workflow, e-discovery, information rights management, analytics, business data

Page 16: FEDSPUG November 2013: Developing Apps SharePoint 2013 by Danny Jessee

Which API should I use?

Image from http://msdn.microsoft.com/en-us/library/sharepoint/jj164060.aspx

Page 17: FEDSPUG November 2013: Developing Apps SharePoint 2013 by Danny Jessee

Apps for SharePoint

Page 18: FEDSPUG November 2013: Developing Apps SharePoint 2013 by Danny Jessee

Apps for SharePoint (*.app) New mechanism to deploy code-based customizations to the SharePoint platform Contains an XML app manifest, installed to a specific target site (host

web)

Self-contained, isolated pieces of functionality Can add basic files (e.g., CSS, JavaScript), create pages and lists in

isolated storage (app web)

No server-side code runs inside SharePoint

Page 19: FEDSPUG November 2013: Developing Apps SharePoint 2013 by Danny Jessee

Everything is an app!

Page 20: FEDSPUG November 2013: Developing Apps SharePoint 2013 by Danny Jessee

App development options “Napa” Office 365 development tools

Browser-based development environment (no other tools required) App projects can be downloaded and opened in Visual Studio

Visual Studio 2012 with Office developer tools

Page 21: FEDSPUG November 2013: Developing Apps SharePoint 2013 by Danny Jessee

Types of apps Provider-hosted

Deployed outside the SharePoint server Can run in the cloud or on a different on-premises web server

Autohosted Automatically provisions resources to Windows Azure and SQL Azure Ultimate scalability

SharePoint-hosted (on-premises) Deployed to an SPWeb known as the host web Provisions its resources on an SPWeb known as the app web Good for simple solutions, 100% client-side code

Page 22: FEDSPUG November 2013: Developing Apps SharePoint 2013 by Danny Jessee

Types of apps

Image from http://msdn.microsoft.com/en-us/library/fp179930.aspx

Page 23: FEDSPUG November 2013: Developing Apps SharePoint 2013 by Danny Jessee

What can I do with an app? Features (Web-scoped) Custom actions Remote event receivers App parts (client web

part) Custom CSS files Custom JavaScript files Modules (sets of files) Pages List templates

• List and library instances• Custom list forms• Custom list views• Custom content types• Fields (of built-in types)• BCS models (Web-

scoped)• Workflows• Property bags• Web templates

Page 24: FEDSPUG November 2013: Developing Apps SharePoint 2013 by Danny Jessee

App shapes Apps can come in any of three shapes:

Immersive full page app: good for scenario-based apps, can still use SharePoint chroming

Part app: like a web part; hosted in an IFRAME Extension app: adding custom actions

Image from http://msdn.microsoft.com/en-us/library/fp179930.aspx

Page 25: FEDSPUG November 2013: Developing Apps SharePoint 2013 by Danny Jessee

App web Each app installation has its own unique URL

App web provisioned at the time of app installation https://[app prefix][app hash].[app domain]/[relative site URL]/[app

name]

App domain should be different from host domain Built-in browser support for blocking XSS prevents code from calling

back directly to the host web SP.RequestExecutor library should be used for cross-domain calls

Page 26: FEDSPUG November 2013: Developing Apps SharePoint 2013 by Danny Jessee

Host web and app web

Image from http://msdn.microsoft.com/en-us/library/fp179925.aspx

Page 27: FEDSPUG November 2013: Developing Apps SharePoint 2013 by Danny Jessee

App permissions Apps for SharePoint have distinct identities

Associated with an app principal

App principal has permissions and rights Always has Full Control to the app web

Apps must request permissions to the host web or any other location outside of the app web

OAuth tokens are used to pass app identity

Page 28: FEDSPUG November 2013: Developing Apps SharePoint 2013 by Danny Jessee

App permissions App permission requests must include the rights needed by the app and the scope at which those rights are needed

Rights: Scopes:

Page 29: FEDSPUG November 2013: Developing Apps SharePoint 2013 by Danny Jessee

App permissions Trust must be explicitly granted by the user installing the app (all or nothing)

Page 30: FEDSPUG November 2013: Developing Apps SharePoint 2013 by Danny Jessee

Geolocation data in SharePoint 2013

Page 31: FEDSPUG November 2013: Developing Apps SharePoint 2013 by Danny Jessee

Geolocation data in 2013 Geolocation is a new field type in SharePoint 2013 Allows Latitude and Longitude (decimal coordinates) to be stored in

lists Allows retrieval of current user’s location from the browser (if it

implements the W3C Geolocation API) Displays values on a Bing map Must be added declaratively/programmatically (not available from

the UI)

SQLSysClrTypes.msi must be installed on all frontends (from SQL Server Feature Pack) 2008 R2: http://

www.microsoft.com/en-us/download/details.aspx?id=26728 2012: http://

www.microsoft.com/en-us/download/details.aspx?id=29065

Page 32: FEDSPUG November 2013: Developing Apps SharePoint 2013 by Danny Jessee

Geolocation data in 2013 To use Bing Maps, you must obtain a Bing Maps API key and set its value at the web or farm level https://www.bingmapsportal.com Set-SPBingMapsKey –BingKey "<Enter a valid Bing Maps key>"

Field XML for a Geolocation column <Field ID="{b42dc311-3dad-4940-bcb7-412b57e5d017}" Name="Geolocation" DisplayName="Geolocation" Type="Geolocation" Required="FALSE" Group="Geolocation Site Columns">

Page 33: FEDSPUG November 2013: Developing Apps SharePoint 2013 by Danny Jessee

Geolocation data in 2013 Add list item

Page 34: FEDSPUG November 2013: Developing Apps SharePoint 2013 by Danny Jessee

Geolocation data in 2013 Add list item

Page 35: FEDSPUG November 2013: Developing Apps SharePoint 2013 by Danny Jessee

Geolocation data in 2013 View list item

Page 36: FEDSPUG November 2013: Developing Apps SharePoint 2013 by Danny Jessee

Geolocation data in 2013 Create a “Map View” for multiple list items

Page 37: FEDSPUG November 2013: Developing Apps SharePoint 2013 by Danny Jessee

Geolocation data in 2013 Map View

Page 38: FEDSPUG November 2013: Developing Apps SharePoint 2013 by Danny Jessee

Demo time!

Page 39: FEDSPUG November 2013: Developing Apps SharePoint 2013 by Danny Jessee

Get started building apps Sign up for your free Office 365 developer site http://dev.office.com – use the “Napa” development tools

Sign up for your free 14-day trial of CloudShare ProPlus (“on-premises experience” in the cloud) http://cloudshare.com SharePoint 2013 environments have Visual Studio 2012 preinstalled! App tips and sample code: http://blog.cloudshare.com/author/danny

Give your developer VMs 10-16+ GB RAM! Download my demo project: http://sdrv.ms/XbohjT

Page 40: FEDSPUG November 2013: Developing Apps SharePoint 2013 by Danny Jessee

Conclusion Microsoft has made significant improvements to the developer experience in SharePoint 2013 Anything you can do in the server-side object model can be done

through CSOM, JSOM, REST/OData

Apps are the recommended approach in 2013

Apps are not a silver bullet Whether you use apps or not, you should strive to run as little code on the SharePoint server as possible

Page 41: FEDSPUG November 2013: Developing Apps SharePoint 2013 by Danny Jessee

Questions?

Page 42: FEDSPUG November 2013: Developing Apps SharePoint 2013 by Danny Jessee

Thank you for your time!@[email protected]/blog

Page 43: FEDSPUG November 2013: Developing Apps SharePoint 2013 by Danny Jessee

Backup slides

Page 44: FEDSPUG November 2013: Developing Apps SharePoint 2013 by Danny Jessee

Farm solutions vs. sandboxed solutions Farm solutions

Code impacts the entire farm Hosted in the IIS worker process (W3WP.exe) Application pool recycles before solution is retracted/deployed Can be used for every type of SharePoint component

Sandboxed solutions Code impacts the site collection of the solution Hosted in the user code solution worker process

(SPUCWorkerProcess.exe) No app pool recycles required to load latest version

Page 45: FEDSPUG November 2013: Developing Apps SharePoint 2013 by Danny Jessee

SharePoint 2013 improvements All APIs have dual support (CSOM and REST)

Data can be returned as JSON (good for AJAX clients) or ATOM (good for any client) Can be selected with ACCEPT header (application/json,

application/atom+xml)

REST and OData are a winning combination

Page 46: FEDSPUG November 2013: Developing Apps SharePoint 2013 by Danny Jessee

What about OData? New data access API for HTTP-based clients Based on open specifications (Microsoft Open Specification Promise)

Standardizes CRUD operations by mapping them to HTTP verbs (GET, POST, PUT/MERGE, DELETE)

Read the specification at http://odata.org

Page 47: FEDSPUG November 2013: Developing Apps SharePoint 2013 by Danny Jessee

Tips and tricks Easy to test REST calls (GET requests) through the browser

RESTClient for Firefox https://addons.mozilla.org/en-US/firefox/addon/restclient/

JavaScript: _spPageContextInfo.webAbsoluteUrl

jQuery: $.getJSON(requestUri, null, onDataReturned)

jsRender.js makes a great templating engine to generate output from a JSON collection

Page 48: FEDSPUG November 2013: Developing Apps SharePoint 2013 by Danny Jessee

Configuring an on-prem farm for apps New instance of App Management Service App Can be done using the farm wizard

Configure root domain name for all app webs Set-SPAppDomain cmdlet

Create instance of Subscription Settings Service App Can only be done through PowerShell

Configure a name for the default tenant Set-SPAppSiteSubscriptionName cmdlet (only one tenant on-prem)

DNS setup (Visual Studio updates lmhosts file in dev)

Page 49: FEDSPUG November 2013: Developing Apps SharePoint 2013 by Danny Jessee

{StandardTokens} in the query string SPHostUrl=http%3A%2F%2Fc4968397007&SPLanguage=en%2DUS&SPClientTag=0&SPProductNumber=15%2E0%2E4420%2E1017&SPAppWebUrl=http%3A%2F%2Fapps%2D68b0b5ab173c7f%2Esp2013apps%2Ecom%2FSharePointApp1

Page 50: FEDSPUG November 2013: Developing Apps SharePoint 2013 by Danny Jessee

App domain security Having a separate app domain allows SharePoint to determine exactly which app generated a JavaScript callback

This allows SharePoint to authenticate an app and examine its permissions any time a call originates from the app web

Page 51: FEDSPUG November 2013: Developing Apps SharePoint 2013 by Danny Jessee

App authorization policy types User-only – only takes the user identity into account

User + app – both the user identity and the app identity are considered

App-only – only the app identity is considered Requires special logic to obtain client context with app-only token http://

code.msdn.microsoft.com/officeapps/SharePoint-2013-Make-app-6e3d1ee9

Closest thing to “running elevated” or impersonating a privileged account

Page 52: FEDSPUG November 2013: Developing Apps SharePoint 2013 by Danny Jessee

References

Page 53: FEDSPUG November 2013: Developing Apps SharePoint 2013 by Danny Jessee

References SharePoint 2013 development overview

http://msdn.microsoft.com/en-us/library/sharepoint/jj164084.aspx

Build apps for SharePoint http://msdn.microsoft.com/en-us/library/office/apps/jj163230.aspx

Farm solutions http://msdn.microsoft.com/en-us/library/ff798425.aspx

Sandboxed solution considerations http://msdn.microsoft.com/en-us/library/ee231562.aspx

Page 54: FEDSPUG November 2013: Developing Apps SharePoint 2013 by Danny Jessee

References (cont.) Deciding which SharePoint 2010 API to use

http://msdn.microsoft.com/en-us/library/hh313619%28v=office.14%29.aspx

SharePoint development in Visual Studio http://msdn.microsoft.com/en-us/library/ee330921.aspx

Choose the right API set in SharePoint 2013 http://msdn.microsoft.com/en-us/library/sharepoint/jj164060.aspx

Get started with the SharePoint 2013 REST service http://msdn.microsoft.com/en-us/library/fp142380.aspx

Page 55: FEDSPUG November 2013: Developing Apps SharePoint 2013 by Danny Jessee

References (cont.) Apps for SharePoint overview

http://msdn.microsoft.com/en-us/library/fp179930.aspx

Important aspects of the app for SharePoint architecture and development landscape http://msdn.microsoft.com/en-us/library/fp179922.aspx

App permissions in SharePoint 2013 http://msdn.microsoft.com/en-us/library/fp142383.aspx

UX design for apps in SharePoint 2013 http://msdn.microsoft.com/en-us/library/fp179934.aspx

Page 56: FEDSPUG November 2013: Developing Apps SharePoint 2013 by Danny Jessee

References (cont.) What’s new for developers in SharePoint 2013 http://msdn.microsoft.com/en-us/library/jj163091.aspx

Introducing SharePoint apps http://blog.tedpattison.net/Lists/Posts/Post.aspx?ID=14

Introducing the SharePoint 2013 application model http://

www.binarywave.com/blogs/eshupps/Lists/Posts/Post.aspx?ID=266

Setting up your App domain for SharePoint 2013 http://

sharepointchick.com/archive/2012/07/29/setting-up-your-app-domain-for-sharepoint-2013.aspx

Page 57: FEDSPUG November 2013: Developing Apps SharePoint 2013 by Danny Jessee

References (cont.) Remove app for SharePoint instances from a SharePoint 2013 site http://technet.microsoft.com/en-us/library/fp161233.aspx

How to: Create app parts to deploy with apps for SharePoint http://msdn.microsoft.com/en-us/library/fp179921.aspx

How to: Create custom actions to deploy with apps for SharePoint http://msdn.microsoft.com/en-us/library/jj163954.aspx

Page 58: FEDSPUG November 2013: Developing Apps SharePoint 2013 by Danny Jessee

References (cont.) How to: Set up an on-premises development environment for apps for SharePoint http://msdn.microsoft.com/en-us/library/fp179923.aspx

App permissions in SharePoint 2013 http://msdn.microsoft.com/en-us/library/fp142383.aspx

App authorization policy types in SharePoint 2013 http://msdn.microsoft.com/en-us/library/fp179892.aspx

Page 59: FEDSPUG November 2013: Developing Apps SharePoint 2013 by Danny Jessee

References (cont.) Using the SharePoint 2013 object model in an app for SharePoint http://msdn.microsoft.com/en-us/library/jj191507.aspx

Install and Manage Apps for SharePoint 2013 http://technet.microsoft.com/en-us/library/fp161232.aspx