SharePoint 2013 “Appsâ€‌

download SharePoint 2013 “Appsâ€‌

of 17

  • date post

  • Category


  • view

  • download


Embed Size (px)


SharePoint 2013 “Apps”. Brian Fraser Fraser Technical Solutions, LLC Problems with Traditional SharePoint Development. Farm Solutions Code is considered fully trusted Code runs as current user by default - PowerPoint PPT Presentation

Transcript of SharePoint 2013 “Appsâ€‌

SharePoint 2013 App Model

SharePoint 2013 AppsBrian FraserFraser Technical Solutions,

Problems with Traditional SharePoint DevelopmentFarm SolutionsCode is considered fully trustedCode runs as current user by defaultCode can call SPSecurity.RunWithElevatedPrivileges to run as System accountMisbehaving code can impact the entire farmSandboxed SolutionsLimited functionalityCode runs as current user onlyCannot elevate permissionsNot as secure as people think

Design goalsMust support Office 365Code cannot run in SharePoint processSharePoint API accessible only through clearly defined web servicesAn app has its own distinct identityAn app can be granted permissions independent of usersEasier publishing and discovery via App CatalogTenancyImplicitly handled for you in Office 365Allows grouping of site collections per customer (tenant)On premise installations typically have a single default tenancyPre Requisites (On premise installation)Claims AuthenticationApp Management serviceSubscription Settings ServiceApp Domain (* with wildcard certificate

App InstallationMust be deployed to an app catalogApp catalog is a special site collection. 1 per web applicationApps can be deployed at site scope or tenancy scopeApp Web represents Isolated storage for an app instanceHost Web is the parent of the app webApp implicitly has full control over its app webApp must request any other permissions during installation

App Hosting ModelsSharePoint HostedCloud HostedAuto Hosted (Azure + O365 only)Provider HostedSharePoint Hosted AppsContained entirely in app webClient side code only. No server side code.Typically JavaScript but can use any client side technology such as flash, Silverlight, etc.Does not support app only authenticationNo need to program with access tokens for authentication. Uses SharePoint internal authentication. Provider Hosted AppServer side code using virtually any technology is allowed i.e. Web Forms, MVC, LAMP, PHP, etc.Requires separate remote web for all application code.Remote web must exist prior to deployment in SharePointApplication developer responsible for load balancing, multi tenancy support, etc.Must use external authentication (S2S or OAUTH)Auto Hosted AppsSupported in Office 365 onlyBased on private windows azure infrastructure associated with O365 tenancyMulti-tenancy and load balancing handled by infrastructureAzure web sites and databases provisioned automatically during app installationOAuth authentication requiredGetting Started SharePoint hosted appOffice 365 Developer site Office 365 Development ToolsDemoVisual StudioDemoWhats in a URL? is the app prefix. Based on tenancy. Configurable for on-prem only.007bd0249c5cba is the is the app hosting domainsites/dev1 domain relative URL of host webQuery String Standard Tokens

Provider Hosted (S2S)S2S High TrustRequires X.509 CertificateRemote web encrypts token request with private keySharePoint Secure Token issuer validates request with public key and issues authentication tokenRemote web uses token in subsequent CSOM or REST callsTokenHelper for working with tokens. Works natively with windows authentication. Extensible for FBA and other authentication methods.Register app principal with appregnew.aspx or register-SPAppPrincipalHigh Trust because SharePoint trusts the remote web to authenticate user

Provider hosted demoProvider Hosted OAUTHRequires Azure Control Services (ACS)Required for O365 auto hosted appsSharePoint obtains context token from ACS and POSTS to remote web on app launchClient app extracts refresh token from context token and passes to ACS to obtain OAUTH tokenClient makes CSOM/REST calls to SharePoint with OAUTH tokenCan be used On-Prem in place of S2S

Autohosted Demo