Tutorial: Building Apps for SharePoint 2013 Inside and Outside of the Firewall by An…
description
Transcript of Tutorial: Building Apps for SharePoint 2013 Inside and Outside of the Firewall by An…
wwwAndrewConnellcom
AndrewConnell
Building Apps for SharePoint 2013 Inside
and Outside of the FirewallAndrew Connell
MVP SharePoint Server
Andrew ConnellwwwAndrewConnellcom meAndrewConnellcom
andrewconnell
Independent Consultant Developer Speaker Instructor
Hands-On SharePoint Training Critical Path Training - wwwCriticalPathTrainingcom
On-Demand SharePoint TrainingPluralsight ndash wwwPluralsightcom
wwwAndrewConnellcom
AndrewConnell
Agenda
SharePoint App ModelApp Identity
AuthenticationAuthorizationOAuth
Client-Side Development
wwwAndrewConnellcom
AndrewConnell
SharePoint 2013 Deployment Options
bull Installed 100 on company serversbull Access to 100 of SharePointrsquos
features amp capabilities
On-Premises (aka on-
prem behind firewall)
bull Installed 100 and managed in the cloud
bull Most common context Office 365 SharePoint Online
bull Some features not available in the cloud
Hosted(aka Office
365 SharePoint
Online)
wwwAndrewConnellcom
AndrewConnell
Overview of the SharePoint App Model
SharePoint app model based on these assumptions
Apps supported in Office 365 and in on-premises farms
App code never runs in SharePoint host environment
Apps talk to SharePoint using Web service entry points
App code is authenticated and has established identity
App has permissions independent of user permissions
Apps deployed to catalogs using a publishing scheme
Published apps are easier to find install and upgrade
wwwAndrewConnellcom
AndrewConnell
App Installation Scopes
Site-Scoped Installation App is installed in a specific site App is launched from same site This site is known as host web
Tenancy-Scoped Installation App installed gt app catalog site App available many host webs Host webs access one app instance Centralizes app management
wwwAndrewConnellcom
AndrewConnell
SharePoint App Architecture
SharePoint-Hosted Apps App resources added to SharePoint host Stored in child site known as app web App can have client-side code App cannot have server-side code
Cloud-Hosted Apps App resources deployed on remote server Remote site known as remote web App can have client-side code App can have server-side code
wwwAndrewConnellcom
AndrewConnell
Creating SharePoint Hosted amp
Cloud-Hosted Apps
wwwAndrewConnellcom
AndrewConnell
App Web
App web is created during app installationApp web created as child to site where app is installed
SharePoint-Hosted apps must create app webApp must add start page and related resourcesApp can add other SharePoint elements (eg lists)
Cloud-Hosted apps can create app webMost cloud-hosted apps will not create an app webCloud-hosted app can create app web if needed
wwwAndrewConnellcom
AndrewConnell
Inspecting the AppWeb
wwwAndrewConnellcom
AndrewConnell
App Shapes
What SharePoint Tells youhellipSharePoint-Hosted AppsCloud-Hosted Apps
What Visual Studio Forces You to SelecthellipSharePoint-Hosted AppProvider-Hosted AppAuto-Hosted App
wwwAndrewConnellcom
AndrewConnell
App Shapes ndash What It Really Is
SharePoint-Hosted Apps Everything resides in SharePoint
All Other Types Majority resides external to SharePoint (IIS Azure etc) By default donrsquot trigger creation of AppWebhellip
Unless they include SharePoint artifacts
Auto-Hosted Apps SharePoint handles deployment of external assets
Azure Web SiteSQL Azure Database
wwwAndrewConnellcom
AndrewConnell
Inspecting App Shapes
wwwAndrewConnellcom
AndrewConnell
Authentication in SharePoint 2013
Authentication Flow in SharePoint 2013 User authentication stays the same with standard sites In calls to app web app authentication occurs internally Internal authentication occurs in calls to app web External authentication used for calls from remote web Call context can contain both user and app identity
Requirements for establishing app identity Host web application must be a claims-based Incoming calls must target CSOMREST endpoints
Supported CSOMREST endpoints not extensible
wwwAndrewConnellcom
AndrewConnell
User vs App Authentication Flow
call from user SAMLtoken
call from appOAuthtoken
SharePoint Farm
Web Servers
wwwAndrewConnellcom
AndrewConnell
SharePoint 2013 Authentication Flow
startauthentication
SAML Token
OAuth token
request toapp web
CSOMRESTendpoint
user infoin token
endauthentication
set up call context with user identity
set up call context with user identity and app identity
set up call context with app identity
set up call context with no identity
(anonymous access)
YES NO
YESNO
NO
YES YES YES
NO
NO
wwwAndrewConnellcom
AndrewConnell
Provider-Hosted Apps amp App Identity
OAuth (via Azure ACS)
High-Trust (via S2S Trust amp
certificates)
bull Apps can obtain an identity using one of two methods
wwwAndrewConnellcom
AndrewConnell
OAuth 20 Primer
What is OAuthInternet protocol for creating and managing app identityA cross-platform mechanism for authenticating appsInternet standard used by Facebook Google
and Twitter
SharePoint 2013 use OAuth to establish app identitySharePoint integration with OAuth based on Azure ACSOAuth authentication used in Office 365 but not on-premises farms
wwwAndrewConnellcom
AndrewConnell
Windows Azure ACS
Windows Azure Access Control Service (ACS)Required to use OAuth with SharePoint 2013ACS server acts as authentication serverACS server must be trusted by content serverACS server must be trusted by client app
How is ACS configured as authentication serverIts configured automatically in Office 365 tenanciesNot supported in on-prem farms in SharePoint 2013
wwwAndrewConnellcom
AndrewConnell
What is a Server-to-Server (S2S) Trust
Trusted connection between client app and SharePoint Eliminates need for ACS when running apps in on-premises farm
Trust between servers configured using SSL certificates
App code requires access to private key of SSL certificate
Requires creating Security Token Service on SharePoint server(s)
wwwAndrewConnellcom
AndrewConnell
Developing Apps that use S2S Trusts
What are the developer responsibilities with an S2S app Expose an endpoint to SharePoint to
discover service metadata Authenticate the user (can use Windows Auth FBA etc) Create security tokens to send to SharePoint server
Details of creating the S2S security token S2S token like OAuth token but differs from
OAuth specification Security token must contain app identity Security token can optionally include user identity Security token must be signed using certificatersquos private key
wwwAndrewConnellcom
AndrewConnell
OAuth amp S2S Trusts
OAuth Enabled Apps Before deployment marketplace app must be registered with Azure ACS Apps obtain their identity token from Azure ACS When calling SharePoint app includes OAuth token SharePoint trusts Azure ACS
On-Prem deployments will typically use S2S Before deployment app must be
registered with SharePoint Developer registers a certificate with SharePoint amp associates app with
certificate App creates token using private key of certificate SharePoint trusts this token because it was signed with the private key
wwwAndrewConnellcom
AndrewConnell
What You Might Not Be Aware Of 1
OAuth is only supported in Office 365No support in On-Prem deployments at RTMWhy
Possible update to this story after RTMExtra stepsHotfixCumulative UpdateService PackNext Version
wwwAndrewConnellcom
AndrewConnell
Creating Apps with Identities amp Permissions
wwwAndrewConnellcom
AndrewConnell
What You Might Not Be Aware Of 2
Office 365 Azure
bull ldquoPrivate Cloudrdquobull Azure Web Sitesbull SQL Azure DBsbull Access Control Service
Windows Azure
bull wwwazurecombull Cloud servicesbull Web Sitesbull Virtual Machinesbull Storage (blob queue table)bull Service Busbull SQL Azurebull Access Control Servicebull hellip
Office 365 Azure = Windows Azure
wwwAndrewConnellcom
AndrewConnell
The Sandbox Isnrsquot Dead
Where you build sandbox solutions try to replace them with SharePoint Apps
There are many scenarios where Apps canrsquot replace sandbox solutions
Some things are ONLY possible with sandboxed solutions in a hosted deployment
Remember they are deprecated not dead
wwwAndrewConnellcom
AndrewConnell
App Model Parting Thoughts
SharePoint ALM has always been hard NET ALM gt SharePoint ALM
More tools more mature more documentation amp support No longer limited to what SharePoint supports
Latest version of the NET Framework New ldquotoysrdquo (MVC Entity Framework etc) Not limited to any technology stack infrastructure
Working with service layer vs server side API More community tools amp libraries to choose from Can follow more ldquostandardsrdquo
Donrsquot have to scale SharePoint can now just scale the app
wwwAndrewConnellcom
AndrewConnell
CSOM in SharePoint 2010
CSOM made accessible through clientsvcDirect access to clientsvc not supportedCalls to clientsvc must go through
supported entry pointsSupported entry points
NETSilverlight JavaScript
wwwAndrewConnellcom
AndrewConnell
Changes in SharePoint 2013
clientsvc extended with REST capabilitiesclientsvc now supports direct access from
REST clientsclientsvc accepts HTTP GET PUT POST requestsImplemented in accordance with OData protocol
CSOM extended with new APIsNew APIs for SharePoint Server functionalityNew API for Windows Phone Applications
wwwAndrewConnellcom
AndrewConnell
What is covered in the new CSOM
New APIs with SharePoint Server functionality User Profiles
Search
Taxonomy
Feeds
Publishing
Sharing
Workflow
E-Discovery
IRM
Analytics
Business Data
wwwAndrewConnellcom
AndrewConnell
SharePoint 2013 Remote API Architecture
JavaScript Library
Silverlight Library
Net CLR Library
Custom Client Code
Client
Server
_api is new alias for _vti_binclientsvc
OData
Execute Query
wwwAndrewConnellcom
AndrewConnell
What About ListDatasvc
ListDatasvc added REST support for reading amp writing to SharePoint lists in SharePoint 2010
Still present in SharePoint 2013 but primarily only for backwards capability Existing code wonrsquot break
New development recommendation use new SharePoint 2013 RESTOData API
wwwAndrewConnellcom
AndrewConnell
Changes to CSOM in SharePoint 2013
SharePoint Foundation 2013No significant changes to CSOM beyond REST supportPrimary investment was adding REST to existing API
SharePoint Server 2013New APIs added with CSOM and REST support
wwwAndrewConnellcom
AndrewConnell
CSOM using Managed CodeClientContext cc = new ClientContext(httpclientsidewingtipcom)ccCredentials = CredentialCacheDefaultCredentialsWeb site = ccWebListCollection lists = siteLists load site infoccLoad(site s =gt sTitle)ccExecuteQuery()ConsoleWriteLine(Site Title + siteTitle) create listListCreationInformation newList = new ListCreationInformation()newListTitle = Customers CSOMnewListUrl = ListsCustomers_CSOMnewListQuickLaunchOption = QuickLaunchOptionsOnnewListTemplateType = (int)ListTemplateTypeContactssiteListsAdd(newList) refresh lists collectionccLoad(lists) make round trip to Web server to do all the workccExecuteQuery() foreach (List list in lists) ConsoleWriteLine(listTitle)
wwwAndrewConnellcom
AndrewConnell
CSOM using JavaScriptvar ctxvar webvar lists $(onPageLoad) function onPageLoad() ExecuteOrDelayUntilScriptLoaded(initCSOM spjs) function initCSOM() ctx = SPClientContextget_current() web = ctxget_web() ctxload(web) ctxload(webget_currentUser()) lists = webget_lists() ctxload(lists) ctxexecuteQueryAsync(onDisplaySiteInfo onError) function onDisplaySiteInfo() var siteTitle = webget_title() var siteId = webget_id()toString() var siteUrl = webget_url() var currentUser = webget_currentUser()get_loginName() do something with these values function onError(sender args) alert(JSONstringify(args))
wwwAndrewConnellcom
AndrewConnell
Programming CSOM with C
wwwAndrewConnellcom
AndrewConnell
REST URLs in SharePoint 2013
CSOM URLS can go through _api folderSimplifies URLs that need to be builtRemoves clientsvc file name from URL
You can replace this URLhttpwingtipserver_vti_binclientsvcweb
With this URLhttpwingtipserver_apiweb
wwwAndrewConnellcom
AndrewConnell
Mapping Objects to Resources
Example REST URLs targeting SharePoint sites
http[]_apiweblists
http[]_apiweblistsgetByTitle(lsquoContacts)
http[]_apiwebgetAvailableWebTemplates(lcid=1033)
wwwAndrewConnellcom
AndrewConnell
Testing REST Calls Through the Browser
wwwAndrewConnellcom
AndrewConnell
Executing REST Queries Through The Browser
wwwAndrewConnellcom
AndrewConnell
Returning ATOM XML vs JSON
Control data format response withACCEPT header
ATOM-PUB (XML) Verbose
Easier to read
ACCEPT = applicationatom+xml
JSON Condensed notation
Smaller payload
ACCEPT = applicationjsonodata=verbose
d __metadata idF05C411B-943E-42A0-A5DF-205F5C75E673 urihttpintranetwingtipcom_apiWebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2) etag0 typeSPList Id0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2 TitleDocuments
ltentry xmlbase=httpintranetwingtipcom_api xmlns=httpwwww3org2005Atom xmlnsd=httpschemasmicrosoftcomado200708dataservices xmlnsm=httpschemasmicrosoftcomado200708dataservicesmetadata metag=ampquot0ampquotgt ltidgthttpintranetwingtipcom_apiWebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2)ltidgt ltcategory term=SPList scheme=httpschemasmicrosoftcomado200708dataservicesscheme gt ltlink rel=edit href=WebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2) gt lttitle gt ltupdatedgt2012-10-05T205347Zltupdatedgt ltauthorgt ltname gt ltauthorgt ltcontent type=applicationxmlgt ltmpropertiesgt ltdTitlegtDocumentsltdTitlegt ltmpropertiesgt ltcontentgtltentrygt
wwwAndrewConnellcom
AndrewConnell
REST Query from Managed Code
Tips for making REST calls from managed codeUse HttpWebRequest amp HttpWebResponseQuery XML using XDocumentDescendantsOr use JSON amp JavascriptSeralizer JSONNET
build requestUri uri = new Uri(siteUrl + _apiweblistsgetByTitle(Documents)ampselect=Title)HttpWebRequest request = WebRequestCreate(uri) as HttpWebRequestrequestCredentials = CredentialCacheDefaultCredentialsrequestAccept = applicationatom+xml send requestHttpWebResponse response = requestGetResponse() as HttpWebResponse use LINQ to XML to get dataXDocument doc = XDocumentLoad(responseGetResponseStream())XNamespace nsDataService = httpschemasmicrosoftcomado200708dataservicesstring title = docDescendants(nsDataService + Title)First()Value
wwwAndrewConnellcom
AndrewConnell
REST Query Using JavaScript amp jQuery
$(onPageLoad) function onPageLoad() $(cmdGetSiteInfo)click(onGetSiteInfo) function onGetSiteInfo() var requestUri = _spPageContextInfowebAbsoluteUrl + _apiWeb$select=Title execute AJAX request jqxhr = $getJSON(requestUri null OnDataReturned) jqxhrerror(onError) function OnDataReturned(data) var odataResults = datad var siteTitle= odataResultsTitle $(results)html(Title + siteTitle) function onError(err) $(results)text(ERROR + JSONstringify(err))
d __metadata idF05C411B-943E-42A0-A5DF-205F5C75E673 urihttpintranetwingtipcom_apiWeb typeSPWeb Id0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2 TitleMy Site Title
wwwAndrewConnellcom
AndrewConnell
Updates and the Form Digest
Updates using REST require Form DigestSpecial value created using cryptographyUsed to protect against replay attackSharePoint pages include control that contains the Form
DigestWeb service clients must acquire Form
Digest separatelyForm Digest can be acquired through
httpsite_vti_binsitesasmx
wwwAndrewConnellcom
AndrewConnell
Creating Lists with Managed Code amp REST
Parse together URL to point to lists collectionAdd X-RequestDigest header with form
digest valueSet HTTP method to POSTCreate body content with new list info
wwwAndrewConnellcom
AndrewConnell
Creating Lists with JavaScript and REST
function onCreateList() var newList = __metadata typeSPList BaseTemplate105 TemplateFeatureId4AE88D99-DBBC-4B9E-95CC-CA3C320A2345 TitleNewListName var requestHeaders = ACCEPTapplicationjson X-RequestDigest$(__REQUESTDIGEST)val() $ajax( url _spPageContextInfowebAbsoluteUrl + _apiweblists type POST contentType applicationjson data JSONstringify(newList) headers requestHeaders success onSuccess error onError )
Create appropriate JavaScript object and convert to JSON format for request body
Get form digest value from control on page
Create request headers for HTTP Request
Send request to Web server using jQuery $ajax function
Convert request body data to string-based JSON object
wwwAndrewConnellcom
AndrewConnell
Querying and Updating Content Using REST
wwwAndrewConnellcom
AndrewConnell
Questions Want to Learn More
SharePoint Courses for Everyone SharePoint 2007 2010 amp 2013 Developers Administrators amp End Users
Get Training How You Like it Hands-On (classroom with hands-on
labs) Online (live webcast with take-away labs)
Private Classes Available for Large Groups
SharePoint Courses for Everyone SharePoint 2007 2010 amp 2013 Developers Administrators amp End Users
Individual Small Business amp Enterprise Plans Monthly or Annual Subscriptions Watch Online amp Offline
Subscribers Have Access to Entire Catalog
wwwCriticalPathTrainingcom
Hands-On amp Virtual Training
wwwPluralsightcom
On-Demand Training
meandrewconnellcom
- Building Apps for SharePoint 2013 Inside and Outside of the Fir
- Slide 2
- Agenda
- SharePoint 2013 Deployment Options
- Overview of the SharePoint App Model
- App Installation Scopes
- SharePoint App Architecture
- Creating SharePoint Hosted amp Cloud-Hosted Apps
- App Web
- Inspecting the AppWeb
- App Shapes
- App Shapes ndash What It Really Is
- Inspecting App Shapes
- Authentication in SharePoint 2013
- User vs App Authentication Flow
- SharePoint 2013 Authentication Flow
- Provider-Hosted Apps amp App Identity
- OAuth 20 Primer
- Windows Azure ACS
- What is a Server-to-Server (S2S) Trust
- Developing Apps that use S2S Trusts
- OAuth amp S2S Trusts
- What You Might Not Be Aware Of 1
- Creating Apps with Identities amp Permissions
- What You Might Not Be Aware Of 2
- The Sandbox Isnrsquot Dead
- App Model Parting Thoughts
- CSOM in SharePoint 2010
- Changes in SharePoint 2013
- What is covered in the new CSOM
- SharePoint 2013 Remote API Architecture
- What About ListDatasvc
- Changes to CSOM in SharePoint 2013
- CSOM using Managed Code
- CSOM using JavaScript
- Programming CSOM with C
- REST URLs in SharePoint 2013
- Mapping Objects to Resources
- Testing REST Calls Through the Browser
- Executing REST Queries Through The Browser
- Returning ATOM XML vs JSON
- REST Query from Managed Code
- REST Query Using JavaScript amp jQuery
- Updates and the Form Digest
- Creating Lists with Managed Code amp REST
- Creating Lists with JavaScript and REST
- Querying and Updating Content Using REST
- Questions Want to Learn More
-
Andrew ConnellwwwAndrewConnellcom meAndrewConnellcom
andrewconnell
Independent Consultant Developer Speaker Instructor
Hands-On SharePoint Training Critical Path Training - wwwCriticalPathTrainingcom
On-Demand SharePoint TrainingPluralsight ndash wwwPluralsightcom
wwwAndrewConnellcom
AndrewConnell
Agenda
SharePoint App ModelApp Identity
AuthenticationAuthorizationOAuth
Client-Side Development
wwwAndrewConnellcom
AndrewConnell
SharePoint 2013 Deployment Options
bull Installed 100 on company serversbull Access to 100 of SharePointrsquos
features amp capabilities
On-Premises (aka on-
prem behind firewall)
bull Installed 100 and managed in the cloud
bull Most common context Office 365 SharePoint Online
bull Some features not available in the cloud
Hosted(aka Office
365 SharePoint
Online)
wwwAndrewConnellcom
AndrewConnell
Overview of the SharePoint App Model
SharePoint app model based on these assumptions
Apps supported in Office 365 and in on-premises farms
App code never runs in SharePoint host environment
Apps talk to SharePoint using Web service entry points
App code is authenticated and has established identity
App has permissions independent of user permissions
Apps deployed to catalogs using a publishing scheme
Published apps are easier to find install and upgrade
wwwAndrewConnellcom
AndrewConnell
App Installation Scopes
Site-Scoped Installation App is installed in a specific site App is launched from same site This site is known as host web
Tenancy-Scoped Installation App installed gt app catalog site App available many host webs Host webs access one app instance Centralizes app management
wwwAndrewConnellcom
AndrewConnell
SharePoint App Architecture
SharePoint-Hosted Apps App resources added to SharePoint host Stored in child site known as app web App can have client-side code App cannot have server-side code
Cloud-Hosted Apps App resources deployed on remote server Remote site known as remote web App can have client-side code App can have server-side code
wwwAndrewConnellcom
AndrewConnell
Creating SharePoint Hosted amp
Cloud-Hosted Apps
wwwAndrewConnellcom
AndrewConnell
App Web
App web is created during app installationApp web created as child to site where app is installed
SharePoint-Hosted apps must create app webApp must add start page and related resourcesApp can add other SharePoint elements (eg lists)
Cloud-Hosted apps can create app webMost cloud-hosted apps will not create an app webCloud-hosted app can create app web if needed
wwwAndrewConnellcom
AndrewConnell
Inspecting the AppWeb
wwwAndrewConnellcom
AndrewConnell
App Shapes
What SharePoint Tells youhellipSharePoint-Hosted AppsCloud-Hosted Apps
What Visual Studio Forces You to SelecthellipSharePoint-Hosted AppProvider-Hosted AppAuto-Hosted App
wwwAndrewConnellcom
AndrewConnell
App Shapes ndash What It Really Is
SharePoint-Hosted Apps Everything resides in SharePoint
All Other Types Majority resides external to SharePoint (IIS Azure etc) By default donrsquot trigger creation of AppWebhellip
Unless they include SharePoint artifacts
Auto-Hosted Apps SharePoint handles deployment of external assets
Azure Web SiteSQL Azure Database
wwwAndrewConnellcom
AndrewConnell
Inspecting App Shapes
wwwAndrewConnellcom
AndrewConnell
Authentication in SharePoint 2013
Authentication Flow in SharePoint 2013 User authentication stays the same with standard sites In calls to app web app authentication occurs internally Internal authentication occurs in calls to app web External authentication used for calls from remote web Call context can contain both user and app identity
Requirements for establishing app identity Host web application must be a claims-based Incoming calls must target CSOMREST endpoints
Supported CSOMREST endpoints not extensible
wwwAndrewConnellcom
AndrewConnell
User vs App Authentication Flow
call from user SAMLtoken
call from appOAuthtoken
SharePoint Farm
Web Servers
wwwAndrewConnellcom
AndrewConnell
SharePoint 2013 Authentication Flow
startauthentication
SAML Token
OAuth token
request toapp web
CSOMRESTendpoint
user infoin token
endauthentication
set up call context with user identity
set up call context with user identity and app identity
set up call context with app identity
set up call context with no identity
(anonymous access)
YES NO
YESNO
NO
YES YES YES
NO
NO
wwwAndrewConnellcom
AndrewConnell
Provider-Hosted Apps amp App Identity
OAuth (via Azure ACS)
High-Trust (via S2S Trust amp
certificates)
bull Apps can obtain an identity using one of two methods
wwwAndrewConnellcom
AndrewConnell
OAuth 20 Primer
What is OAuthInternet protocol for creating and managing app identityA cross-platform mechanism for authenticating appsInternet standard used by Facebook Google
and Twitter
SharePoint 2013 use OAuth to establish app identitySharePoint integration with OAuth based on Azure ACSOAuth authentication used in Office 365 but not on-premises farms
wwwAndrewConnellcom
AndrewConnell
Windows Azure ACS
Windows Azure Access Control Service (ACS)Required to use OAuth with SharePoint 2013ACS server acts as authentication serverACS server must be trusted by content serverACS server must be trusted by client app
How is ACS configured as authentication serverIts configured automatically in Office 365 tenanciesNot supported in on-prem farms in SharePoint 2013
wwwAndrewConnellcom
AndrewConnell
What is a Server-to-Server (S2S) Trust
Trusted connection between client app and SharePoint Eliminates need for ACS when running apps in on-premises farm
Trust between servers configured using SSL certificates
App code requires access to private key of SSL certificate
Requires creating Security Token Service on SharePoint server(s)
wwwAndrewConnellcom
AndrewConnell
Developing Apps that use S2S Trusts
What are the developer responsibilities with an S2S app Expose an endpoint to SharePoint to
discover service metadata Authenticate the user (can use Windows Auth FBA etc) Create security tokens to send to SharePoint server
Details of creating the S2S security token S2S token like OAuth token but differs from
OAuth specification Security token must contain app identity Security token can optionally include user identity Security token must be signed using certificatersquos private key
wwwAndrewConnellcom
AndrewConnell
OAuth amp S2S Trusts
OAuth Enabled Apps Before deployment marketplace app must be registered with Azure ACS Apps obtain their identity token from Azure ACS When calling SharePoint app includes OAuth token SharePoint trusts Azure ACS
On-Prem deployments will typically use S2S Before deployment app must be
registered with SharePoint Developer registers a certificate with SharePoint amp associates app with
certificate App creates token using private key of certificate SharePoint trusts this token because it was signed with the private key
wwwAndrewConnellcom
AndrewConnell
What You Might Not Be Aware Of 1
OAuth is only supported in Office 365No support in On-Prem deployments at RTMWhy
Possible update to this story after RTMExtra stepsHotfixCumulative UpdateService PackNext Version
wwwAndrewConnellcom
AndrewConnell
Creating Apps with Identities amp Permissions
wwwAndrewConnellcom
AndrewConnell
What You Might Not Be Aware Of 2
Office 365 Azure
bull ldquoPrivate Cloudrdquobull Azure Web Sitesbull SQL Azure DBsbull Access Control Service
Windows Azure
bull wwwazurecombull Cloud servicesbull Web Sitesbull Virtual Machinesbull Storage (blob queue table)bull Service Busbull SQL Azurebull Access Control Servicebull hellip
Office 365 Azure = Windows Azure
wwwAndrewConnellcom
AndrewConnell
The Sandbox Isnrsquot Dead
Where you build sandbox solutions try to replace them with SharePoint Apps
There are many scenarios where Apps canrsquot replace sandbox solutions
Some things are ONLY possible with sandboxed solutions in a hosted deployment
Remember they are deprecated not dead
wwwAndrewConnellcom
AndrewConnell
App Model Parting Thoughts
SharePoint ALM has always been hard NET ALM gt SharePoint ALM
More tools more mature more documentation amp support No longer limited to what SharePoint supports
Latest version of the NET Framework New ldquotoysrdquo (MVC Entity Framework etc) Not limited to any technology stack infrastructure
Working with service layer vs server side API More community tools amp libraries to choose from Can follow more ldquostandardsrdquo
Donrsquot have to scale SharePoint can now just scale the app
wwwAndrewConnellcom
AndrewConnell
CSOM in SharePoint 2010
CSOM made accessible through clientsvcDirect access to clientsvc not supportedCalls to clientsvc must go through
supported entry pointsSupported entry points
NETSilverlight JavaScript
wwwAndrewConnellcom
AndrewConnell
Changes in SharePoint 2013
clientsvc extended with REST capabilitiesclientsvc now supports direct access from
REST clientsclientsvc accepts HTTP GET PUT POST requestsImplemented in accordance with OData protocol
CSOM extended with new APIsNew APIs for SharePoint Server functionalityNew API for Windows Phone Applications
wwwAndrewConnellcom
AndrewConnell
What is covered in the new CSOM
New APIs with SharePoint Server functionality User Profiles
Search
Taxonomy
Feeds
Publishing
Sharing
Workflow
E-Discovery
IRM
Analytics
Business Data
wwwAndrewConnellcom
AndrewConnell
SharePoint 2013 Remote API Architecture
JavaScript Library
Silverlight Library
Net CLR Library
Custom Client Code
Client
Server
_api is new alias for _vti_binclientsvc
OData
Execute Query
wwwAndrewConnellcom
AndrewConnell
What About ListDatasvc
ListDatasvc added REST support for reading amp writing to SharePoint lists in SharePoint 2010
Still present in SharePoint 2013 but primarily only for backwards capability Existing code wonrsquot break
New development recommendation use new SharePoint 2013 RESTOData API
wwwAndrewConnellcom
AndrewConnell
Changes to CSOM in SharePoint 2013
SharePoint Foundation 2013No significant changes to CSOM beyond REST supportPrimary investment was adding REST to existing API
SharePoint Server 2013New APIs added with CSOM and REST support
wwwAndrewConnellcom
AndrewConnell
CSOM using Managed CodeClientContext cc = new ClientContext(httpclientsidewingtipcom)ccCredentials = CredentialCacheDefaultCredentialsWeb site = ccWebListCollection lists = siteLists load site infoccLoad(site s =gt sTitle)ccExecuteQuery()ConsoleWriteLine(Site Title + siteTitle) create listListCreationInformation newList = new ListCreationInformation()newListTitle = Customers CSOMnewListUrl = ListsCustomers_CSOMnewListQuickLaunchOption = QuickLaunchOptionsOnnewListTemplateType = (int)ListTemplateTypeContactssiteListsAdd(newList) refresh lists collectionccLoad(lists) make round trip to Web server to do all the workccExecuteQuery() foreach (List list in lists) ConsoleWriteLine(listTitle)
wwwAndrewConnellcom
AndrewConnell
CSOM using JavaScriptvar ctxvar webvar lists $(onPageLoad) function onPageLoad() ExecuteOrDelayUntilScriptLoaded(initCSOM spjs) function initCSOM() ctx = SPClientContextget_current() web = ctxget_web() ctxload(web) ctxload(webget_currentUser()) lists = webget_lists() ctxload(lists) ctxexecuteQueryAsync(onDisplaySiteInfo onError) function onDisplaySiteInfo() var siteTitle = webget_title() var siteId = webget_id()toString() var siteUrl = webget_url() var currentUser = webget_currentUser()get_loginName() do something with these values function onError(sender args) alert(JSONstringify(args))
wwwAndrewConnellcom
AndrewConnell
Programming CSOM with C
wwwAndrewConnellcom
AndrewConnell
REST URLs in SharePoint 2013
CSOM URLS can go through _api folderSimplifies URLs that need to be builtRemoves clientsvc file name from URL
You can replace this URLhttpwingtipserver_vti_binclientsvcweb
With this URLhttpwingtipserver_apiweb
wwwAndrewConnellcom
AndrewConnell
Mapping Objects to Resources
Example REST URLs targeting SharePoint sites
http[]_apiweblists
http[]_apiweblistsgetByTitle(lsquoContacts)
http[]_apiwebgetAvailableWebTemplates(lcid=1033)
wwwAndrewConnellcom
AndrewConnell
Testing REST Calls Through the Browser
wwwAndrewConnellcom
AndrewConnell
Executing REST Queries Through The Browser
wwwAndrewConnellcom
AndrewConnell
Returning ATOM XML vs JSON
Control data format response withACCEPT header
ATOM-PUB (XML) Verbose
Easier to read
ACCEPT = applicationatom+xml
JSON Condensed notation
Smaller payload
ACCEPT = applicationjsonodata=verbose
d __metadata idF05C411B-943E-42A0-A5DF-205F5C75E673 urihttpintranetwingtipcom_apiWebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2) etag0 typeSPList Id0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2 TitleDocuments
ltentry xmlbase=httpintranetwingtipcom_api xmlns=httpwwww3org2005Atom xmlnsd=httpschemasmicrosoftcomado200708dataservices xmlnsm=httpschemasmicrosoftcomado200708dataservicesmetadata metag=ampquot0ampquotgt ltidgthttpintranetwingtipcom_apiWebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2)ltidgt ltcategory term=SPList scheme=httpschemasmicrosoftcomado200708dataservicesscheme gt ltlink rel=edit href=WebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2) gt lttitle gt ltupdatedgt2012-10-05T205347Zltupdatedgt ltauthorgt ltname gt ltauthorgt ltcontent type=applicationxmlgt ltmpropertiesgt ltdTitlegtDocumentsltdTitlegt ltmpropertiesgt ltcontentgtltentrygt
wwwAndrewConnellcom
AndrewConnell
REST Query from Managed Code
Tips for making REST calls from managed codeUse HttpWebRequest amp HttpWebResponseQuery XML using XDocumentDescendantsOr use JSON amp JavascriptSeralizer JSONNET
build requestUri uri = new Uri(siteUrl + _apiweblistsgetByTitle(Documents)ampselect=Title)HttpWebRequest request = WebRequestCreate(uri) as HttpWebRequestrequestCredentials = CredentialCacheDefaultCredentialsrequestAccept = applicationatom+xml send requestHttpWebResponse response = requestGetResponse() as HttpWebResponse use LINQ to XML to get dataXDocument doc = XDocumentLoad(responseGetResponseStream())XNamespace nsDataService = httpschemasmicrosoftcomado200708dataservicesstring title = docDescendants(nsDataService + Title)First()Value
wwwAndrewConnellcom
AndrewConnell
REST Query Using JavaScript amp jQuery
$(onPageLoad) function onPageLoad() $(cmdGetSiteInfo)click(onGetSiteInfo) function onGetSiteInfo() var requestUri = _spPageContextInfowebAbsoluteUrl + _apiWeb$select=Title execute AJAX request jqxhr = $getJSON(requestUri null OnDataReturned) jqxhrerror(onError) function OnDataReturned(data) var odataResults = datad var siteTitle= odataResultsTitle $(results)html(Title + siteTitle) function onError(err) $(results)text(ERROR + JSONstringify(err))
d __metadata idF05C411B-943E-42A0-A5DF-205F5C75E673 urihttpintranetwingtipcom_apiWeb typeSPWeb Id0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2 TitleMy Site Title
wwwAndrewConnellcom
AndrewConnell
Updates and the Form Digest
Updates using REST require Form DigestSpecial value created using cryptographyUsed to protect against replay attackSharePoint pages include control that contains the Form
DigestWeb service clients must acquire Form
Digest separatelyForm Digest can be acquired through
httpsite_vti_binsitesasmx
wwwAndrewConnellcom
AndrewConnell
Creating Lists with Managed Code amp REST
Parse together URL to point to lists collectionAdd X-RequestDigest header with form
digest valueSet HTTP method to POSTCreate body content with new list info
wwwAndrewConnellcom
AndrewConnell
Creating Lists with JavaScript and REST
function onCreateList() var newList = __metadata typeSPList BaseTemplate105 TemplateFeatureId4AE88D99-DBBC-4B9E-95CC-CA3C320A2345 TitleNewListName var requestHeaders = ACCEPTapplicationjson X-RequestDigest$(__REQUESTDIGEST)val() $ajax( url _spPageContextInfowebAbsoluteUrl + _apiweblists type POST contentType applicationjson data JSONstringify(newList) headers requestHeaders success onSuccess error onError )
Create appropriate JavaScript object and convert to JSON format for request body
Get form digest value from control on page
Create request headers for HTTP Request
Send request to Web server using jQuery $ajax function
Convert request body data to string-based JSON object
wwwAndrewConnellcom
AndrewConnell
Querying and Updating Content Using REST
wwwAndrewConnellcom
AndrewConnell
Questions Want to Learn More
SharePoint Courses for Everyone SharePoint 2007 2010 amp 2013 Developers Administrators amp End Users
Get Training How You Like it Hands-On (classroom with hands-on
labs) Online (live webcast with take-away labs)
Private Classes Available for Large Groups
SharePoint Courses for Everyone SharePoint 2007 2010 amp 2013 Developers Administrators amp End Users
Individual Small Business amp Enterprise Plans Monthly or Annual Subscriptions Watch Online amp Offline
Subscribers Have Access to Entire Catalog
wwwCriticalPathTrainingcom
Hands-On amp Virtual Training
wwwPluralsightcom
On-Demand Training
meandrewconnellcom
- Building Apps for SharePoint 2013 Inside and Outside of the Fir
- Slide 2
- Agenda
- SharePoint 2013 Deployment Options
- Overview of the SharePoint App Model
- App Installation Scopes
- SharePoint App Architecture
- Creating SharePoint Hosted amp Cloud-Hosted Apps
- App Web
- Inspecting the AppWeb
- App Shapes
- App Shapes ndash What It Really Is
- Inspecting App Shapes
- Authentication in SharePoint 2013
- User vs App Authentication Flow
- SharePoint 2013 Authentication Flow
- Provider-Hosted Apps amp App Identity
- OAuth 20 Primer
- Windows Azure ACS
- What is a Server-to-Server (S2S) Trust
- Developing Apps that use S2S Trusts
- OAuth amp S2S Trusts
- What You Might Not Be Aware Of 1
- Creating Apps with Identities amp Permissions
- What You Might Not Be Aware Of 2
- The Sandbox Isnrsquot Dead
- App Model Parting Thoughts
- CSOM in SharePoint 2010
- Changes in SharePoint 2013
- What is covered in the new CSOM
- SharePoint 2013 Remote API Architecture
- What About ListDatasvc
- Changes to CSOM in SharePoint 2013
- CSOM using Managed Code
- CSOM using JavaScript
- Programming CSOM with C
- REST URLs in SharePoint 2013
- Mapping Objects to Resources
- Testing REST Calls Through the Browser
- Executing REST Queries Through The Browser
- Returning ATOM XML vs JSON
- REST Query from Managed Code
- REST Query Using JavaScript amp jQuery
- Updates and the Form Digest
- Creating Lists with Managed Code amp REST
- Creating Lists with JavaScript and REST
- Querying and Updating Content Using REST
- Questions Want to Learn More
-
wwwAndrewConnellcom
AndrewConnell
Agenda
SharePoint App ModelApp Identity
AuthenticationAuthorizationOAuth
Client-Side Development
wwwAndrewConnellcom
AndrewConnell
SharePoint 2013 Deployment Options
bull Installed 100 on company serversbull Access to 100 of SharePointrsquos
features amp capabilities
On-Premises (aka on-
prem behind firewall)
bull Installed 100 and managed in the cloud
bull Most common context Office 365 SharePoint Online
bull Some features not available in the cloud
Hosted(aka Office
365 SharePoint
Online)
wwwAndrewConnellcom
AndrewConnell
Overview of the SharePoint App Model
SharePoint app model based on these assumptions
Apps supported in Office 365 and in on-premises farms
App code never runs in SharePoint host environment
Apps talk to SharePoint using Web service entry points
App code is authenticated and has established identity
App has permissions independent of user permissions
Apps deployed to catalogs using a publishing scheme
Published apps are easier to find install and upgrade
wwwAndrewConnellcom
AndrewConnell
App Installation Scopes
Site-Scoped Installation App is installed in a specific site App is launched from same site This site is known as host web
Tenancy-Scoped Installation App installed gt app catalog site App available many host webs Host webs access one app instance Centralizes app management
wwwAndrewConnellcom
AndrewConnell
SharePoint App Architecture
SharePoint-Hosted Apps App resources added to SharePoint host Stored in child site known as app web App can have client-side code App cannot have server-side code
Cloud-Hosted Apps App resources deployed on remote server Remote site known as remote web App can have client-side code App can have server-side code
wwwAndrewConnellcom
AndrewConnell
Creating SharePoint Hosted amp
Cloud-Hosted Apps
wwwAndrewConnellcom
AndrewConnell
App Web
App web is created during app installationApp web created as child to site where app is installed
SharePoint-Hosted apps must create app webApp must add start page and related resourcesApp can add other SharePoint elements (eg lists)
Cloud-Hosted apps can create app webMost cloud-hosted apps will not create an app webCloud-hosted app can create app web if needed
wwwAndrewConnellcom
AndrewConnell
Inspecting the AppWeb
wwwAndrewConnellcom
AndrewConnell
App Shapes
What SharePoint Tells youhellipSharePoint-Hosted AppsCloud-Hosted Apps
What Visual Studio Forces You to SelecthellipSharePoint-Hosted AppProvider-Hosted AppAuto-Hosted App
wwwAndrewConnellcom
AndrewConnell
App Shapes ndash What It Really Is
SharePoint-Hosted Apps Everything resides in SharePoint
All Other Types Majority resides external to SharePoint (IIS Azure etc) By default donrsquot trigger creation of AppWebhellip
Unless they include SharePoint artifacts
Auto-Hosted Apps SharePoint handles deployment of external assets
Azure Web SiteSQL Azure Database
wwwAndrewConnellcom
AndrewConnell
Inspecting App Shapes
wwwAndrewConnellcom
AndrewConnell
Authentication in SharePoint 2013
Authentication Flow in SharePoint 2013 User authentication stays the same with standard sites In calls to app web app authentication occurs internally Internal authentication occurs in calls to app web External authentication used for calls from remote web Call context can contain both user and app identity
Requirements for establishing app identity Host web application must be a claims-based Incoming calls must target CSOMREST endpoints
Supported CSOMREST endpoints not extensible
wwwAndrewConnellcom
AndrewConnell
User vs App Authentication Flow
call from user SAMLtoken
call from appOAuthtoken
SharePoint Farm
Web Servers
wwwAndrewConnellcom
AndrewConnell
SharePoint 2013 Authentication Flow
startauthentication
SAML Token
OAuth token
request toapp web
CSOMRESTendpoint
user infoin token
endauthentication
set up call context with user identity
set up call context with user identity and app identity
set up call context with app identity
set up call context with no identity
(anonymous access)
YES NO
YESNO
NO
YES YES YES
NO
NO
wwwAndrewConnellcom
AndrewConnell
Provider-Hosted Apps amp App Identity
OAuth (via Azure ACS)
High-Trust (via S2S Trust amp
certificates)
bull Apps can obtain an identity using one of two methods
wwwAndrewConnellcom
AndrewConnell
OAuth 20 Primer
What is OAuthInternet protocol for creating and managing app identityA cross-platform mechanism for authenticating appsInternet standard used by Facebook Google
and Twitter
SharePoint 2013 use OAuth to establish app identitySharePoint integration with OAuth based on Azure ACSOAuth authentication used in Office 365 but not on-premises farms
wwwAndrewConnellcom
AndrewConnell
Windows Azure ACS
Windows Azure Access Control Service (ACS)Required to use OAuth with SharePoint 2013ACS server acts as authentication serverACS server must be trusted by content serverACS server must be trusted by client app
How is ACS configured as authentication serverIts configured automatically in Office 365 tenanciesNot supported in on-prem farms in SharePoint 2013
wwwAndrewConnellcom
AndrewConnell
What is a Server-to-Server (S2S) Trust
Trusted connection between client app and SharePoint Eliminates need for ACS when running apps in on-premises farm
Trust between servers configured using SSL certificates
App code requires access to private key of SSL certificate
Requires creating Security Token Service on SharePoint server(s)
wwwAndrewConnellcom
AndrewConnell
Developing Apps that use S2S Trusts
What are the developer responsibilities with an S2S app Expose an endpoint to SharePoint to
discover service metadata Authenticate the user (can use Windows Auth FBA etc) Create security tokens to send to SharePoint server
Details of creating the S2S security token S2S token like OAuth token but differs from
OAuth specification Security token must contain app identity Security token can optionally include user identity Security token must be signed using certificatersquos private key
wwwAndrewConnellcom
AndrewConnell
OAuth amp S2S Trusts
OAuth Enabled Apps Before deployment marketplace app must be registered with Azure ACS Apps obtain their identity token from Azure ACS When calling SharePoint app includes OAuth token SharePoint trusts Azure ACS
On-Prem deployments will typically use S2S Before deployment app must be
registered with SharePoint Developer registers a certificate with SharePoint amp associates app with
certificate App creates token using private key of certificate SharePoint trusts this token because it was signed with the private key
wwwAndrewConnellcom
AndrewConnell
What You Might Not Be Aware Of 1
OAuth is only supported in Office 365No support in On-Prem deployments at RTMWhy
Possible update to this story after RTMExtra stepsHotfixCumulative UpdateService PackNext Version
wwwAndrewConnellcom
AndrewConnell
Creating Apps with Identities amp Permissions
wwwAndrewConnellcom
AndrewConnell
What You Might Not Be Aware Of 2
Office 365 Azure
bull ldquoPrivate Cloudrdquobull Azure Web Sitesbull SQL Azure DBsbull Access Control Service
Windows Azure
bull wwwazurecombull Cloud servicesbull Web Sitesbull Virtual Machinesbull Storage (blob queue table)bull Service Busbull SQL Azurebull Access Control Servicebull hellip
Office 365 Azure = Windows Azure
wwwAndrewConnellcom
AndrewConnell
The Sandbox Isnrsquot Dead
Where you build sandbox solutions try to replace them with SharePoint Apps
There are many scenarios where Apps canrsquot replace sandbox solutions
Some things are ONLY possible with sandboxed solutions in a hosted deployment
Remember they are deprecated not dead
wwwAndrewConnellcom
AndrewConnell
App Model Parting Thoughts
SharePoint ALM has always been hard NET ALM gt SharePoint ALM
More tools more mature more documentation amp support No longer limited to what SharePoint supports
Latest version of the NET Framework New ldquotoysrdquo (MVC Entity Framework etc) Not limited to any technology stack infrastructure
Working with service layer vs server side API More community tools amp libraries to choose from Can follow more ldquostandardsrdquo
Donrsquot have to scale SharePoint can now just scale the app
wwwAndrewConnellcom
AndrewConnell
CSOM in SharePoint 2010
CSOM made accessible through clientsvcDirect access to clientsvc not supportedCalls to clientsvc must go through
supported entry pointsSupported entry points
NETSilverlight JavaScript
wwwAndrewConnellcom
AndrewConnell
Changes in SharePoint 2013
clientsvc extended with REST capabilitiesclientsvc now supports direct access from
REST clientsclientsvc accepts HTTP GET PUT POST requestsImplemented in accordance with OData protocol
CSOM extended with new APIsNew APIs for SharePoint Server functionalityNew API for Windows Phone Applications
wwwAndrewConnellcom
AndrewConnell
What is covered in the new CSOM
New APIs with SharePoint Server functionality User Profiles
Search
Taxonomy
Feeds
Publishing
Sharing
Workflow
E-Discovery
IRM
Analytics
Business Data
wwwAndrewConnellcom
AndrewConnell
SharePoint 2013 Remote API Architecture
JavaScript Library
Silverlight Library
Net CLR Library
Custom Client Code
Client
Server
_api is new alias for _vti_binclientsvc
OData
Execute Query
wwwAndrewConnellcom
AndrewConnell
What About ListDatasvc
ListDatasvc added REST support for reading amp writing to SharePoint lists in SharePoint 2010
Still present in SharePoint 2013 but primarily only for backwards capability Existing code wonrsquot break
New development recommendation use new SharePoint 2013 RESTOData API
wwwAndrewConnellcom
AndrewConnell
Changes to CSOM in SharePoint 2013
SharePoint Foundation 2013No significant changes to CSOM beyond REST supportPrimary investment was adding REST to existing API
SharePoint Server 2013New APIs added with CSOM and REST support
wwwAndrewConnellcom
AndrewConnell
CSOM using Managed CodeClientContext cc = new ClientContext(httpclientsidewingtipcom)ccCredentials = CredentialCacheDefaultCredentialsWeb site = ccWebListCollection lists = siteLists load site infoccLoad(site s =gt sTitle)ccExecuteQuery()ConsoleWriteLine(Site Title + siteTitle) create listListCreationInformation newList = new ListCreationInformation()newListTitle = Customers CSOMnewListUrl = ListsCustomers_CSOMnewListQuickLaunchOption = QuickLaunchOptionsOnnewListTemplateType = (int)ListTemplateTypeContactssiteListsAdd(newList) refresh lists collectionccLoad(lists) make round trip to Web server to do all the workccExecuteQuery() foreach (List list in lists) ConsoleWriteLine(listTitle)
wwwAndrewConnellcom
AndrewConnell
CSOM using JavaScriptvar ctxvar webvar lists $(onPageLoad) function onPageLoad() ExecuteOrDelayUntilScriptLoaded(initCSOM spjs) function initCSOM() ctx = SPClientContextget_current() web = ctxget_web() ctxload(web) ctxload(webget_currentUser()) lists = webget_lists() ctxload(lists) ctxexecuteQueryAsync(onDisplaySiteInfo onError) function onDisplaySiteInfo() var siteTitle = webget_title() var siteId = webget_id()toString() var siteUrl = webget_url() var currentUser = webget_currentUser()get_loginName() do something with these values function onError(sender args) alert(JSONstringify(args))
wwwAndrewConnellcom
AndrewConnell
Programming CSOM with C
wwwAndrewConnellcom
AndrewConnell
REST URLs in SharePoint 2013
CSOM URLS can go through _api folderSimplifies URLs that need to be builtRemoves clientsvc file name from URL
You can replace this URLhttpwingtipserver_vti_binclientsvcweb
With this URLhttpwingtipserver_apiweb
wwwAndrewConnellcom
AndrewConnell
Mapping Objects to Resources
Example REST URLs targeting SharePoint sites
http[]_apiweblists
http[]_apiweblistsgetByTitle(lsquoContacts)
http[]_apiwebgetAvailableWebTemplates(lcid=1033)
wwwAndrewConnellcom
AndrewConnell
Testing REST Calls Through the Browser
wwwAndrewConnellcom
AndrewConnell
Executing REST Queries Through The Browser
wwwAndrewConnellcom
AndrewConnell
Returning ATOM XML vs JSON
Control data format response withACCEPT header
ATOM-PUB (XML) Verbose
Easier to read
ACCEPT = applicationatom+xml
JSON Condensed notation
Smaller payload
ACCEPT = applicationjsonodata=verbose
d __metadata idF05C411B-943E-42A0-A5DF-205F5C75E673 urihttpintranetwingtipcom_apiWebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2) etag0 typeSPList Id0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2 TitleDocuments
ltentry xmlbase=httpintranetwingtipcom_api xmlns=httpwwww3org2005Atom xmlnsd=httpschemasmicrosoftcomado200708dataservices xmlnsm=httpschemasmicrosoftcomado200708dataservicesmetadata metag=ampquot0ampquotgt ltidgthttpintranetwingtipcom_apiWebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2)ltidgt ltcategory term=SPList scheme=httpschemasmicrosoftcomado200708dataservicesscheme gt ltlink rel=edit href=WebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2) gt lttitle gt ltupdatedgt2012-10-05T205347Zltupdatedgt ltauthorgt ltname gt ltauthorgt ltcontent type=applicationxmlgt ltmpropertiesgt ltdTitlegtDocumentsltdTitlegt ltmpropertiesgt ltcontentgtltentrygt
wwwAndrewConnellcom
AndrewConnell
REST Query from Managed Code
Tips for making REST calls from managed codeUse HttpWebRequest amp HttpWebResponseQuery XML using XDocumentDescendantsOr use JSON amp JavascriptSeralizer JSONNET
build requestUri uri = new Uri(siteUrl + _apiweblistsgetByTitle(Documents)ampselect=Title)HttpWebRequest request = WebRequestCreate(uri) as HttpWebRequestrequestCredentials = CredentialCacheDefaultCredentialsrequestAccept = applicationatom+xml send requestHttpWebResponse response = requestGetResponse() as HttpWebResponse use LINQ to XML to get dataXDocument doc = XDocumentLoad(responseGetResponseStream())XNamespace nsDataService = httpschemasmicrosoftcomado200708dataservicesstring title = docDescendants(nsDataService + Title)First()Value
wwwAndrewConnellcom
AndrewConnell
REST Query Using JavaScript amp jQuery
$(onPageLoad) function onPageLoad() $(cmdGetSiteInfo)click(onGetSiteInfo) function onGetSiteInfo() var requestUri = _spPageContextInfowebAbsoluteUrl + _apiWeb$select=Title execute AJAX request jqxhr = $getJSON(requestUri null OnDataReturned) jqxhrerror(onError) function OnDataReturned(data) var odataResults = datad var siteTitle= odataResultsTitle $(results)html(Title + siteTitle) function onError(err) $(results)text(ERROR + JSONstringify(err))
d __metadata idF05C411B-943E-42A0-A5DF-205F5C75E673 urihttpintranetwingtipcom_apiWeb typeSPWeb Id0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2 TitleMy Site Title
wwwAndrewConnellcom
AndrewConnell
Updates and the Form Digest
Updates using REST require Form DigestSpecial value created using cryptographyUsed to protect against replay attackSharePoint pages include control that contains the Form
DigestWeb service clients must acquire Form
Digest separatelyForm Digest can be acquired through
httpsite_vti_binsitesasmx
wwwAndrewConnellcom
AndrewConnell
Creating Lists with Managed Code amp REST
Parse together URL to point to lists collectionAdd X-RequestDigest header with form
digest valueSet HTTP method to POSTCreate body content with new list info
wwwAndrewConnellcom
AndrewConnell
Creating Lists with JavaScript and REST
function onCreateList() var newList = __metadata typeSPList BaseTemplate105 TemplateFeatureId4AE88D99-DBBC-4B9E-95CC-CA3C320A2345 TitleNewListName var requestHeaders = ACCEPTapplicationjson X-RequestDigest$(__REQUESTDIGEST)val() $ajax( url _spPageContextInfowebAbsoluteUrl + _apiweblists type POST contentType applicationjson data JSONstringify(newList) headers requestHeaders success onSuccess error onError )
Create appropriate JavaScript object and convert to JSON format for request body
Get form digest value from control on page
Create request headers for HTTP Request
Send request to Web server using jQuery $ajax function
Convert request body data to string-based JSON object
wwwAndrewConnellcom
AndrewConnell
Querying and Updating Content Using REST
wwwAndrewConnellcom
AndrewConnell
Questions Want to Learn More
SharePoint Courses for Everyone SharePoint 2007 2010 amp 2013 Developers Administrators amp End Users
Get Training How You Like it Hands-On (classroom with hands-on
labs) Online (live webcast with take-away labs)
Private Classes Available for Large Groups
SharePoint Courses for Everyone SharePoint 2007 2010 amp 2013 Developers Administrators amp End Users
Individual Small Business amp Enterprise Plans Monthly or Annual Subscriptions Watch Online amp Offline
Subscribers Have Access to Entire Catalog
wwwCriticalPathTrainingcom
Hands-On amp Virtual Training
wwwPluralsightcom
On-Demand Training
meandrewconnellcom
- Building Apps for SharePoint 2013 Inside and Outside of the Fir
- Slide 2
- Agenda
- SharePoint 2013 Deployment Options
- Overview of the SharePoint App Model
- App Installation Scopes
- SharePoint App Architecture
- Creating SharePoint Hosted amp Cloud-Hosted Apps
- App Web
- Inspecting the AppWeb
- App Shapes
- App Shapes ndash What It Really Is
- Inspecting App Shapes
- Authentication in SharePoint 2013
- User vs App Authentication Flow
- SharePoint 2013 Authentication Flow
- Provider-Hosted Apps amp App Identity
- OAuth 20 Primer
- Windows Azure ACS
- What is a Server-to-Server (S2S) Trust
- Developing Apps that use S2S Trusts
- OAuth amp S2S Trusts
- What You Might Not Be Aware Of 1
- Creating Apps with Identities amp Permissions
- What You Might Not Be Aware Of 2
- The Sandbox Isnrsquot Dead
- App Model Parting Thoughts
- CSOM in SharePoint 2010
- Changes in SharePoint 2013
- What is covered in the new CSOM
- SharePoint 2013 Remote API Architecture
- What About ListDatasvc
- Changes to CSOM in SharePoint 2013
- CSOM using Managed Code
- CSOM using JavaScript
- Programming CSOM with C
- REST URLs in SharePoint 2013
- Mapping Objects to Resources
- Testing REST Calls Through the Browser
- Executing REST Queries Through The Browser
- Returning ATOM XML vs JSON
- REST Query from Managed Code
- REST Query Using JavaScript amp jQuery
- Updates and the Form Digest
- Creating Lists with Managed Code amp REST
- Creating Lists with JavaScript and REST
- Querying and Updating Content Using REST
- Questions Want to Learn More
-
wwwAndrewConnellcom
AndrewConnell
SharePoint 2013 Deployment Options
bull Installed 100 on company serversbull Access to 100 of SharePointrsquos
features amp capabilities
On-Premises (aka on-
prem behind firewall)
bull Installed 100 and managed in the cloud
bull Most common context Office 365 SharePoint Online
bull Some features not available in the cloud
Hosted(aka Office
365 SharePoint
Online)
wwwAndrewConnellcom
AndrewConnell
Overview of the SharePoint App Model
SharePoint app model based on these assumptions
Apps supported in Office 365 and in on-premises farms
App code never runs in SharePoint host environment
Apps talk to SharePoint using Web service entry points
App code is authenticated and has established identity
App has permissions independent of user permissions
Apps deployed to catalogs using a publishing scheme
Published apps are easier to find install and upgrade
wwwAndrewConnellcom
AndrewConnell
App Installation Scopes
Site-Scoped Installation App is installed in a specific site App is launched from same site This site is known as host web
Tenancy-Scoped Installation App installed gt app catalog site App available many host webs Host webs access one app instance Centralizes app management
wwwAndrewConnellcom
AndrewConnell
SharePoint App Architecture
SharePoint-Hosted Apps App resources added to SharePoint host Stored in child site known as app web App can have client-side code App cannot have server-side code
Cloud-Hosted Apps App resources deployed on remote server Remote site known as remote web App can have client-side code App can have server-side code
wwwAndrewConnellcom
AndrewConnell
Creating SharePoint Hosted amp
Cloud-Hosted Apps
wwwAndrewConnellcom
AndrewConnell
App Web
App web is created during app installationApp web created as child to site where app is installed
SharePoint-Hosted apps must create app webApp must add start page and related resourcesApp can add other SharePoint elements (eg lists)
Cloud-Hosted apps can create app webMost cloud-hosted apps will not create an app webCloud-hosted app can create app web if needed
wwwAndrewConnellcom
AndrewConnell
Inspecting the AppWeb
wwwAndrewConnellcom
AndrewConnell
App Shapes
What SharePoint Tells youhellipSharePoint-Hosted AppsCloud-Hosted Apps
What Visual Studio Forces You to SelecthellipSharePoint-Hosted AppProvider-Hosted AppAuto-Hosted App
wwwAndrewConnellcom
AndrewConnell
App Shapes ndash What It Really Is
SharePoint-Hosted Apps Everything resides in SharePoint
All Other Types Majority resides external to SharePoint (IIS Azure etc) By default donrsquot trigger creation of AppWebhellip
Unless they include SharePoint artifacts
Auto-Hosted Apps SharePoint handles deployment of external assets
Azure Web SiteSQL Azure Database
wwwAndrewConnellcom
AndrewConnell
Inspecting App Shapes
wwwAndrewConnellcom
AndrewConnell
Authentication in SharePoint 2013
Authentication Flow in SharePoint 2013 User authentication stays the same with standard sites In calls to app web app authentication occurs internally Internal authentication occurs in calls to app web External authentication used for calls from remote web Call context can contain both user and app identity
Requirements for establishing app identity Host web application must be a claims-based Incoming calls must target CSOMREST endpoints
Supported CSOMREST endpoints not extensible
wwwAndrewConnellcom
AndrewConnell
User vs App Authentication Flow
call from user SAMLtoken
call from appOAuthtoken
SharePoint Farm
Web Servers
wwwAndrewConnellcom
AndrewConnell
SharePoint 2013 Authentication Flow
startauthentication
SAML Token
OAuth token
request toapp web
CSOMRESTendpoint
user infoin token
endauthentication
set up call context with user identity
set up call context with user identity and app identity
set up call context with app identity
set up call context with no identity
(anonymous access)
YES NO
YESNO
NO
YES YES YES
NO
NO
wwwAndrewConnellcom
AndrewConnell
Provider-Hosted Apps amp App Identity
OAuth (via Azure ACS)
High-Trust (via S2S Trust amp
certificates)
bull Apps can obtain an identity using one of two methods
wwwAndrewConnellcom
AndrewConnell
OAuth 20 Primer
What is OAuthInternet protocol for creating and managing app identityA cross-platform mechanism for authenticating appsInternet standard used by Facebook Google
and Twitter
SharePoint 2013 use OAuth to establish app identitySharePoint integration with OAuth based on Azure ACSOAuth authentication used in Office 365 but not on-premises farms
wwwAndrewConnellcom
AndrewConnell
Windows Azure ACS
Windows Azure Access Control Service (ACS)Required to use OAuth with SharePoint 2013ACS server acts as authentication serverACS server must be trusted by content serverACS server must be trusted by client app
How is ACS configured as authentication serverIts configured automatically in Office 365 tenanciesNot supported in on-prem farms in SharePoint 2013
wwwAndrewConnellcom
AndrewConnell
What is a Server-to-Server (S2S) Trust
Trusted connection between client app and SharePoint Eliminates need for ACS when running apps in on-premises farm
Trust between servers configured using SSL certificates
App code requires access to private key of SSL certificate
Requires creating Security Token Service on SharePoint server(s)
wwwAndrewConnellcom
AndrewConnell
Developing Apps that use S2S Trusts
What are the developer responsibilities with an S2S app Expose an endpoint to SharePoint to
discover service metadata Authenticate the user (can use Windows Auth FBA etc) Create security tokens to send to SharePoint server
Details of creating the S2S security token S2S token like OAuth token but differs from
OAuth specification Security token must contain app identity Security token can optionally include user identity Security token must be signed using certificatersquos private key
wwwAndrewConnellcom
AndrewConnell
OAuth amp S2S Trusts
OAuth Enabled Apps Before deployment marketplace app must be registered with Azure ACS Apps obtain their identity token from Azure ACS When calling SharePoint app includes OAuth token SharePoint trusts Azure ACS
On-Prem deployments will typically use S2S Before deployment app must be
registered with SharePoint Developer registers a certificate with SharePoint amp associates app with
certificate App creates token using private key of certificate SharePoint trusts this token because it was signed with the private key
wwwAndrewConnellcom
AndrewConnell
What You Might Not Be Aware Of 1
OAuth is only supported in Office 365No support in On-Prem deployments at RTMWhy
Possible update to this story after RTMExtra stepsHotfixCumulative UpdateService PackNext Version
wwwAndrewConnellcom
AndrewConnell
Creating Apps with Identities amp Permissions
wwwAndrewConnellcom
AndrewConnell
What You Might Not Be Aware Of 2
Office 365 Azure
bull ldquoPrivate Cloudrdquobull Azure Web Sitesbull SQL Azure DBsbull Access Control Service
Windows Azure
bull wwwazurecombull Cloud servicesbull Web Sitesbull Virtual Machinesbull Storage (blob queue table)bull Service Busbull SQL Azurebull Access Control Servicebull hellip
Office 365 Azure = Windows Azure
wwwAndrewConnellcom
AndrewConnell
The Sandbox Isnrsquot Dead
Where you build sandbox solutions try to replace them with SharePoint Apps
There are many scenarios where Apps canrsquot replace sandbox solutions
Some things are ONLY possible with sandboxed solutions in a hosted deployment
Remember they are deprecated not dead
wwwAndrewConnellcom
AndrewConnell
App Model Parting Thoughts
SharePoint ALM has always been hard NET ALM gt SharePoint ALM
More tools more mature more documentation amp support No longer limited to what SharePoint supports
Latest version of the NET Framework New ldquotoysrdquo (MVC Entity Framework etc) Not limited to any technology stack infrastructure
Working with service layer vs server side API More community tools amp libraries to choose from Can follow more ldquostandardsrdquo
Donrsquot have to scale SharePoint can now just scale the app
wwwAndrewConnellcom
AndrewConnell
CSOM in SharePoint 2010
CSOM made accessible through clientsvcDirect access to clientsvc not supportedCalls to clientsvc must go through
supported entry pointsSupported entry points
NETSilverlight JavaScript
wwwAndrewConnellcom
AndrewConnell
Changes in SharePoint 2013
clientsvc extended with REST capabilitiesclientsvc now supports direct access from
REST clientsclientsvc accepts HTTP GET PUT POST requestsImplemented in accordance with OData protocol
CSOM extended with new APIsNew APIs for SharePoint Server functionalityNew API for Windows Phone Applications
wwwAndrewConnellcom
AndrewConnell
What is covered in the new CSOM
New APIs with SharePoint Server functionality User Profiles
Search
Taxonomy
Feeds
Publishing
Sharing
Workflow
E-Discovery
IRM
Analytics
Business Data
wwwAndrewConnellcom
AndrewConnell
SharePoint 2013 Remote API Architecture
JavaScript Library
Silverlight Library
Net CLR Library
Custom Client Code
Client
Server
_api is new alias for _vti_binclientsvc
OData
Execute Query
wwwAndrewConnellcom
AndrewConnell
What About ListDatasvc
ListDatasvc added REST support for reading amp writing to SharePoint lists in SharePoint 2010
Still present in SharePoint 2013 but primarily only for backwards capability Existing code wonrsquot break
New development recommendation use new SharePoint 2013 RESTOData API
wwwAndrewConnellcom
AndrewConnell
Changes to CSOM in SharePoint 2013
SharePoint Foundation 2013No significant changes to CSOM beyond REST supportPrimary investment was adding REST to existing API
SharePoint Server 2013New APIs added with CSOM and REST support
wwwAndrewConnellcom
AndrewConnell
CSOM using Managed CodeClientContext cc = new ClientContext(httpclientsidewingtipcom)ccCredentials = CredentialCacheDefaultCredentialsWeb site = ccWebListCollection lists = siteLists load site infoccLoad(site s =gt sTitle)ccExecuteQuery()ConsoleWriteLine(Site Title + siteTitle) create listListCreationInformation newList = new ListCreationInformation()newListTitle = Customers CSOMnewListUrl = ListsCustomers_CSOMnewListQuickLaunchOption = QuickLaunchOptionsOnnewListTemplateType = (int)ListTemplateTypeContactssiteListsAdd(newList) refresh lists collectionccLoad(lists) make round trip to Web server to do all the workccExecuteQuery() foreach (List list in lists) ConsoleWriteLine(listTitle)
wwwAndrewConnellcom
AndrewConnell
CSOM using JavaScriptvar ctxvar webvar lists $(onPageLoad) function onPageLoad() ExecuteOrDelayUntilScriptLoaded(initCSOM spjs) function initCSOM() ctx = SPClientContextget_current() web = ctxget_web() ctxload(web) ctxload(webget_currentUser()) lists = webget_lists() ctxload(lists) ctxexecuteQueryAsync(onDisplaySiteInfo onError) function onDisplaySiteInfo() var siteTitle = webget_title() var siteId = webget_id()toString() var siteUrl = webget_url() var currentUser = webget_currentUser()get_loginName() do something with these values function onError(sender args) alert(JSONstringify(args))
wwwAndrewConnellcom
AndrewConnell
Programming CSOM with C
wwwAndrewConnellcom
AndrewConnell
REST URLs in SharePoint 2013
CSOM URLS can go through _api folderSimplifies URLs that need to be builtRemoves clientsvc file name from URL
You can replace this URLhttpwingtipserver_vti_binclientsvcweb
With this URLhttpwingtipserver_apiweb
wwwAndrewConnellcom
AndrewConnell
Mapping Objects to Resources
Example REST URLs targeting SharePoint sites
http[]_apiweblists
http[]_apiweblistsgetByTitle(lsquoContacts)
http[]_apiwebgetAvailableWebTemplates(lcid=1033)
wwwAndrewConnellcom
AndrewConnell
Testing REST Calls Through the Browser
wwwAndrewConnellcom
AndrewConnell
Executing REST Queries Through The Browser
wwwAndrewConnellcom
AndrewConnell
Returning ATOM XML vs JSON
Control data format response withACCEPT header
ATOM-PUB (XML) Verbose
Easier to read
ACCEPT = applicationatom+xml
JSON Condensed notation
Smaller payload
ACCEPT = applicationjsonodata=verbose
d __metadata idF05C411B-943E-42A0-A5DF-205F5C75E673 urihttpintranetwingtipcom_apiWebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2) etag0 typeSPList Id0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2 TitleDocuments
ltentry xmlbase=httpintranetwingtipcom_api xmlns=httpwwww3org2005Atom xmlnsd=httpschemasmicrosoftcomado200708dataservices xmlnsm=httpschemasmicrosoftcomado200708dataservicesmetadata metag=ampquot0ampquotgt ltidgthttpintranetwingtipcom_apiWebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2)ltidgt ltcategory term=SPList scheme=httpschemasmicrosoftcomado200708dataservicesscheme gt ltlink rel=edit href=WebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2) gt lttitle gt ltupdatedgt2012-10-05T205347Zltupdatedgt ltauthorgt ltname gt ltauthorgt ltcontent type=applicationxmlgt ltmpropertiesgt ltdTitlegtDocumentsltdTitlegt ltmpropertiesgt ltcontentgtltentrygt
wwwAndrewConnellcom
AndrewConnell
REST Query from Managed Code
Tips for making REST calls from managed codeUse HttpWebRequest amp HttpWebResponseQuery XML using XDocumentDescendantsOr use JSON amp JavascriptSeralizer JSONNET
build requestUri uri = new Uri(siteUrl + _apiweblistsgetByTitle(Documents)ampselect=Title)HttpWebRequest request = WebRequestCreate(uri) as HttpWebRequestrequestCredentials = CredentialCacheDefaultCredentialsrequestAccept = applicationatom+xml send requestHttpWebResponse response = requestGetResponse() as HttpWebResponse use LINQ to XML to get dataXDocument doc = XDocumentLoad(responseGetResponseStream())XNamespace nsDataService = httpschemasmicrosoftcomado200708dataservicesstring title = docDescendants(nsDataService + Title)First()Value
wwwAndrewConnellcom
AndrewConnell
REST Query Using JavaScript amp jQuery
$(onPageLoad) function onPageLoad() $(cmdGetSiteInfo)click(onGetSiteInfo) function onGetSiteInfo() var requestUri = _spPageContextInfowebAbsoluteUrl + _apiWeb$select=Title execute AJAX request jqxhr = $getJSON(requestUri null OnDataReturned) jqxhrerror(onError) function OnDataReturned(data) var odataResults = datad var siteTitle= odataResultsTitle $(results)html(Title + siteTitle) function onError(err) $(results)text(ERROR + JSONstringify(err))
d __metadata idF05C411B-943E-42A0-A5DF-205F5C75E673 urihttpintranetwingtipcom_apiWeb typeSPWeb Id0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2 TitleMy Site Title
wwwAndrewConnellcom
AndrewConnell
Updates and the Form Digest
Updates using REST require Form DigestSpecial value created using cryptographyUsed to protect against replay attackSharePoint pages include control that contains the Form
DigestWeb service clients must acquire Form
Digest separatelyForm Digest can be acquired through
httpsite_vti_binsitesasmx
wwwAndrewConnellcom
AndrewConnell
Creating Lists with Managed Code amp REST
Parse together URL to point to lists collectionAdd X-RequestDigest header with form
digest valueSet HTTP method to POSTCreate body content with new list info
wwwAndrewConnellcom
AndrewConnell
Creating Lists with JavaScript and REST
function onCreateList() var newList = __metadata typeSPList BaseTemplate105 TemplateFeatureId4AE88D99-DBBC-4B9E-95CC-CA3C320A2345 TitleNewListName var requestHeaders = ACCEPTapplicationjson X-RequestDigest$(__REQUESTDIGEST)val() $ajax( url _spPageContextInfowebAbsoluteUrl + _apiweblists type POST contentType applicationjson data JSONstringify(newList) headers requestHeaders success onSuccess error onError )
Create appropriate JavaScript object and convert to JSON format for request body
Get form digest value from control on page
Create request headers for HTTP Request
Send request to Web server using jQuery $ajax function
Convert request body data to string-based JSON object
wwwAndrewConnellcom
AndrewConnell
Querying and Updating Content Using REST
wwwAndrewConnellcom
AndrewConnell
Questions Want to Learn More
SharePoint Courses for Everyone SharePoint 2007 2010 amp 2013 Developers Administrators amp End Users
Get Training How You Like it Hands-On (classroom with hands-on
labs) Online (live webcast with take-away labs)
Private Classes Available for Large Groups
SharePoint Courses for Everyone SharePoint 2007 2010 amp 2013 Developers Administrators amp End Users
Individual Small Business amp Enterprise Plans Monthly or Annual Subscriptions Watch Online amp Offline
Subscribers Have Access to Entire Catalog
wwwCriticalPathTrainingcom
Hands-On amp Virtual Training
wwwPluralsightcom
On-Demand Training
meandrewconnellcom
- Building Apps for SharePoint 2013 Inside and Outside of the Fir
- Slide 2
- Agenda
- SharePoint 2013 Deployment Options
- Overview of the SharePoint App Model
- App Installation Scopes
- SharePoint App Architecture
- Creating SharePoint Hosted amp Cloud-Hosted Apps
- App Web
- Inspecting the AppWeb
- App Shapes
- App Shapes ndash What It Really Is
- Inspecting App Shapes
- Authentication in SharePoint 2013
- User vs App Authentication Flow
- SharePoint 2013 Authentication Flow
- Provider-Hosted Apps amp App Identity
- OAuth 20 Primer
- Windows Azure ACS
- What is a Server-to-Server (S2S) Trust
- Developing Apps that use S2S Trusts
- OAuth amp S2S Trusts
- What You Might Not Be Aware Of 1
- Creating Apps with Identities amp Permissions
- What You Might Not Be Aware Of 2
- The Sandbox Isnrsquot Dead
- App Model Parting Thoughts
- CSOM in SharePoint 2010
- Changes in SharePoint 2013
- What is covered in the new CSOM
- SharePoint 2013 Remote API Architecture
- What About ListDatasvc
- Changes to CSOM in SharePoint 2013
- CSOM using Managed Code
- CSOM using JavaScript
- Programming CSOM with C
- REST URLs in SharePoint 2013
- Mapping Objects to Resources
- Testing REST Calls Through the Browser
- Executing REST Queries Through The Browser
- Returning ATOM XML vs JSON
- REST Query from Managed Code
- REST Query Using JavaScript amp jQuery
- Updates and the Form Digest
- Creating Lists with Managed Code amp REST
- Creating Lists with JavaScript and REST
- Querying and Updating Content Using REST
- Questions Want to Learn More
-
wwwAndrewConnellcom
AndrewConnell
Overview of the SharePoint App Model
SharePoint app model based on these assumptions
Apps supported in Office 365 and in on-premises farms
App code never runs in SharePoint host environment
Apps talk to SharePoint using Web service entry points
App code is authenticated and has established identity
App has permissions independent of user permissions
Apps deployed to catalogs using a publishing scheme
Published apps are easier to find install and upgrade
wwwAndrewConnellcom
AndrewConnell
App Installation Scopes
Site-Scoped Installation App is installed in a specific site App is launched from same site This site is known as host web
Tenancy-Scoped Installation App installed gt app catalog site App available many host webs Host webs access one app instance Centralizes app management
wwwAndrewConnellcom
AndrewConnell
SharePoint App Architecture
SharePoint-Hosted Apps App resources added to SharePoint host Stored in child site known as app web App can have client-side code App cannot have server-side code
Cloud-Hosted Apps App resources deployed on remote server Remote site known as remote web App can have client-side code App can have server-side code
wwwAndrewConnellcom
AndrewConnell
Creating SharePoint Hosted amp
Cloud-Hosted Apps
wwwAndrewConnellcom
AndrewConnell
App Web
App web is created during app installationApp web created as child to site where app is installed
SharePoint-Hosted apps must create app webApp must add start page and related resourcesApp can add other SharePoint elements (eg lists)
Cloud-Hosted apps can create app webMost cloud-hosted apps will not create an app webCloud-hosted app can create app web if needed
wwwAndrewConnellcom
AndrewConnell
Inspecting the AppWeb
wwwAndrewConnellcom
AndrewConnell
App Shapes
What SharePoint Tells youhellipSharePoint-Hosted AppsCloud-Hosted Apps
What Visual Studio Forces You to SelecthellipSharePoint-Hosted AppProvider-Hosted AppAuto-Hosted App
wwwAndrewConnellcom
AndrewConnell
App Shapes ndash What It Really Is
SharePoint-Hosted Apps Everything resides in SharePoint
All Other Types Majority resides external to SharePoint (IIS Azure etc) By default donrsquot trigger creation of AppWebhellip
Unless they include SharePoint artifacts
Auto-Hosted Apps SharePoint handles deployment of external assets
Azure Web SiteSQL Azure Database
wwwAndrewConnellcom
AndrewConnell
Inspecting App Shapes
wwwAndrewConnellcom
AndrewConnell
Authentication in SharePoint 2013
Authentication Flow in SharePoint 2013 User authentication stays the same with standard sites In calls to app web app authentication occurs internally Internal authentication occurs in calls to app web External authentication used for calls from remote web Call context can contain both user and app identity
Requirements for establishing app identity Host web application must be a claims-based Incoming calls must target CSOMREST endpoints
Supported CSOMREST endpoints not extensible
wwwAndrewConnellcom
AndrewConnell
User vs App Authentication Flow
call from user SAMLtoken
call from appOAuthtoken
SharePoint Farm
Web Servers
wwwAndrewConnellcom
AndrewConnell
SharePoint 2013 Authentication Flow
startauthentication
SAML Token
OAuth token
request toapp web
CSOMRESTendpoint
user infoin token
endauthentication
set up call context with user identity
set up call context with user identity and app identity
set up call context with app identity
set up call context with no identity
(anonymous access)
YES NO
YESNO
NO
YES YES YES
NO
NO
wwwAndrewConnellcom
AndrewConnell
Provider-Hosted Apps amp App Identity
OAuth (via Azure ACS)
High-Trust (via S2S Trust amp
certificates)
bull Apps can obtain an identity using one of two methods
wwwAndrewConnellcom
AndrewConnell
OAuth 20 Primer
What is OAuthInternet protocol for creating and managing app identityA cross-platform mechanism for authenticating appsInternet standard used by Facebook Google
and Twitter
SharePoint 2013 use OAuth to establish app identitySharePoint integration with OAuth based on Azure ACSOAuth authentication used in Office 365 but not on-premises farms
wwwAndrewConnellcom
AndrewConnell
Windows Azure ACS
Windows Azure Access Control Service (ACS)Required to use OAuth with SharePoint 2013ACS server acts as authentication serverACS server must be trusted by content serverACS server must be trusted by client app
How is ACS configured as authentication serverIts configured automatically in Office 365 tenanciesNot supported in on-prem farms in SharePoint 2013
wwwAndrewConnellcom
AndrewConnell
What is a Server-to-Server (S2S) Trust
Trusted connection between client app and SharePoint Eliminates need for ACS when running apps in on-premises farm
Trust between servers configured using SSL certificates
App code requires access to private key of SSL certificate
Requires creating Security Token Service on SharePoint server(s)
wwwAndrewConnellcom
AndrewConnell
Developing Apps that use S2S Trusts
What are the developer responsibilities with an S2S app Expose an endpoint to SharePoint to
discover service metadata Authenticate the user (can use Windows Auth FBA etc) Create security tokens to send to SharePoint server
Details of creating the S2S security token S2S token like OAuth token but differs from
OAuth specification Security token must contain app identity Security token can optionally include user identity Security token must be signed using certificatersquos private key
wwwAndrewConnellcom
AndrewConnell
OAuth amp S2S Trusts
OAuth Enabled Apps Before deployment marketplace app must be registered with Azure ACS Apps obtain their identity token from Azure ACS When calling SharePoint app includes OAuth token SharePoint trusts Azure ACS
On-Prem deployments will typically use S2S Before deployment app must be
registered with SharePoint Developer registers a certificate with SharePoint amp associates app with
certificate App creates token using private key of certificate SharePoint trusts this token because it was signed with the private key
wwwAndrewConnellcom
AndrewConnell
What You Might Not Be Aware Of 1
OAuth is only supported in Office 365No support in On-Prem deployments at RTMWhy
Possible update to this story after RTMExtra stepsHotfixCumulative UpdateService PackNext Version
wwwAndrewConnellcom
AndrewConnell
Creating Apps with Identities amp Permissions
wwwAndrewConnellcom
AndrewConnell
What You Might Not Be Aware Of 2
Office 365 Azure
bull ldquoPrivate Cloudrdquobull Azure Web Sitesbull SQL Azure DBsbull Access Control Service
Windows Azure
bull wwwazurecombull Cloud servicesbull Web Sitesbull Virtual Machinesbull Storage (blob queue table)bull Service Busbull SQL Azurebull Access Control Servicebull hellip
Office 365 Azure = Windows Azure
wwwAndrewConnellcom
AndrewConnell
The Sandbox Isnrsquot Dead
Where you build sandbox solutions try to replace them with SharePoint Apps
There are many scenarios where Apps canrsquot replace sandbox solutions
Some things are ONLY possible with sandboxed solutions in a hosted deployment
Remember they are deprecated not dead
wwwAndrewConnellcom
AndrewConnell
App Model Parting Thoughts
SharePoint ALM has always been hard NET ALM gt SharePoint ALM
More tools more mature more documentation amp support No longer limited to what SharePoint supports
Latest version of the NET Framework New ldquotoysrdquo (MVC Entity Framework etc) Not limited to any technology stack infrastructure
Working with service layer vs server side API More community tools amp libraries to choose from Can follow more ldquostandardsrdquo
Donrsquot have to scale SharePoint can now just scale the app
wwwAndrewConnellcom
AndrewConnell
CSOM in SharePoint 2010
CSOM made accessible through clientsvcDirect access to clientsvc not supportedCalls to clientsvc must go through
supported entry pointsSupported entry points
NETSilverlight JavaScript
wwwAndrewConnellcom
AndrewConnell
Changes in SharePoint 2013
clientsvc extended with REST capabilitiesclientsvc now supports direct access from
REST clientsclientsvc accepts HTTP GET PUT POST requestsImplemented in accordance with OData protocol
CSOM extended with new APIsNew APIs for SharePoint Server functionalityNew API for Windows Phone Applications
wwwAndrewConnellcom
AndrewConnell
What is covered in the new CSOM
New APIs with SharePoint Server functionality User Profiles
Search
Taxonomy
Feeds
Publishing
Sharing
Workflow
E-Discovery
IRM
Analytics
Business Data
wwwAndrewConnellcom
AndrewConnell
SharePoint 2013 Remote API Architecture
JavaScript Library
Silverlight Library
Net CLR Library
Custom Client Code
Client
Server
_api is new alias for _vti_binclientsvc
OData
Execute Query
wwwAndrewConnellcom
AndrewConnell
What About ListDatasvc
ListDatasvc added REST support for reading amp writing to SharePoint lists in SharePoint 2010
Still present in SharePoint 2013 but primarily only for backwards capability Existing code wonrsquot break
New development recommendation use new SharePoint 2013 RESTOData API
wwwAndrewConnellcom
AndrewConnell
Changes to CSOM in SharePoint 2013
SharePoint Foundation 2013No significant changes to CSOM beyond REST supportPrimary investment was adding REST to existing API
SharePoint Server 2013New APIs added with CSOM and REST support
wwwAndrewConnellcom
AndrewConnell
CSOM using Managed CodeClientContext cc = new ClientContext(httpclientsidewingtipcom)ccCredentials = CredentialCacheDefaultCredentialsWeb site = ccWebListCollection lists = siteLists load site infoccLoad(site s =gt sTitle)ccExecuteQuery()ConsoleWriteLine(Site Title + siteTitle) create listListCreationInformation newList = new ListCreationInformation()newListTitle = Customers CSOMnewListUrl = ListsCustomers_CSOMnewListQuickLaunchOption = QuickLaunchOptionsOnnewListTemplateType = (int)ListTemplateTypeContactssiteListsAdd(newList) refresh lists collectionccLoad(lists) make round trip to Web server to do all the workccExecuteQuery() foreach (List list in lists) ConsoleWriteLine(listTitle)
wwwAndrewConnellcom
AndrewConnell
CSOM using JavaScriptvar ctxvar webvar lists $(onPageLoad) function onPageLoad() ExecuteOrDelayUntilScriptLoaded(initCSOM spjs) function initCSOM() ctx = SPClientContextget_current() web = ctxget_web() ctxload(web) ctxload(webget_currentUser()) lists = webget_lists() ctxload(lists) ctxexecuteQueryAsync(onDisplaySiteInfo onError) function onDisplaySiteInfo() var siteTitle = webget_title() var siteId = webget_id()toString() var siteUrl = webget_url() var currentUser = webget_currentUser()get_loginName() do something with these values function onError(sender args) alert(JSONstringify(args))
wwwAndrewConnellcom
AndrewConnell
Programming CSOM with C
wwwAndrewConnellcom
AndrewConnell
REST URLs in SharePoint 2013
CSOM URLS can go through _api folderSimplifies URLs that need to be builtRemoves clientsvc file name from URL
You can replace this URLhttpwingtipserver_vti_binclientsvcweb
With this URLhttpwingtipserver_apiweb
wwwAndrewConnellcom
AndrewConnell
Mapping Objects to Resources
Example REST URLs targeting SharePoint sites
http[]_apiweblists
http[]_apiweblistsgetByTitle(lsquoContacts)
http[]_apiwebgetAvailableWebTemplates(lcid=1033)
wwwAndrewConnellcom
AndrewConnell
Testing REST Calls Through the Browser
wwwAndrewConnellcom
AndrewConnell
Executing REST Queries Through The Browser
wwwAndrewConnellcom
AndrewConnell
Returning ATOM XML vs JSON
Control data format response withACCEPT header
ATOM-PUB (XML) Verbose
Easier to read
ACCEPT = applicationatom+xml
JSON Condensed notation
Smaller payload
ACCEPT = applicationjsonodata=verbose
d __metadata idF05C411B-943E-42A0-A5DF-205F5C75E673 urihttpintranetwingtipcom_apiWebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2) etag0 typeSPList Id0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2 TitleDocuments
ltentry xmlbase=httpintranetwingtipcom_api xmlns=httpwwww3org2005Atom xmlnsd=httpschemasmicrosoftcomado200708dataservices xmlnsm=httpschemasmicrosoftcomado200708dataservicesmetadata metag=ampquot0ampquotgt ltidgthttpintranetwingtipcom_apiWebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2)ltidgt ltcategory term=SPList scheme=httpschemasmicrosoftcomado200708dataservicesscheme gt ltlink rel=edit href=WebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2) gt lttitle gt ltupdatedgt2012-10-05T205347Zltupdatedgt ltauthorgt ltname gt ltauthorgt ltcontent type=applicationxmlgt ltmpropertiesgt ltdTitlegtDocumentsltdTitlegt ltmpropertiesgt ltcontentgtltentrygt
wwwAndrewConnellcom
AndrewConnell
REST Query from Managed Code
Tips for making REST calls from managed codeUse HttpWebRequest amp HttpWebResponseQuery XML using XDocumentDescendantsOr use JSON amp JavascriptSeralizer JSONNET
build requestUri uri = new Uri(siteUrl + _apiweblistsgetByTitle(Documents)ampselect=Title)HttpWebRequest request = WebRequestCreate(uri) as HttpWebRequestrequestCredentials = CredentialCacheDefaultCredentialsrequestAccept = applicationatom+xml send requestHttpWebResponse response = requestGetResponse() as HttpWebResponse use LINQ to XML to get dataXDocument doc = XDocumentLoad(responseGetResponseStream())XNamespace nsDataService = httpschemasmicrosoftcomado200708dataservicesstring title = docDescendants(nsDataService + Title)First()Value
wwwAndrewConnellcom
AndrewConnell
REST Query Using JavaScript amp jQuery
$(onPageLoad) function onPageLoad() $(cmdGetSiteInfo)click(onGetSiteInfo) function onGetSiteInfo() var requestUri = _spPageContextInfowebAbsoluteUrl + _apiWeb$select=Title execute AJAX request jqxhr = $getJSON(requestUri null OnDataReturned) jqxhrerror(onError) function OnDataReturned(data) var odataResults = datad var siteTitle= odataResultsTitle $(results)html(Title + siteTitle) function onError(err) $(results)text(ERROR + JSONstringify(err))
d __metadata idF05C411B-943E-42A0-A5DF-205F5C75E673 urihttpintranetwingtipcom_apiWeb typeSPWeb Id0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2 TitleMy Site Title
wwwAndrewConnellcom
AndrewConnell
Updates and the Form Digest
Updates using REST require Form DigestSpecial value created using cryptographyUsed to protect against replay attackSharePoint pages include control that contains the Form
DigestWeb service clients must acquire Form
Digest separatelyForm Digest can be acquired through
httpsite_vti_binsitesasmx
wwwAndrewConnellcom
AndrewConnell
Creating Lists with Managed Code amp REST
Parse together URL to point to lists collectionAdd X-RequestDigest header with form
digest valueSet HTTP method to POSTCreate body content with new list info
wwwAndrewConnellcom
AndrewConnell
Creating Lists with JavaScript and REST
function onCreateList() var newList = __metadata typeSPList BaseTemplate105 TemplateFeatureId4AE88D99-DBBC-4B9E-95CC-CA3C320A2345 TitleNewListName var requestHeaders = ACCEPTapplicationjson X-RequestDigest$(__REQUESTDIGEST)val() $ajax( url _spPageContextInfowebAbsoluteUrl + _apiweblists type POST contentType applicationjson data JSONstringify(newList) headers requestHeaders success onSuccess error onError )
Create appropriate JavaScript object and convert to JSON format for request body
Get form digest value from control on page
Create request headers for HTTP Request
Send request to Web server using jQuery $ajax function
Convert request body data to string-based JSON object
wwwAndrewConnellcom
AndrewConnell
Querying and Updating Content Using REST
wwwAndrewConnellcom
AndrewConnell
Questions Want to Learn More
SharePoint Courses for Everyone SharePoint 2007 2010 amp 2013 Developers Administrators amp End Users
Get Training How You Like it Hands-On (classroom with hands-on
labs) Online (live webcast with take-away labs)
Private Classes Available for Large Groups
SharePoint Courses for Everyone SharePoint 2007 2010 amp 2013 Developers Administrators amp End Users
Individual Small Business amp Enterprise Plans Monthly or Annual Subscriptions Watch Online amp Offline
Subscribers Have Access to Entire Catalog
wwwCriticalPathTrainingcom
Hands-On amp Virtual Training
wwwPluralsightcom
On-Demand Training
meandrewconnellcom
- Building Apps for SharePoint 2013 Inside and Outside of the Fir
- Slide 2
- Agenda
- SharePoint 2013 Deployment Options
- Overview of the SharePoint App Model
- App Installation Scopes
- SharePoint App Architecture
- Creating SharePoint Hosted amp Cloud-Hosted Apps
- App Web
- Inspecting the AppWeb
- App Shapes
- App Shapes ndash What It Really Is
- Inspecting App Shapes
- Authentication in SharePoint 2013
- User vs App Authentication Flow
- SharePoint 2013 Authentication Flow
- Provider-Hosted Apps amp App Identity
- OAuth 20 Primer
- Windows Azure ACS
- What is a Server-to-Server (S2S) Trust
- Developing Apps that use S2S Trusts
- OAuth amp S2S Trusts
- What You Might Not Be Aware Of 1
- Creating Apps with Identities amp Permissions
- What You Might Not Be Aware Of 2
- The Sandbox Isnrsquot Dead
- App Model Parting Thoughts
- CSOM in SharePoint 2010
- Changes in SharePoint 2013
- What is covered in the new CSOM
- SharePoint 2013 Remote API Architecture
- What About ListDatasvc
- Changes to CSOM in SharePoint 2013
- CSOM using Managed Code
- CSOM using JavaScript
- Programming CSOM with C
- REST URLs in SharePoint 2013
- Mapping Objects to Resources
- Testing REST Calls Through the Browser
- Executing REST Queries Through The Browser
- Returning ATOM XML vs JSON
- REST Query from Managed Code
- REST Query Using JavaScript amp jQuery
- Updates and the Form Digest
- Creating Lists with Managed Code amp REST
- Creating Lists with JavaScript and REST
- Querying and Updating Content Using REST
- Questions Want to Learn More
-
wwwAndrewConnellcom
AndrewConnell
App Installation Scopes
Site-Scoped Installation App is installed in a specific site App is launched from same site This site is known as host web
Tenancy-Scoped Installation App installed gt app catalog site App available many host webs Host webs access one app instance Centralizes app management
wwwAndrewConnellcom
AndrewConnell
SharePoint App Architecture
SharePoint-Hosted Apps App resources added to SharePoint host Stored in child site known as app web App can have client-side code App cannot have server-side code
Cloud-Hosted Apps App resources deployed on remote server Remote site known as remote web App can have client-side code App can have server-side code
wwwAndrewConnellcom
AndrewConnell
Creating SharePoint Hosted amp
Cloud-Hosted Apps
wwwAndrewConnellcom
AndrewConnell
App Web
App web is created during app installationApp web created as child to site where app is installed
SharePoint-Hosted apps must create app webApp must add start page and related resourcesApp can add other SharePoint elements (eg lists)
Cloud-Hosted apps can create app webMost cloud-hosted apps will not create an app webCloud-hosted app can create app web if needed
wwwAndrewConnellcom
AndrewConnell
Inspecting the AppWeb
wwwAndrewConnellcom
AndrewConnell
App Shapes
What SharePoint Tells youhellipSharePoint-Hosted AppsCloud-Hosted Apps
What Visual Studio Forces You to SelecthellipSharePoint-Hosted AppProvider-Hosted AppAuto-Hosted App
wwwAndrewConnellcom
AndrewConnell
App Shapes ndash What It Really Is
SharePoint-Hosted Apps Everything resides in SharePoint
All Other Types Majority resides external to SharePoint (IIS Azure etc) By default donrsquot trigger creation of AppWebhellip
Unless they include SharePoint artifacts
Auto-Hosted Apps SharePoint handles deployment of external assets
Azure Web SiteSQL Azure Database
wwwAndrewConnellcom
AndrewConnell
Inspecting App Shapes
wwwAndrewConnellcom
AndrewConnell
Authentication in SharePoint 2013
Authentication Flow in SharePoint 2013 User authentication stays the same with standard sites In calls to app web app authentication occurs internally Internal authentication occurs in calls to app web External authentication used for calls from remote web Call context can contain both user and app identity
Requirements for establishing app identity Host web application must be a claims-based Incoming calls must target CSOMREST endpoints
Supported CSOMREST endpoints not extensible
wwwAndrewConnellcom
AndrewConnell
User vs App Authentication Flow
call from user SAMLtoken
call from appOAuthtoken
SharePoint Farm
Web Servers
wwwAndrewConnellcom
AndrewConnell
SharePoint 2013 Authentication Flow
startauthentication
SAML Token
OAuth token
request toapp web
CSOMRESTendpoint
user infoin token
endauthentication
set up call context with user identity
set up call context with user identity and app identity
set up call context with app identity
set up call context with no identity
(anonymous access)
YES NO
YESNO
NO
YES YES YES
NO
NO
wwwAndrewConnellcom
AndrewConnell
Provider-Hosted Apps amp App Identity
OAuth (via Azure ACS)
High-Trust (via S2S Trust amp
certificates)
bull Apps can obtain an identity using one of two methods
wwwAndrewConnellcom
AndrewConnell
OAuth 20 Primer
What is OAuthInternet protocol for creating and managing app identityA cross-platform mechanism for authenticating appsInternet standard used by Facebook Google
and Twitter
SharePoint 2013 use OAuth to establish app identitySharePoint integration with OAuth based on Azure ACSOAuth authentication used in Office 365 but not on-premises farms
wwwAndrewConnellcom
AndrewConnell
Windows Azure ACS
Windows Azure Access Control Service (ACS)Required to use OAuth with SharePoint 2013ACS server acts as authentication serverACS server must be trusted by content serverACS server must be trusted by client app
How is ACS configured as authentication serverIts configured automatically in Office 365 tenanciesNot supported in on-prem farms in SharePoint 2013
wwwAndrewConnellcom
AndrewConnell
What is a Server-to-Server (S2S) Trust
Trusted connection between client app and SharePoint Eliminates need for ACS when running apps in on-premises farm
Trust between servers configured using SSL certificates
App code requires access to private key of SSL certificate
Requires creating Security Token Service on SharePoint server(s)
wwwAndrewConnellcom
AndrewConnell
Developing Apps that use S2S Trusts
What are the developer responsibilities with an S2S app Expose an endpoint to SharePoint to
discover service metadata Authenticate the user (can use Windows Auth FBA etc) Create security tokens to send to SharePoint server
Details of creating the S2S security token S2S token like OAuth token but differs from
OAuth specification Security token must contain app identity Security token can optionally include user identity Security token must be signed using certificatersquos private key
wwwAndrewConnellcom
AndrewConnell
OAuth amp S2S Trusts
OAuth Enabled Apps Before deployment marketplace app must be registered with Azure ACS Apps obtain their identity token from Azure ACS When calling SharePoint app includes OAuth token SharePoint trusts Azure ACS
On-Prem deployments will typically use S2S Before deployment app must be
registered with SharePoint Developer registers a certificate with SharePoint amp associates app with
certificate App creates token using private key of certificate SharePoint trusts this token because it was signed with the private key
wwwAndrewConnellcom
AndrewConnell
What You Might Not Be Aware Of 1
OAuth is only supported in Office 365No support in On-Prem deployments at RTMWhy
Possible update to this story after RTMExtra stepsHotfixCumulative UpdateService PackNext Version
wwwAndrewConnellcom
AndrewConnell
Creating Apps with Identities amp Permissions
wwwAndrewConnellcom
AndrewConnell
What You Might Not Be Aware Of 2
Office 365 Azure
bull ldquoPrivate Cloudrdquobull Azure Web Sitesbull SQL Azure DBsbull Access Control Service
Windows Azure
bull wwwazurecombull Cloud servicesbull Web Sitesbull Virtual Machinesbull Storage (blob queue table)bull Service Busbull SQL Azurebull Access Control Servicebull hellip
Office 365 Azure = Windows Azure
wwwAndrewConnellcom
AndrewConnell
The Sandbox Isnrsquot Dead
Where you build sandbox solutions try to replace them with SharePoint Apps
There are many scenarios where Apps canrsquot replace sandbox solutions
Some things are ONLY possible with sandboxed solutions in a hosted deployment
Remember they are deprecated not dead
wwwAndrewConnellcom
AndrewConnell
App Model Parting Thoughts
SharePoint ALM has always been hard NET ALM gt SharePoint ALM
More tools more mature more documentation amp support No longer limited to what SharePoint supports
Latest version of the NET Framework New ldquotoysrdquo (MVC Entity Framework etc) Not limited to any technology stack infrastructure
Working with service layer vs server side API More community tools amp libraries to choose from Can follow more ldquostandardsrdquo
Donrsquot have to scale SharePoint can now just scale the app
wwwAndrewConnellcom
AndrewConnell
CSOM in SharePoint 2010
CSOM made accessible through clientsvcDirect access to clientsvc not supportedCalls to clientsvc must go through
supported entry pointsSupported entry points
NETSilverlight JavaScript
wwwAndrewConnellcom
AndrewConnell
Changes in SharePoint 2013
clientsvc extended with REST capabilitiesclientsvc now supports direct access from
REST clientsclientsvc accepts HTTP GET PUT POST requestsImplemented in accordance with OData protocol
CSOM extended with new APIsNew APIs for SharePoint Server functionalityNew API for Windows Phone Applications
wwwAndrewConnellcom
AndrewConnell
What is covered in the new CSOM
New APIs with SharePoint Server functionality User Profiles
Search
Taxonomy
Feeds
Publishing
Sharing
Workflow
E-Discovery
IRM
Analytics
Business Data
wwwAndrewConnellcom
AndrewConnell
SharePoint 2013 Remote API Architecture
JavaScript Library
Silverlight Library
Net CLR Library
Custom Client Code
Client
Server
_api is new alias for _vti_binclientsvc
OData
Execute Query
wwwAndrewConnellcom
AndrewConnell
What About ListDatasvc
ListDatasvc added REST support for reading amp writing to SharePoint lists in SharePoint 2010
Still present in SharePoint 2013 but primarily only for backwards capability Existing code wonrsquot break
New development recommendation use new SharePoint 2013 RESTOData API
wwwAndrewConnellcom
AndrewConnell
Changes to CSOM in SharePoint 2013
SharePoint Foundation 2013No significant changes to CSOM beyond REST supportPrimary investment was adding REST to existing API
SharePoint Server 2013New APIs added with CSOM and REST support
wwwAndrewConnellcom
AndrewConnell
CSOM using Managed CodeClientContext cc = new ClientContext(httpclientsidewingtipcom)ccCredentials = CredentialCacheDefaultCredentialsWeb site = ccWebListCollection lists = siteLists load site infoccLoad(site s =gt sTitle)ccExecuteQuery()ConsoleWriteLine(Site Title + siteTitle) create listListCreationInformation newList = new ListCreationInformation()newListTitle = Customers CSOMnewListUrl = ListsCustomers_CSOMnewListQuickLaunchOption = QuickLaunchOptionsOnnewListTemplateType = (int)ListTemplateTypeContactssiteListsAdd(newList) refresh lists collectionccLoad(lists) make round trip to Web server to do all the workccExecuteQuery() foreach (List list in lists) ConsoleWriteLine(listTitle)
wwwAndrewConnellcom
AndrewConnell
CSOM using JavaScriptvar ctxvar webvar lists $(onPageLoad) function onPageLoad() ExecuteOrDelayUntilScriptLoaded(initCSOM spjs) function initCSOM() ctx = SPClientContextget_current() web = ctxget_web() ctxload(web) ctxload(webget_currentUser()) lists = webget_lists() ctxload(lists) ctxexecuteQueryAsync(onDisplaySiteInfo onError) function onDisplaySiteInfo() var siteTitle = webget_title() var siteId = webget_id()toString() var siteUrl = webget_url() var currentUser = webget_currentUser()get_loginName() do something with these values function onError(sender args) alert(JSONstringify(args))
wwwAndrewConnellcom
AndrewConnell
Programming CSOM with C
wwwAndrewConnellcom
AndrewConnell
REST URLs in SharePoint 2013
CSOM URLS can go through _api folderSimplifies URLs that need to be builtRemoves clientsvc file name from URL
You can replace this URLhttpwingtipserver_vti_binclientsvcweb
With this URLhttpwingtipserver_apiweb
wwwAndrewConnellcom
AndrewConnell
Mapping Objects to Resources
Example REST URLs targeting SharePoint sites
http[]_apiweblists
http[]_apiweblistsgetByTitle(lsquoContacts)
http[]_apiwebgetAvailableWebTemplates(lcid=1033)
wwwAndrewConnellcom
AndrewConnell
Testing REST Calls Through the Browser
wwwAndrewConnellcom
AndrewConnell
Executing REST Queries Through The Browser
wwwAndrewConnellcom
AndrewConnell
Returning ATOM XML vs JSON
Control data format response withACCEPT header
ATOM-PUB (XML) Verbose
Easier to read
ACCEPT = applicationatom+xml
JSON Condensed notation
Smaller payload
ACCEPT = applicationjsonodata=verbose
d __metadata idF05C411B-943E-42A0-A5DF-205F5C75E673 urihttpintranetwingtipcom_apiWebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2) etag0 typeSPList Id0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2 TitleDocuments
ltentry xmlbase=httpintranetwingtipcom_api xmlns=httpwwww3org2005Atom xmlnsd=httpschemasmicrosoftcomado200708dataservices xmlnsm=httpschemasmicrosoftcomado200708dataservicesmetadata metag=ampquot0ampquotgt ltidgthttpintranetwingtipcom_apiWebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2)ltidgt ltcategory term=SPList scheme=httpschemasmicrosoftcomado200708dataservicesscheme gt ltlink rel=edit href=WebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2) gt lttitle gt ltupdatedgt2012-10-05T205347Zltupdatedgt ltauthorgt ltname gt ltauthorgt ltcontent type=applicationxmlgt ltmpropertiesgt ltdTitlegtDocumentsltdTitlegt ltmpropertiesgt ltcontentgtltentrygt
wwwAndrewConnellcom
AndrewConnell
REST Query from Managed Code
Tips for making REST calls from managed codeUse HttpWebRequest amp HttpWebResponseQuery XML using XDocumentDescendantsOr use JSON amp JavascriptSeralizer JSONNET
build requestUri uri = new Uri(siteUrl + _apiweblistsgetByTitle(Documents)ampselect=Title)HttpWebRequest request = WebRequestCreate(uri) as HttpWebRequestrequestCredentials = CredentialCacheDefaultCredentialsrequestAccept = applicationatom+xml send requestHttpWebResponse response = requestGetResponse() as HttpWebResponse use LINQ to XML to get dataXDocument doc = XDocumentLoad(responseGetResponseStream())XNamespace nsDataService = httpschemasmicrosoftcomado200708dataservicesstring title = docDescendants(nsDataService + Title)First()Value
wwwAndrewConnellcom
AndrewConnell
REST Query Using JavaScript amp jQuery
$(onPageLoad) function onPageLoad() $(cmdGetSiteInfo)click(onGetSiteInfo) function onGetSiteInfo() var requestUri = _spPageContextInfowebAbsoluteUrl + _apiWeb$select=Title execute AJAX request jqxhr = $getJSON(requestUri null OnDataReturned) jqxhrerror(onError) function OnDataReturned(data) var odataResults = datad var siteTitle= odataResultsTitle $(results)html(Title + siteTitle) function onError(err) $(results)text(ERROR + JSONstringify(err))
d __metadata idF05C411B-943E-42A0-A5DF-205F5C75E673 urihttpintranetwingtipcom_apiWeb typeSPWeb Id0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2 TitleMy Site Title
wwwAndrewConnellcom
AndrewConnell
Updates and the Form Digest
Updates using REST require Form DigestSpecial value created using cryptographyUsed to protect against replay attackSharePoint pages include control that contains the Form
DigestWeb service clients must acquire Form
Digest separatelyForm Digest can be acquired through
httpsite_vti_binsitesasmx
wwwAndrewConnellcom
AndrewConnell
Creating Lists with Managed Code amp REST
Parse together URL to point to lists collectionAdd X-RequestDigest header with form
digest valueSet HTTP method to POSTCreate body content with new list info
wwwAndrewConnellcom
AndrewConnell
Creating Lists with JavaScript and REST
function onCreateList() var newList = __metadata typeSPList BaseTemplate105 TemplateFeatureId4AE88D99-DBBC-4B9E-95CC-CA3C320A2345 TitleNewListName var requestHeaders = ACCEPTapplicationjson X-RequestDigest$(__REQUESTDIGEST)val() $ajax( url _spPageContextInfowebAbsoluteUrl + _apiweblists type POST contentType applicationjson data JSONstringify(newList) headers requestHeaders success onSuccess error onError )
Create appropriate JavaScript object and convert to JSON format for request body
Get form digest value from control on page
Create request headers for HTTP Request
Send request to Web server using jQuery $ajax function
Convert request body data to string-based JSON object
wwwAndrewConnellcom
AndrewConnell
Querying and Updating Content Using REST
wwwAndrewConnellcom
AndrewConnell
Questions Want to Learn More
SharePoint Courses for Everyone SharePoint 2007 2010 amp 2013 Developers Administrators amp End Users
Get Training How You Like it Hands-On (classroom with hands-on
labs) Online (live webcast with take-away labs)
Private Classes Available for Large Groups
SharePoint Courses for Everyone SharePoint 2007 2010 amp 2013 Developers Administrators amp End Users
Individual Small Business amp Enterprise Plans Monthly or Annual Subscriptions Watch Online amp Offline
Subscribers Have Access to Entire Catalog
wwwCriticalPathTrainingcom
Hands-On amp Virtual Training
wwwPluralsightcom
On-Demand Training
meandrewconnellcom
- Building Apps for SharePoint 2013 Inside and Outside of the Fir
- Slide 2
- Agenda
- SharePoint 2013 Deployment Options
- Overview of the SharePoint App Model
- App Installation Scopes
- SharePoint App Architecture
- Creating SharePoint Hosted amp Cloud-Hosted Apps
- App Web
- Inspecting the AppWeb
- App Shapes
- App Shapes ndash What It Really Is
- Inspecting App Shapes
- Authentication in SharePoint 2013
- User vs App Authentication Flow
- SharePoint 2013 Authentication Flow
- Provider-Hosted Apps amp App Identity
- OAuth 20 Primer
- Windows Azure ACS
- What is a Server-to-Server (S2S) Trust
- Developing Apps that use S2S Trusts
- OAuth amp S2S Trusts
- What You Might Not Be Aware Of 1
- Creating Apps with Identities amp Permissions
- What You Might Not Be Aware Of 2
- The Sandbox Isnrsquot Dead
- App Model Parting Thoughts
- CSOM in SharePoint 2010
- Changes in SharePoint 2013
- What is covered in the new CSOM
- SharePoint 2013 Remote API Architecture
- What About ListDatasvc
- Changes to CSOM in SharePoint 2013
- CSOM using Managed Code
- CSOM using JavaScript
- Programming CSOM with C
- REST URLs in SharePoint 2013
- Mapping Objects to Resources
- Testing REST Calls Through the Browser
- Executing REST Queries Through The Browser
- Returning ATOM XML vs JSON
- REST Query from Managed Code
- REST Query Using JavaScript amp jQuery
- Updates and the Form Digest
- Creating Lists with Managed Code amp REST
- Creating Lists with JavaScript and REST
- Querying and Updating Content Using REST
- Questions Want to Learn More
-
wwwAndrewConnellcom
AndrewConnell
SharePoint App Architecture
SharePoint-Hosted Apps App resources added to SharePoint host Stored in child site known as app web App can have client-side code App cannot have server-side code
Cloud-Hosted Apps App resources deployed on remote server Remote site known as remote web App can have client-side code App can have server-side code
wwwAndrewConnellcom
AndrewConnell
Creating SharePoint Hosted amp
Cloud-Hosted Apps
wwwAndrewConnellcom
AndrewConnell
App Web
App web is created during app installationApp web created as child to site where app is installed
SharePoint-Hosted apps must create app webApp must add start page and related resourcesApp can add other SharePoint elements (eg lists)
Cloud-Hosted apps can create app webMost cloud-hosted apps will not create an app webCloud-hosted app can create app web if needed
wwwAndrewConnellcom
AndrewConnell
Inspecting the AppWeb
wwwAndrewConnellcom
AndrewConnell
App Shapes
What SharePoint Tells youhellipSharePoint-Hosted AppsCloud-Hosted Apps
What Visual Studio Forces You to SelecthellipSharePoint-Hosted AppProvider-Hosted AppAuto-Hosted App
wwwAndrewConnellcom
AndrewConnell
App Shapes ndash What It Really Is
SharePoint-Hosted Apps Everything resides in SharePoint
All Other Types Majority resides external to SharePoint (IIS Azure etc) By default donrsquot trigger creation of AppWebhellip
Unless they include SharePoint artifacts
Auto-Hosted Apps SharePoint handles deployment of external assets
Azure Web SiteSQL Azure Database
wwwAndrewConnellcom
AndrewConnell
Inspecting App Shapes
wwwAndrewConnellcom
AndrewConnell
Authentication in SharePoint 2013
Authentication Flow in SharePoint 2013 User authentication stays the same with standard sites In calls to app web app authentication occurs internally Internal authentication occurs in calls to app web External authentication used for calls from remote web Call context can contain both user and app identity
Requirements for establishing app identity Host web application must be a claims-based Incoming calls must target CSOMREST endpoints
Supported CSOMREST endpoints not extensible
wwwAndrewConnellcom
AndrewConnell
User vs App Authentication Flow
call from user SAMLtoken
call from appOAuthtoken
SharePoint Farm
Web Servers
wwwAndrewConnellcom
AndrewConnell
SharePoint 2013 Authentication Flow
startauthentication
SAML Token
OAuth token
request toapp web
CSOMRESTendpoint
user infoin token
endauthentication
set up call context with user identity
set up call context with user identity and app identity
set up call context with app identity
set up call context with no identity
(anonymous access)
YES NO
YESNO
NO
YES YES YES
NO
NO
wwwAndrewConnellcom
AndrewConnell
Provider-Hosted Apps amp App Identity
OAuth (via Azure ACS)
High-Trust (via S2S Trust amp
certificates)
bull Apps can obtain an identity using one of two methods
wwwAndrewConnellcom
AndrewConnell
OAuth 20 Primer
What is OAuthInternet protocol for creating and managing app identityA cross-platform mechanism for authenticating appsInternet standard used by Facebook Google
and Twitter
SharePoint 2013 use OAuth to establish app identitySharePoint integration with OAuth based on Azure ACSOAuth authentication used in Office 365 but not on-premises farms
wwwAndrewConnellcom
AndrewConnell
Windows Azure ACS
Windows Azure Access Control Service (ACS)Required to use OAuth with SharePoint 2013ACS server acts as authentication serverACS server must be trusted by content serverACS server must be trusted by client app
How is ACS configured as authentication serverIts configured automatically in Office 365 tenanciesNot supported in on-prem farms in SharePoint 2013
wwwAndrewConnellcom
AndrewConnell
What is a Server-to-Server (S2S) Trust
Trusted connection between client app and SharePoint Eliminates need for ACS when running apps in on-premises farm
Trust between servers configured using SSL certificates
App code requires access to private key of SSL certificate
Requires creating Security Token Service on SharePoint server(s)
wwwAndrewConnellcom
AndrewConnell
Developing Apps that use S2S Trusts
What are the developer responsibilities with an S2S app Expose an endpoint to SharePoint to
discover service metadata Authenticate the user (can use Windows Auth FBA etc) Create security tokens to send to SharePoint server
Details of creating the S2S security token S2S token like OAuth token but differs from
OAuth specification Security token must contain app identity Security token can optionally include user identity Security token must be signed using certificatersquos private key
wwwAndrewConnellcom
AndrewConnell
OAuth amp S2S Trusts
OAuth Enabled Apps Before deployment marketplace app must be registered with Azure ACS Apps obtain their identity token from Azure ACS When calling SharePoint app includes OAuth token SharePoint trusts Azure ACS
On-Prem deployments will typically use S2S Before deployment app must be
registered with SharePoint Developer registers a certificate with SharePoint amp associates app with
certificate App creates token using private key of certificate SharePoint trusts this token because it was signed with the private key
wwwAndrewConnellcom
AndrewConnell
What You Might Not Be Aware Of 1
OAuth is only supported in Office 365No support in On-Prem deployments at RTMWhy
Possible update to this story after RTMExtra stepsHotfixCumulative UpdateService PackNext Version
wwwAndrewConnellcom
AndrewConnell
Creating Apps with Identities amp Permissions
wwwAndrewConnellcom
AndrewConnell
What You Might Not Be Aware Of 2
Office 365 Azure
bull ldquoPrivate Cloudrdquobull Azure Web Sitesbull SQL Azure DBsbull Access Control Service
Windows Azure
bull wwwazurecombull Cloud servicesbull Web Sitesbull Virtual Machinesbull Storage (blob queue table)bull Service Busbull SQL Azurebull Access Control Servicebull hellip
Office 365 Azure = Windows Azure
wwwAndrewConnellcom
AndrewConnell
The Sandbox Isnrsquot Dead
Where you build sandbox solutions try to replace them with SharePoint Apps
There are many scenarios where Apps canrsquot replace sandbox solutions
Some things are ONLY possible with sandboxed solutions in a hosted deployment
Remember they are deprecated not dead
wwwAndrewConnellcom
AndrewConnell
App Model Parting Thoughts
SharePoint ALM has always been hard NET ALM gt SharePoint ALM
More tools more mature more documentation amp support No longer limited to what SharePoint supports
Latest version of the NET Framework New ldquotoysrdquo (MVC Entity Framework etc) Not limited to any technology stack infrastructure
Working with service layer vs server side API More community tools amp libraries to choose from Can follow more ldquostandardsrdquo
Donrsquot have to scale SharePoint can now just scale the app
wwwAndrewConnellcom
AndrewConnell
CSOM in SharePoint 2010
CSOM made accessible through clientsvcDirect access to clientsvc not supportedCalls to clientsvc must go through
supported entry pointsSupported entry points
NETSilverlight JavaScript
wwwAndrewConnellcom
AndrewConnell
Changes in SharePoint 2013
clientsvc extended with REST capabilitiesclientsvc now supports direct access from
REST clientsclientsvc accepts HTTP GET PUT POST requestsImplemented in accordance with OData protocol
CSOM extended with new APIsNew APIs for SharePoint Server functionalityNew API for Windows Phone Applications
wwwAndrewConnellcom
AndrewConnell
What is covered in the new CSOM
New APIs with SharePoint Server functionality User Profiles
Search
Taxonomy
Feeds
Publishing
Sharing
Workflow
E-Discovery
IRM
Analytics
Business Data
wwwAndrewConnellcom
AndrewConnell
SharePoint 2013 Remote API Architecture
JavaScript Library
Silverlight Library
Net CLR Library
Custom Client Code
Client
Server
_api is new alias for _vti_binclientsvc
OData
Execute Query
wwwAndrewConnellcom
AndrewConnell
What About ListDatasvc
ListDatasvc added REST support for reading amp writing to SharePoint lists in SharePoint 2010
Still present in SharePoint 2013 but primarily only for backwards capability Existing code wonrsquot break
New development recommendation use new SharePoint 2013 RESTOData API
wwwAndrewConnellcom
AndrewConnell
Changes to CSOM in SharePoint 2013
SharePoint Foundation 2013No significant changes to CSOM beyond REST supportPrimary investment was adding REST to existing API
SharePoint Server 2013New APIs added with CSOM and REST support
wwwAndrewConnellcom
AndrewConnell
CSOM using Managed CodeClientContext cc = new ClientContext(httpclientsidewingtipcom)ccCredentials = CredentialCacheDefaultCredentialsWeb site = ccWebListCollection lists = siteLists load site infoccLoad(site s =gt sTitle)ccExecuteQuery()ConsoleWriteLine(Site Title + siteTitle) create listListCreationInformation newList = new ListCreationInformation()newListTitle = Customers CSOMnewListUrl = ListsCustomers_CSOMnewListQuickLaunchOption = QuickLaunchOptionsOnnewListTemplateType = (int)ListTemplateTypeContactssiteListsAdd(newList) refresh lists collectionccLoad(lists) make round trip to Web server to do all the workccExecuteQuery() foreach (List list in lists) ConsoleWriteLine(listTitle)
wwwAndrewConnellcom
AndrewConnell
CSOM using JavaScriptvar ctxvar webvar lists $(onPageLoad) function onPageLoad() ExecuteOrDelayUntilScriptLoaded(initCSOM spjs) function initCSOM() ctx = SPClientContextget_current() web = ctxget_web() ctxload(web) ctxload(webget_currentUser()) lists = webget_lists() ctxload(lists) ctxexecuteQueryAsync(onDisplaySiteInfo onError) function onDisplaySiteInfo() var siteTitle = webget_title() var siteId = webget_id()toString() var siteUrl = webget_url() var currentUser = webget_currentUser()get_loginName() do something with these values function onError(sender args) alert(JSONstringify(args))
wwwAndrewConnellcom
AndrewConnell
Programming CSOM with C
wwwAndrewConnellcom
AndrewConnell
REST URLs in SharePoint 2013
CSOM URLS can go through _api folderSimplifies URLs that need to be builtRemoves clientsvc file name from URL
You can replace this URLhttpwingtipserver_vti_binclientsvcweb
With this URLhttpwingtipserver_apiweb
wwwAndrewConnellcom
AndrewConnell
Mapping Objects to Resources
Example REST URLs targeting SharePoint sites
http[]_apiweblists
http[]_apiweblistsgetByTitle(lsquoContacts)
http[]_apiwebgetAvailableWebTemplates(lcid=1033)
wwwAndrewConnellcom
AndrewConnell
Testing REST Calls Through the Browser
wwwAndrewConnellcom
AndrewConnell
Executing REST Queries Through The Browser
wwwAndrewConnellcom
AndrewConnell
Returning ATOM XML vs JSON
Control data format response withACCEPT header
ATOM-PUB (XML) Verbose
Easier to read
ACCEPT = applicationatom+xml
JSON Condensed notation
Smaller payload
ACCEPT = applicationjsonodata=verbose
d __metadata idF05C411B-943E-42A0-A5DF-205F5C75E673 urihttpintranetwingtipcom_apiWebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2) etag0 typeSPList Id0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2 TitleDocuments
ltentry xmlbase=httpintranetwingtipcom_api xmlns=httpwwww3org2005Atom xmlnsd=httpschemasmicrosoftcomado200708dataservices xmlnsm=httpschemasmicrosoftcomado200708dataservicesmetadata metag=ampquot0ampquotgt ltidgthttpintranetwingtipcom_apiWebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2)ltidgt ltcategory term=SPList scheme=httpschemasmicrosoftcomado200708dataservicesscheme gt ltlink rel=edit href=WebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2) gt lttitle gt ltupdatedgt2012-10-05T205347Zltupdatedgt ltauthorgt ltname gt ltauthorgt ltcontent type=applicationxmlgt ltmpropertiesgt ltdTitlegtDocumentsltdTitlegt ltmpropertiesgt ltcontentgtltentrygt
wwwAndrewConnellcom
AndrewConnell
REST Query from Managed Code
Tips for making REST calls from managed codeUse HttpWebRequest amp HttpWebResponseQuery XML using XDocumentDescendantsOr use JSON amp JavascriptSeralizer JSONNET
build requestUri uri = new Uri(siteUrl + _apiweblistsgetByTitle(Documents)ampselect=Title)HttpWebRequest request = WebRequestCreate(uri) as HttpWebRequestrequestCredentials = CredentialCacheDefaultCredentialsrequestAccept = applicationatom+xml send requestHttpWebResponse response = requestGetResponse() as HttpWebResponse use LINQ to XML to get dataXDocument doc = XDocumentLoad(responseGetResponseStream())XNamespace nsDataService = httpschemasmicrosoftcomado200708dataservicesstring title = docDescendants(nsDataService + Title)First()Value
wwwAndrewConnellcom
AndrewConnell
REST Query Using JavaScript amp jQuery
$(onPageLoad) function onPageLoad() $(cmdGetSiteInfo)click(onGetSiteInfo) function onGetSiteInfo() var requestUri = _spPageContextInfowebAbsoluteUrl + _apiWeb$select=Title execute AJAX request jqxhr = $getJSON(requestUri null OnDataReturned) jqxhrerror(onError) function OnDataReturned(data) var odataResults = datad var siteTitle= odataResultsTitle $(results)html(Title + siteTitle) function onError(err) $(results)text(ERROR + JSONstringify(err))
d __metadata idF05C411B-943E-42A0-A5DF-205F5C75E673 urihttpintranetwingtipcom_apiWeb typeSPWeb Id0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2 TitleMy Site Title
wwwAndrewConnellcom
AndrewConnell
Updates and the Form Digest
Updates using REST require Form DigestSpecial value created using cryptographyUsed to protect against replay attackSharePoint pages include control that contains the Form
DigestWeb service clients must acquire Form
Digest separatelyForm Digest can be acquired through
httpsite_vti_binsitesasmx
wwwAndrewConnellcom
AndrewConnell
Creating Lists with Managed Code amp REST
Parse together URL to point to lists collectionAdd X-RequestDigest header with form
digest valueSet HTTP method to POSTCreate body content with new list info
wwwAndrewConnellcom
AndrewConnell
Creating Lists with JavaScript and REST
function onCreateList() var newList = __metadata typeSPList BaseTemplate105 TemplateFeatureId4AE88D99-DBBC-4B9E-95CC-CA3C320A2345 TitleNewListName var requestHeaders = ACCEPTapplicationjson X-RequestDigest$(__REQUESTDIGEST)val() $ajax( url _spPageContextInfowebAbsoluteUrl + _apiweblists type POST contentType applicationjson data JSONstringify(newList) headers requestHeaders success onSuccess error onError )
Create appropriate JavaScript object and convert to JSON format for request body
Get form digest value from control on page
Create request headers for HTTP Request
Send request to Web server using jQuery $ajax function
Convert request body data to string-based JSON object
wwwAndrewConnellcom
AndrewConnell
Querying and Updating Content Using REST
wwwAndrewConnellcom
AndrewConnell
Questions Want to Learn More
SharePoint Courses for Everyone SharePoint 2007 2010 amp 2013 Developers Administrators amp End Users
Get Training How You Like it Hands-On (classroom with hands-on
labs) Online (live webcast with take-away labs)
Private Classes Available for Large Groups
SharePoint Courses for Everyone SharePoint 2007 2010 amp 2013 Developers Administrators amp End Users
Individual Small Business amp Enterprise Plans Monthly or Annual Subscriptions Watch Online amp Offline
Subscribers Have Access to Entire Catalog
wwwCriticalPathTrainingcom
Hands-On amp Virtual Training
wwwPluralsightcom
On-Demand Training
meandrewconnellcom
- Building Apps for SharePoint 2013 Inside and Outside of the Fir
- Slide 2
- Agenda
- SharePoint 2013 Deployment Options
- Overview of the SharePoint App Model
- App Installation Scopes
- SharePoint App Architecture
- Creating SharePoint Hosted amp Cloud-Hosted Apps
- App Web
- Inspecting the AppWeb
- App Shapes
- App Shapes ndash What It Really Is
- Inspecting App Shapes
- Authentication in SharePoint 2013
- User vs App Authentication Flow
- SharePoint 2013 Authentication Flow
- Provider-Hosted Apps amp App Identity
- OAuth 20 Primer
- Windows Azure ACS
- What is a Server-to-Server (S2S) Trust
- Developing Apps that use S2S Trusts
- OAuth amp S2S Trusts
- What You Might Not Be Aware Of 1
- Creating Apps with Identities amp Permissions
- What You Might Not Be Aware Of 2
- The Sandbox Isnrsquot Dead
- App Model Parting Thoughts
- CSOM in SharePoint 2010
- Changes in SharePoint 2013
- What is covered in the new CSOM
- SharePoint 2013 Remote API Architecture
- What About ListDatasvc
- Changes to CSOM in SharePoint 2013
- CSOM using Managed Code
- CSOM using JavaScript
- Programming CSOM with C
- REST URLs in SharePoint 2013
- Mapping Objects to Resources
- Testing REST Calls Through the Browser
- Executing REST Queries Through The Browser
- Returning ATOM XML vs JSON
- REST Query from Managed Code
- REST Query Using JavaScript amp jQuery
- Updates and the Form Digest
- Creating Lists with Managed Code amp REST
- Creating Lists with JavaScript and REST
- Querying and Updating Content Using REST
- Questions Want to Learn More
-
wwwAndrewConnellcom
AndrewConnell
Creating SharePoint Hosted amp
Cloud-Hosted Apps
wwwAndrewConnellcom
AndrewConnell
App Web
App web is created during app installationApp web created as child to site where app is installed
SharePoint-Hosted apps must create app webApp must add start page and related resourcesApp can add other SharePoint elements (eg lists)
Cloud-Hosted apps can create app webMost cloud-hosted apps will not create an app webCloud-hosted app can create app web if needed
wwwAndrewConnellcom
AndrewConnell
Inspecting the AppWeb
wwwAndrewConnellcom
AndrewConnell
App Shapes
What SharePoint Tells youhellipSharePoint-Hosted AppsCloud-Hosted Apps
What Visual Studio Forces You to SelecthellipSharePoint-Hosted AppProvider-Hosted AppAuto-Hosted App
wwwAndrewConnellcom
AndrewConnell
App Shapes ndash What It Really Is
SharePoint-Hosted Apps Everything resides in SharePoint
All Other Types Majority resides external to SharePoint (IIS Azure etc) By default donrsquot trigger creation of AppWebhellip
Unless they include SharePoint artifacts
Auto-Hosted Apps SharePoint handles deployment of external assets
Azure Web SiteSQL Azure Database
wwwAndrewConnellcom
AndrewConnell
Inspecting App Shapes
wwwAndrewConnellcom
AndrewConnell
Authentication in SharePoint 2013
Authentication Flow in SharePoint 2013 User authentication stays the same with standard sites In calls to app web app authentication occurs internally Internal authentication occurs in calls to app web External authentication used for calls from remote web Call context can contain both user and app identity
Requirements for establishing app identity Host web application must be a claims-based Incoming calls must target CSOMREST endpoints
Supported CSOMREST endpoints not extensible
wwwAndrewConnellcom
AndrewConnell
User vs App Authentication Flow
call from user SAMLtoken
call from appOAuthtoken
SharePoint Farm
Web Servers
wwwAndrewConnellcom
AndrewConnell
SharePoint 2013 Authentication Flow
startauthentication
SAML Token
OAuth token
request toapp web
CSOMRESTendpoint
user infoin token
endauthentication
set up call context with user identity
set up call context with user identity and app identity
set up call context with app identity
set up call context with no identity
(anonymous access)
YES NO
YESNO
NO
YES YES YES
NO
NO
wwwAndrewConnellcom
AndrewConnell
Provider-Hosted Apps amp App Identity
OAuth (via Azure ACS)
High-Trust (via S2S Trust amp
certificates)
bull Apps can obtain an identity using one of two methods
wwwAndrewConnellcom
AndrewConnell
OAuth 20 Primer
What is OAuthInternet protocol for creating and managing app identityA cross-platform mechanism for authenticating appsInternet standard used by Facebook Google
and Twitter
SharePoint 2013 use OAuth to establish app identitySharePoint integration with OAuth based on Azure ACSOAuth authentication used in Office 365 but not on-premises farms
wwwAndrewConnellcom
AndrewConnell
Windows Azure ACS
Windows Azure Access Control Service (ACS)Required to use OAuth with SharePoint 2013ACS server acts as authentication serverACS server must be trusted by content serverACS server must be trusted by client app
How is ACS configured as authentication serverIts configured automatically in Office 365 tenanciesNot supported in on-prem farms in SharePoint 2013
wwwAndrewConnellcom
AndrewConnell
What is a Server-to-Server (S2S) Trust
Trusted connection between client app and SharePoint Eliminates need for ACS when running apps in on-premises farm
Trust between servers configured using SSL certificates
App code requires access to private key of SSL certificate
Requires creating Security Token Service on SharePoint server(s)
wwwAndrewConnellcom
AndrewConnell
Developing Apps that use S2S Trusts
What are the developer responsibilities with an S2S app Expose an endpoint to SharePoint to
discover service metadata Authenticate the user (can use Windows Auth FBA etc) Create security tokens to send to SharePoint server
Details of creating the S2S security token S2S token like OAuth token but differs from
OAuth specification Security token must contain app identity Security token can optionally include user identity Security token must be signed using certificatersquos private key
wwwAndrewConnellcom
AndrewConnell
OAuth amp S2S Trusts
OAuth Enabled Apps Before deployment marketplace app must be registered with Azure ACS Apps obtain their identity token from Azure ACS When calling SharePoint app includes OAuth token SharePoint trusts Azure ACS
On-Prem deployments will typically use S2S Before deployment app must be
registered with SharePoint Developer registers a certificate with SharePoint amp associates app with
certificate App creates token using private key of certificate SharePoint trusts this token because it was signed with the private key
wwwAndrewConnellcom
AndrewConnell
What You Might Not Be Aware Of 1
OAuth is only supported in Office 365No support in On-Prem deployments at RTMWhy
Possible update to this story after RTMExtra stepsHotfixCumulative UpdateService PackNext Version
wwwAndrewConnellcom
AndrewConnell
Creating Apps with Identities amp Permissions
wwwAndrewConnellcom
AndrewConnell
What You Might Not Be Aware Of 2
Office 365 Azure
bull ldquoPrivate Cloudrdquobull Azure Web Sitesbull SQL Azure DBsbull Access Control Service
Windows Azure
bull wwwazurecombull Cloud servicesbull Web Sitesbull Virtual Machinesbull Storage (blob queue table)bull Service Busbull SQL Azurebull Access Control Servicebull hellip
Office 365 Azure = Windows Azure
wwwAndrewConnellcom
AndrewConnell
The Sandbox Isnrsquot Dead
Where you build sandbox solutions try to replace them with SharePoint Apps
There are many scenarios where Apps canrsquot replace sandbox solutions
Some things are ONLY possible with sandboxed solutions in a hosted deployment
Remember they are deprecated not dead
wwwAndrewConnellcom
AndrewConnell
App Model Parting Thoughts
SharePoint ALM has always been hard NET ALM gt SharePoint ALM
More tools more mature more documentation amp support No longer limited to what SharePoint supports
Latest version of the NET Framework New ldquotoysrdquo (MVC Entity Framework etc) Not limited to any technology stack infrastructure
Working with service layer vs server side API More community tools amp libraries to choose from Can follow more ldquostandardsrdquo
Donrsquot have to scale SharePoint can now just scale the app
wwwAndrewConnellcom
AndrewConnell
CSOM in SharePoint 2010
CSOM made accessible through clientsvcDirect access to clientsvc not supportedCalls to clientsvc must go through
supported entry pointsSupported entry points
NETSilverlight JavaScript
wwwAndrewConnellcom
AndrewConnell
Changes in SharePoint 2013
clientsvc extended with REST capabilitiesclientsvc now supports direct access from
REST clientsclientsvc accepts HTTP GET PUT POST requestsImplemented in accordance with OData protocol
CSOM extended with new APIsNew APIs for SharePoint Server functionalityNew API for Windows Phone Applications
wwwAndrewConnellcom
AndrewConnell
What is covered in the new CSOM
New APIs with SharePoint Server functionality User Profiles
Search
Taxonomy
Feeds
Publishing
Sharing
Workflow
E-Discovery
IRM
Analytics
Business Data
wwwAndrewConnellcom
AndrewConnell
SharePoint 2013 Remote API Architecture
JavaScript Library
Silverlight Library
Net CLR Library
Custom Client Code
Client
Server
_api is new alias for _vti_binclientsvc
OData
Execute Query
wwwAndrewConnellcom
AndrewConnell
What About ListDatasvc
ListDatasvc added REST support for reading amp writing to SharePoint lists in SharePoint 2010
Still present in SharePoint 2013 but primarily only for backwards capability Existing code wonrsquot break
New development recommendation use new SharePoint 2013 RESTOData API
wwwAndrewConnellcom
AndrewConnell
Changes to CSOM in SharePoint 2013
SharePoint Foundation 2013No significant changes to CSOM beyond REST supportPrimary investment was adding REST to existing API
SharePoint Server 2013New APIs added with CSOM and REST support
wwwAndrewConnellcom
AndrewConnell
CSOM using Managed CodeClientContext cc = new ClientContext(httpclientsidewingtipcom)ccCredentials = CredentialCacheDefaultCredentialsWeb site = ccWebListCollection lists = siteLists load site infoccLoad(site s =gt sTitle)ccExecuteQuery()ConsoleWriteLine(Site Title + siteTitle) create listListCreationInformation newList = new ListCreationInformation()newListTitle = Customers CSOMnewListUrl = ListsCustomers_CSOMnewListQuickLaunchOption = QuickLaunchOptionsOnnewListTemplateType = (int)ListTemplateTypeContactssiteListsAdd(newList) refresh lists collectionccLoad(lists) make round trip to Web server to do all the workccExecuteQuery() foreach (List list in lists) ConsoleWriteLine(listTitle)
wwwAndrewConnellcom
AndrewConnell
CSOM using JavaScriptvar ctxvar webvar lists $(onPageLoad) function onPageLoad() ExecuteOrDelayUntilScriptLoaded(initCSOM spjs) function initCSOM() ctx = SPClientContextget_current() web = ctxget_web() ctxload(web) ctxload(webget_currentUser()) lists = webget_lists() ctxload(lists) ctxexecuteQueryAsync(onDisplaySiteInfo onError) function onDisplaySiteInfo() var siteTitle = webget_title() var siteId = webget_id()toString() var siteUrl = webget_url() var currentUser = webget_currentUser()get_loginName() do something with these values function onError(sender args) alert(JSONstringify(args))
wwwAndrewConnellcom
AndrewConnell
Programming CSOM with C
wwwAndrewConnellcom
AndrewConnell
REST URLs in SharePoint 2013
CSOM URLS can go through _api folderSimplifies URLs that need to be builtRemoves clientsvc file name from URL
You can replace this URLhttpwingtipserver_vti_binclientsvcweb
With this URLhttpwingtipserver_apiweb
wwwAndrewConnellcom
AndrewConnell
Mapping Objects to Resources
Example REST URLs targeting SharePoint sites
http[]_apiweblists
http[]_apiweblistsgetByTitle(lsquoContacts)
http[]_apiwebgetAvailableWebTemplates(lcid=1033)
wwwAndrewConnellcom
AndrewConnell
Testing REST Calls Through the Browser
wwwAndrewConnellcom
AndrewConnell
Executing REST Queries Through The Browser
wwwAndrewConnellcom
AndrewConnell
Returning ATOM XML vs JSON
Control data format response withACCEPT header
ATOM-PUB (XML) Verbose
Easier to read
ACCEPT = applicationatom+xml
JSON Condensed notation
Smaller payload
ACCEPT = applicationjsonodata=verbose
d __metadata idF05C411B-943E-42A0-A5DF-205F5C75E673 urihttpintranetwingtipcom_apiWebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2) etag0 typeSPList Id0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2 TitleDocuments
ltentry xmlbase=httpintranetwingtipcom_api xmlns=httpwwww3org2005Atom xmlnsd=httpschemasmicrosoftcomado200708dataservices xmlnsm=httpschemasmicrosoftcomado200708dataservicesmetadata metag=ampquot0ampquotgt ltidgthttpintranetwingtipcom_apiWebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2)ltidgt ltcategory term=SPList scheme=httpschemasmicrosoftcomado200708dataservicesscheme gt ltlink rel=edit href=WebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2) gt lttitle gt ltupdatedgt2012-10-05T205347Zltupdatedgt ltauthorgt ltname gt ltauthorgt ltcontent type=applicationxmlgt ltmpropertiesgt ltdTitlegtDocumentsltdTitlegt ltmpropertiesgt ltcontentgtltentrygt
wwwAndrewConnellcom
AndrewConnell
REST Query from Managed Code
Tips for making REST calls from managed codeUse HttpWebRequest amp HttpWebResponseQuery XML using XDocumentDescendantsOr use JSON amp JavascriptSeralizer JSONNET
build requestUri uri = new Uri(siteUrl + _apiweblistsgetByTitle(Documents)ampselect=Title)HttpWebRequest request = WebRequestCreate(uri) as HttpWebRequestrequestCredentials = CredentialCacheDefaultCredentialsrequestAccept = applicationatom+xml send requestHttpWebResponse response = requestGetResponse() as HttpWebResponse use LINQ to XML to get dataXDocument doc = XDocumentLoad(responseGetResponseStream())XNamespace nsDataService = httpschemasmicrosoftcomado200708dataservicesstring title = docDescendants(nsDataService + Title)First()Value
wwwAndrewConnellcom
AndrewConnell
REST Query Using JavaScript amp jQuery
$(onPageLoad) function onPageLoad() $(cmdGetSiteInfo)click(onGetSiteInfo) function onGetSiteInfo() var requestUri = _spPageContextInfowebAbsoluteUrl + _apiWeb$select=Title execute AJAX request jqxhr = $getJSON(requestUri null OnDataReturned) jqxhrerror(onError) function OnDataReturned(data) var odataResults = datad var siteTitle= odataResultsTitle $(results)html(Title + siteTitle) function onError(err) $(results)text(ERROR + JSONstringify(err))
d __metadata idF05C411B-943E-42A0-A5DF-205F5C75E673 urihttpintranetwingtipcom_apiWeb typeSPWeb Id0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2 TitleMy Site Title
wwwAndrewConnellcom
AndrewConnell
Updates and the Form Digest
Updates using REST require Form DigestSpecial value created using cryptographyUsed to protect against replay attackSharePoint pages include control that contains the Form
DigestWeb service clients must acquire Form
Digest separatelyForm Digest can be acquired through
httpsite_vti_binsitesasmx
wwwAndrewConnellcom
AndrewConnell
Creating Lists with Managed Code amp REST
Parse together URL to point to lists collectionAdd X-RequestDigest header with form
digest valueSet HTTP method to POSTCreate body content with new list info
wwwAndrewConnellcom
AndrewConnell
Creating Lists with JavaScript and REST
function onCreateList() var newList = __metadata typeSPList BaseTemplate105 TemplateFeatureId4AE88D99-DBBC-4B9E-95CC-CA3C320A2345 TitleNewListName var requestHeaders = ACCEPTapplicationjson X-RequestDigest$(__REQUESTDIGEST)val() $ajax( url _spPageContextInfowebAbsoluteUrl + _apiweblists type POST contentType applicationjson data JSONstringify(newList) headers requestHeaders success onSuccess error onError )
Create appropriate JavaScript object and convert to JSON format for request body
Get form digest value from control on page
Create request headers for HTTP Request
Send request to Web server using jQuery $ajax function
Convert request body data to string-based JSON object
wwwAndrewConnellcom
AndrewConnell
Querying and Updating Content Using REST
wwwAndrewConnellcom
AndrewConnell
Questions Want to Learn More
SharePoint Courses for Everyone SharePoint 2007 2010 amp 2013 Developers Administrators amp End Users
Get Training How You Like it Hands-On (classroom with hands-on
labs) Online (live webcast with take-away labs)
Private Classes Available for Large Groups
SharePoint Courses for Everyone SharePoint 2007 2010 amp 2013 Developers Administrators amp End Users
Individual Small Business amp Enterprise Plans Monthly or Annual Subscriptions Watch Online amp Offline
Subscribers Have Access to Entire Catalog
wwwCriticalPathTrainingcom
Hands-On amp Virtual Training
wwwPluralsightcom
On-Demand Training
meandrewconnellcom
- Building Apps for SharePoint 2013 Inside and Outside of the Fir
- Slide 2
- Agenda
- SharePoint 2013 Deployment Options
- Overview of the SharePoint App Model
- App Installation Scopes
- SharePoint App Architecture
- Creating SharePoint Hosted amp Cloud-Hosted Apps
- App Web
- Inspecting the AppWeb
- App Shapes
- App Shapes ndash What It Really Is
- Inspecting App Shapes
- Authentication in SharePoint 2013
- User vs App Authentication Flow
- SharePoint 2013 Authentication Flow
- Provider-Hosted Apps amp App Identity
- OAuth 20 Primer
- Windows Azure ACS
- What is a Server-to-Server (S2S) Trust
- Developing Apps that use S2S Trusts
- OAuth amp S2S Trusts
- What You Might Not Be Aware Of 1
- Creating Apps with Identities amp Permissions
- What You Might Not Be Aware Of 2
- The Sandbox Isnrsquot Dead
- App Model Parting Thoughts
- CSOM in SharePoint 2010
- Changes in SharePoint 2013
- What is covered in the new CSOM
- SharePoint 2013 Remote API Architecture
- What About ListDatasvc
- Changes to CSOM in SharePoint 2013
- CSOM using Managed Code
- CSOM using JavaScript
- Programming CSOM with C
- REST URLs in SharePoint 2013
- Mapping Objects to Resources
- Testing REST Calls Through the Browser
- Executing REST Queries Through The Browser
- Returning ATOM XML vs JSON
- REST Query from Managed Code
- REST Query Using JavaScript amp jQuery
- Updates and the Form Digest
- Creating Lists with Managed Code amp REST
- Creating Lists with JavaScript and REST
- Querying and Updating Content Using REST
- Questions Want to Learn More
-
wwwAndrewConnellcom
AndrewConnell
App Web
App web is created during app installationApp web created as child to site where app is installed
SharePoint-Hosted apps must create app webApp must add start page and related resourcesApp can add other SharePoint elements (eg lists)
Cloud-Hosted apps can create app webMost cloud-hosted apps will not create an app webCloud-hosted app can create app web if needed
wwwAndrewConnellcom
AndrewConnell
Inspecting the AppWeb
wwwAndrewConnellcom
AndrewConnell
App Shapes
What SharePoint Tells youhellipSharePoint-Hosted AppsCloud-Hosted Apps
What Visual Studio Forces You to SelecthellipSharePoint-Hosted AppProvider-Hosted AppAuto-Hosted App
wwwAndrewConnellcom
AndrewConnell
App Shapes ndash What It Really Is
SharePoint-Hosted Apps Everything resides in SharePoint
All Other Types Majority resides external to SharePoint (IIS Azure etc) By default donrsquot trigger creation of AppWebhellip
Unless they include SharePoint artifacts
Auto-Hosted Apps SharePoint handles deployment of external assets
Azure Web SiteSQL Azure Database
wwwAndrewConnellcom
AndrewConnell
Inspecting App Shapes
wwwAndrewConnellcom
AndrewConnell
Authentication in SharePoint 2013
Authentication Flow in SharePoint 2013 User authentication stays the same with standard sites In calls to app web app authentication occurs internally Internal authentication occurs in calls to app web External authentication used for calls from remote web Call context can contain both user and app identity
Requirements for establishing app identity Host web application must be a claims-based Incoming calls must target CSOMREST endpoints
Supported CSOMREST endpoints not extensible
wwwAndrewConnellcom
AndrewConnell
User vs App Authentication Flow
call from user SAMLtoken
call from appOAuthtoken
SharePoint Farm
Web Servers
wwwAndrewConnellcom
AndrewConnell
SharePoint 2013 Authentication Flow
startauthentication
SAML Token
OAuth token
request toapp web
CSOMRESTendpoint
user infoin token
endauthentication
set up call context with user identity
set up call context with user identity and app identity
set up call context with app identity
set up call context with no identity
(anonymous access)
YES NO
YESNO
NO
YES YES YES
NO
NO
wwwAndrewConnellcom
AndrewConnell
Provider-Hosted Apps amp App Identity
OAuth (via Azure ACS)
High-Trust (via S2S Trust amp
certificates)
bull Apps can obtain an identity using one of two methods
wwwAndrewConnellcom
AndrewConnell
OAuth 20 Primer
What is OAuthInternet protocol for creating and managing app identityA cross-platform mechanism for authenticating appsInternet standard used by Facebook Google
and Twitter
SharePoint 2013 use OAuth to establish app identitySharePoint integration with OAuth based on Azure ACSOAuth authentication used in Office 365 but not on-premises farms
wwwAndrewConnellcom
AndrewConnell
Windows Azure ACS
Windows Azure Access Control Service (ACS)Required to use OAuth with SharePoint 2013ACS server acts as authentication serverACS server must be trusted by content serverACS server must be trusted by client app
How is ACS configured as authentication serverIts configured automatically in Office 365 tenanciesNot supported in on-prem farms in SharePoint 2013
wwwAndrewConnellcom
AndrewConnell
What is a Server-to-Server (S2S) Trust
Trusted connection between client app and SharePoint Eliminates need for ACS when running apps in on-premises farm
Trust between servers configured using SSL certificates
App code requires access to private key of SSL certificate
Requires creating Security Token Service on SharePoint server(s)
wwwAndrewConnellcom
AndrewConnell
Developing Apps that use S2S Trusts
What are the developer responsibilities with an S2S app Expose an endpoint to SharePoint to
discover service metadata Authenticate the user (can use Windows Auth FBA etc) Create security tokens to send to SharePoint server
Details of creating the S2S security token S2S token like OAuth token but differs from
OAuth specification Security token must contain app identity Security token can optionally include user identity Security token must be signed using certificatersquos private key
wwwAndrewConnellcom
AndrewConnell
OAuth amp S2S Trusts
OAuth Enabled Apps Before deployment marketplace app must be registered with Azure ACS Apps obtain their identity token from Azure ACS When calling SharePoint app includes OAuth token SharePoint trusts Azure ACS
On-Prem deployments will typically use S2S Before deployment app must be
registered with SharePoint Developer registers a certificate with SharePoint amp associates app with
certificate App creates token using private key of certificate SharePoint trusts this token because it was signed with the private key
wwwAndrewConnellcom
AndrewConnell
What You Might Not Be Aware Of 1
OAuth is only supported in Office 365No support in On-Prem deployments at RTMWhy
Possible update to this story after RTMExtra stepsHotfixCumulative UpdateService PackNext Version
wwwAndrewConnellcom
AndrewConnell
Creating Apps with Identities amp Permissions
wwwAndrewConnellcom
AndrewConnell
What You Might Not Be Aware Of 2
Office 365 Azure
bull ldquoPrivate Cloudrdquobull Azure Web Sitesbull SQL Azure DBsbull Access Control Service
Windows Azure
bull wwwazurecombull Cloud servicesbull Web Sitesbull Virtual Machinesbull Storage (blob queue table)bull Service Busbull SQL Azurebull Access Control Servicebull hellip
Office 365 Azure = Windows Azure
wwwAndrewConnellcom
AndrewConnell
The Sandbox Isnrsquot Dead
Where you build sandbox solutions try to replace them with SharePoint Apps
There are many scenarios where Apps canrsquot replace sandbox solutions
Some things are ONLY possible with sandboxed solutions in a hosted deployment
Remember they are deprecated not dead
wwwAndrewConnellcom
AndrewConnell
App Model Parting Thoughts
SharePoint ALM has always been hard NET ALM gt SharePoint ALM
More tools more mature more documentation amp support No longer limited to what SharePoint supports
Latest version of the NET Framework New ldquotoysrdquo (MVC Entity Framework etc) Not limited to any technology stack infrastructure
Working with service layer vs server side API More community tools amp libraries to choose from Can follow more ldquostandardsrdquo
Donrsquot have to scale SharePoint can now just scale the app
wwwAndrewConnellcom
AndrewConnell
CSOM in SharePoint 2010
CSOM made accessible through clientsvcDirect access to clientsvc not supportedCalls to clientsvc must go through
supported entry pointsSupported entry points
NETSilverlight JavaScript
wwwAndrewConnellcom
AndrewConnell
Changes in SharePoint 2013
clientsvc extended with REST capabilitiesclientsvc now supports direct access from
REST clientsclientsvc accepts HTTP GET PUT POST requestsImplemented in accordance with OData protocol
CSOM extended with new APIsNew APIs for SharePoint Server functionalityNew API for Windows Phone Applications
wwwAndrewConnellcom
AndrewConnell
What is covered in the new CSOM
New APIs with SharePoint Server functionality User Profiles
Search
Taxonomy
Feeds
Publishing
Sharing
Workflow
E-Discovery
IRM
Analytics
Business Data
wwwAndrewConnellcom
AndrewConnell
SharePoint 2013 Remote API Architecture
JavaScript Library
Silverlight Library
Net CLR Library
Custom Client Code
Client
Server
_api is new alias for _vti_binclientsvc
OData
Execute Query
wwwAndrewConnellcom
AndrewConnell
What About ListDatasvc
ListDatasvc added REST support for reading amp writing to SharePoint lists in SharePoint 2010
Still present in SharePoint 2013 but primarily only for backwards capability Existing code wonrsquot break
New development recommendation use new SharePoint 2013 RESTOData API
wwwAndrewConnellcom
AndrewConnell
Changes to CSOM in SharePoint 2013
SharePoint Foundation 2013No significant changes to CSOM beyond REST supportPrimary investment was adding REST to existing API
SharePoint Server 2013New APIs added with CSOM and REST support
wwwAndrewConnellcom
AndrewConnell
CSOM using Managed CodeClientContext cc = new ClientContext(httpclientsidewingtipcom)ccCredentials = CredentialCacheDefaultCredentialsWeb site = ccWebListCollection lists = siteLists load site infoccLoad(site s =gt sTitle)ccExecuteQuery()ConsoleWriteLine(Site Title + siteTitle) create listListCreationInformation newList = new ListCreationInformation()newListTitle = Customers CSOMnewListUrl = ListsCustomers_CSOMnewListQuickLaunchOption = QuickLaunchOptionsOnnewListTemplateType = (int)ListTemplateTypeContactssiteListsAdd(newList) refresh lists collectionccLoad(lists) make round trip to Web server to do all the workccExecuteQuery() foreach (List list in lists) ConsoleWriteLine(listTitle)
wwwAndrewConnellcom
AndrewConnell
CSOM using JavaScriptvar ctxvar webvar lists $(onPageLoad) function onPageLoad() ExecuteOrDelayUntilScriptLoaded(initCSOM spjs) function initCSOM() ctx = SPClientContextget_current() web = ctxget_web() ctxload(web) ctxload(webget_currentUser()) lists = webget_lists() ctxload(lists) ctxexecuteQueryAsync(onDisplaySiteInfo onError) function onDisplaySiteInfo() var siteTitle = webget_title() var siteId = webget_id()toString() var siteUrl = webget_url() var currentUser = webget_currentUser()get_loginName() do something with these values function onError(sender args) alert(JSONstringify(args))
wwwAndrewConnellcom
AndrewConnell
Programming CSOM with C
wwwAndrewConnellcom
AndrewConnell
REST URLs in SharePoint 2013
CSOM URLS can go through _api folderSimplifies URLs that need to be builtRemoves clientsvc file name from URL
You can replace this URLhttpwingtipserver_vti_binclientsvcweb
With this URLhttpwingtipserver_apiweb
wwwAndrewConnellcom
AndrewConnell
Mapping Objects to Resources
Example REST URLs targeting SharePoint sites
http[]_apiweblists
http[]_apiweblistsgetByTitle(lsquoContacts)
http[]_apiwebgetAvailableWebTemplates(lcid=1033)
wwwAndrewConnellcom
AndrewConnell
Testing REST Calls Through the Browser
wwwAndrewConnellcom
AndrewConnell
Executing REST Queries Through The Browser
wwwAndrewConnellcom
AndrewConnell
Returning ATOM XML vs JSON
Control data format response withACCEPT header
ATOM-PUB (XML) Verbose
Easier to read
ACCEPT = applicationatom+xml
JSON Condensed notation
Smaller payload
ACCEPT = applicationjsonodata=verbose
d __metadata idF05C411B-943E-42A0-A5DF-205F5C75E673 urihttpintranetwingtipcom_apiWebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2) etag0 typeSPList Id0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2 TitleDocuments
ltentry xmlbase=httpintranetwingtipcom_api xmlns=httpwwww3org2005Atom xmlnsd=httpschemasmicrosoftcomado200708dataservices xmlnsm=httpschemasmicrosoftcomado200708dataservicesmetadata metag=ampquot0ampquotgt ltidgthttpintranetwingtipcom_apiWebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2)ltidgt ltcategory term=SPList scheme=httpschemasmicrosoftcomado200708dataservicesscheme gt ltlink rel=edit href=WebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2) gt lttitle gt ltupdatedgt2012-10-05T205347Zltupdatedgt ltauthorgt ltname gt ltauthorgt ltcontent type=applicationxmlgt ltmpropertiesgt ltdTitlegtDocumentsltdTitlegt ltmpropertiesgt ltcontentgtltentrygt
wwwAndrewConnellcom
AndrewConnell
REST Query from Managed Code
Tips for making REST calls from managed codeUse HttpWebRequest amp HttpWebResponseQuery XML using XDocumentDescendantsOr use JSON amp JavascriptSeralizer JSONNET
build requestUri uri = new Uri(siteUrl + _apiweblistsgetByTitle(Documents)ampselect=Title)HttpWebRequest request = WebRequestCreate(uri) as HttpWebRequestrequestCredentials = CredentialCacheDefaultCredentialsrequestAccept = applicationatom+xml send requestHttpWebResponse response = requestGetResponse() as HttpWebResponse use LINQ to XML to get dataXDocument doc = XDocumentLoad(responseGetResponseStream())XNamespace nsDataService = httpschemasmicrosoftcomado200708dataservicesstring title = docDescendants(nsDataService + Title)First()Value
wwwAndrewConnellcom
AndrewConnell
REST Query Using JavaScript amp jQuery
$(onPageLoad) function onPageLoad() $(cmdGetSiteInfo)click(onGetSiteInfo) function onGetSiteInfo() var requestUri = _spPageContextInfowebAbsoluteUrl + _apiWeb$select=Title execute AJAX request jqxhr = $getJSON(requestUri null OnDataReturned) jqxhrerror(onError) function OnDataReturned(data) var odataResults = datad var siteTitle= odataResultsTitle $(results)html(Title + siteTitle) function onError(err) $(results)text(ERROR + JSONstringify(err))
d __metadata idF05C411B-943E-42A0-A5DF-205F5C75E673 urihttpintranetwingtipcom_apiWeb typeSPWeb Id0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2 TitleMy Site Title
wwwAndrewConnellcom
AndrewConnell
Updates and the Form Digest
Updates using REST require Form DigestSpecial value created using cryptographyUsed to protect against replay attackSharePoint pages include control that contains the Form
DigestWeb service clients must acquire Form
Digest separatelyForm Digest can be acquired through
httpsite_vti_binsitesasmx
wwwAndrewConnellcom
AndrewConnell
Creating Lists with Managed Code amp REST
Parse together URL to point to lists collectionAdd X-RequestDigest header with form
digest valueSet HTTP method to POSTCreate body content with new list info
wwwAndrewConnellcom
AndrewConnell
Creating Lists with JavaScript and REST
function onCreateList() var newList = __metadata typeSPList BaseTemplate105 TemplateFeatureId4AE88D99-DBBC-4B9E-95CC-CA3C320A2345 TitleNewListName var requestHeaders = ACCEPTapplicationjson X-RequestDigest$(__REQUESTDIGEST)val() $ajax( url _spPageContextInfowebAbsoluteUrl + _apiweblists type POST contentType applicationjson data JSONstringify(newList) headers requestHeaders success onSuccess error onError )
Create appropriate JavaScript object and convert to JSON format for request body
Get form digest value from control on page
Create request headers for HTTP Request
Send request to Web server using jQuery $ajax function
Convert request body data to string-based JSON object
wwwAndrewConnellcom
AndrewConnell
Querying and Updating Content Using REST
wwwAndrewConnellcom
AndrewConnell
Questions Want to Learn More
SharePoint Courses for Everyone SharePoint 2007 2010 amp 2013 Developers Administrators amp End Users
Get Training How You Like it Hands-On (classroom with hands-on
labs) Online (live webcast with take-away labs)
Private Classes Available for Large Groups
SharePoint Courses for Everyone SharePoint 2007 2010 amp 2013 Developers Administrators amp End Users
Individual Small Business amp Enterprise Plans Monthly or Annual Subscriptions Watch Online amp Offline
Subscribers Have Access to Entire Catalog
wwwCriticalPathTrainingcom
Hands-On amp Virtual Training
wwwPluralsightcom
On-Demand Training
meandrewconnellcom
- Building Apps for SharePoint 2013 Inside and Outside of the Fir
- Slide 2
- Agenda
- SharePoint 2013 Deployment Options
- Overview of the SharePoint App Model
- App Installation Scopes
- SharePoint App Architecture
- Creating SharePoint Hosted amp Cloud-Hosted Apps
- App Web
- Inspecting the AppWeb
- App Shapes
- App Shapes ndash What It Really Is
- Inspecting App Shapes
- Authentication in SharePoint 2013
- User vs App Authentication Flow
- SharePoint 2013 Authentication Flow
- Provider-Hosted Apps amp App Identity
- OAuth 20 Primer
- Windows Azure ACS
- What is a Server-to-Server (S2S) Trust
- Developing Apps that use S2S Trusts
- OAuth amp S2S Trusts
- What You Might Not Be Aware Of 1
- Creating Apps with Identities amp Permissions
- What You Might Not Be Aware Of 2
- The Sandbox Isnrsquot Dead
- App Model Parting Thoughts
- CSOM in SharePoint 2010
- Changes in SharePoint 2013
- What is covered in the new CSOM
- SharePoint 2013 Remote API Architecture
- What About ListDatasvc
- Changes to CSOM in SharePoint 2013
- CSOM using Managed Code
- CSOM using JavaScript
- Programming CSOM with C
- REST URLs in SharePoint 2013
- Mapping Objects to Resources
- Testing REST Calls Through the Browser
- Executing REST Queries Through The Browser
- Returning ATOM XML vs JSON
- REST Query from Managed Code
- REST Query Using JavaScript amp jQuery
- Updates and the Form Digest
- Creating Lists with Managed Code amp REST
- Creating Lists with JavaScript and REST
- Querying and Updating Content Using REST
- Questions Want to Learn More
-
wwwAndrewConnellcom
AndrewConnell
Inspecting the AppWeb
wwwAndrewConnellcom
AndrewConnell
App Shapes
What SharePoint Tells youhellipSharePoint-Hosted AppsCloud-Hosted Apps
What Visual Studio Forces You to SelecthellipSharePoint-Hosted AppProvider-Hosted AppAuto-Hosted App
wwwAndrewConnellcom
AndrewConnell
App Shapes ndash What It Really Is
SharePoint-Hosted Apps Everything resides in SharePoint
All Other Types Majority resides external to SharePoint (IIS Azure etc) By default donrsquot trigger creation of AppWebhellip
Unless they include SharePoint artifacts
Auto-Hosted Apps SharePoint handles deployment of external assets
Azure Web SiteSQL Azure Database
wwwAndrewConnellcom
AndrewConnell
Inspecting App Shapes
wwwAndrewConnellcom
AndrewConnell
Authentication in SharePoint 2013
Authentication Flow in SharePoint 2013 User authentication stays the same with standard sites In calls to app web app authentication occurs internally Internal authentication occurs in calls to app web External authentication used for calls from remote web Call context can contain both user and app identity
Requirements for establishing app identity Host web application must be a claims-based Incoming calls must target CSOMREST endpoints
Supported CSOMREST endpoints not extensible
wwwAndrewConnellcom
AndrewConnell
User vs App Authentication Flow
call from user SAMLtoken
call from appOAuthtoken
SharePoint Farm
Web Servers
wwwAndrewConnellcom
AndrewConnell
SharePoint 2013 Authentication Flow
startauthentication
SAML Token
OAuth token
request toapp web
CSOMRESTendpoint
user infoin token
endauthentication
set up call context with user identity
set up call context with user identity and app identity
set up call context with app identity
set up call context with no identity
(anonymous access)
YES NO
YESNO
NO
YES YES YES
NO
NO
wwwAndrewConnellcom
AndrewConnell
Provider-Hosted Apps amp App Identity
OAuth (via Azure ACS)
High-Trust (via S2S Trust amp
certificates)
bull Apps can obtain an identity using one of two methods
wwwAndrewConnellcom
AndrewConnell
OAuth 20 Primer
What is OAuthInternet protocol for creating and managing app identityA cross-platform mechanism for authenticating appsInternet standard used by Facebook Google
and Twitter
SharePoint 2013 use OAuth to establish app identitySharePoint integration with OAuth based on Azure ACSOAuth authentication used in Office 365 but not on-premises farms
wwwAndrewConnellcom
AndrewConnell
Windows Azure ACS
Windows Azure Access Control Service (ACS)Required to use OAuth with SharePoint 2013ACS server acts as authentication serverACS server must be trusted by content serverACS server must be trusted by client app
How is ACS configured as authentication serverIts configured automatically in Office 365 tenanciesNot supported in on-prem farms in SharePoint 2013
wwwAndrewConnellcom
AndrewConnell
What is a Server-to-Server (S2S) Trust
Trusted connection between client app and SharePoint Eliminates need for ACS when running apps in on-premises farm
Trust between servers configured using SSL certificates
App code requires access to private key of SSL certificate
Requires creating Security Token Service on SharePoint server(s)
wwwAndrewConnellcom
AndrewConnell
Developing Apps that use S2S Trusts
What are the developer responsibilities with an S2S app Expose an endpoint to SharePoint to
discover service metadata Authenticate the user (can use Windows Auth FBA etc) Create security tokens to send to SharePoint server
Details of creating the S2S security token S2S token like OAuth token but differs from
OAuth specification Security token must contain app identity Security token can optionally include user identity Security token must be signed using certificatersquos private key
wwwAndrewConnellcom
AndrewConnell
OAuth amp S2S Trusts
OAuth Enabled Apps Before deployment marketplace app must be registered with Azure ACS Apps obtain their identity token from Azure ACS When calling SharePoint app includes OAuth token SharePoint trusts Azure ACS
On-Prem deployments will typically use S2S Before deployment app must be
registered with SharePoint Developer registers a certificate with SharePoint amp associates app with
certificate App creates token using private key of certificate SharePoint trusts this token because it was signed with the private key
wwwAndrewConnellcom
AndrewConnell
What You Might Not Be Aware Of 1
OAuth is only supported in Office 365No support in On-Prem deployments at RTMWhy
Possible update to this story after RTMExtra stepsHotfixCumulative UpdateService PackNext Version
wwwAndrewConnellcom
AndrewConnell
Creating Apps with Identities amp Permissions
wwwAndrewConnellcom
AndrewConnell
What You Might Not Be Aware Of 2
Office 365 Azure
bull ldquoPrivate Cloudrdquobull Azure Web Sitesbull SQL Azure DBsbull Access Control Service
Windows Azure
bull wwwazurecombull Cloud servicesbull Web Sitesbull Virtual Machinesbull Storage (blob queue table)bull Service Busbull SQL Azurebull Access Control Servicebull hellip
Office 365 Azure = Windows Azure
wwwAndrewConnellcom
AndrewConnell
The Sandbox Isnrsquot Dead
Where you build sandbox solutions try to replace them with SharePoint Apps
There are many scenarios where Apps canrsquot replace sandbox solutions
Some things are ONLY possible with sandboxed solutions in a hosted deployment
Remember they are deprecated not dead
wwwAndrewConnellcom
AndrewConnell
App Model Parting Thoughts
SharePoint ALM has always been hard NET ALM gt SharePoint ALM
More tools more mature more documentation amp support No longer limited to what SharePoint supports
Latest version of the NET Framework New ldquotoysrdquo (MVC Entity Framework etc) Not limited to any technology stack infrastructure
Working with service layer vs server side API More community tools amp libraries to choose from Can follow more ldquostandardsrdquo
Donrsquot have to scale SharePoint can now just scale the app
wwwAndrewConnellcom
AndrewConnell
CSOM in SharePoint 2010
CSOM made accessible through clientsvcDirect access to clientsvc not supportedCalls to clientsvc must go through
supported entry pointsSupported entry points
NETSilverlight JavaScript
wwwAndrewConnellcom
AndrewConnell
Changes in SharePoint 2013
clientsvc extended with REST capabilitiesclientsvc now supports direct access from
REST clientsclientsvc accepts HTTP GET PUT POST requestsImplemented in accordance with OData protocol
CSOM extended with new APIsNew APIs for SharePoint Server functionalityNew API for Windows Phone Applications
wwwAndrewConnellcom
AndrewConnell
What is covered in the new CSOM
New APIs with SharePoint Server functionality User Profiles
Search
Taxonomy
Feeds
Publishing
Sharing
Workflow
E-Discovery
IRM
Analytics
Business Data
wwwAndrewConnellcom
AndrewConnell
SharePoint 2013 Remote API Architecture
JavaScript Library
Silverlight Library
Net CLR Library
Custom Client Code
Client
Server
_api is new alias for _vti_binclientsvc
OData
Execute Query
wwwAndrewConnellcom
AndrewConnell
What About ListDatasvc
ListDatasvc added REST support for reading amp writing to SharePoint lists in SharePoint 2010
Still present in SharePoint 2013 but primarily only for backwards capability Existing code wonrsquot break
New development recommendation use new SharePoint 2013 RESTOData API
wwwAndrewConnellcom
AndrewConnell
Changes to CSOM in SharePoint 2013
SharePoint Foundation 2013No significant changes to CSOM beyond REST supportPrimary investment was adding REST to existing API
SharePoint Server 2013New APIs added with CSOM and REST support
wwwAndrewConnellcom
AndrewConnell
CSOM using Managed CodeClientContext cc = new ClientContext(httpclientsidewingtipcom)ccCredentials = CredentialCacheDefaultCredentialsWeb site = ccWebListCollection lists = siteLists load site infoccLoad(site s =gt sTitle)ccExecuteQuery()ConsoleWriteLine(Site Title + siteTitle) create listListCreationInformation newList = new ListCreationInformation()newListTitle = Customers CSOMnewListUrl = ListsCustomers_CSOMnewListQuickLaunchOption = QuickLaunchOptionsOnnewListTemplateType = (int)ListTemplateTypeContactssiteListsAdd(newList) refresh lists collectionccLoad(lists) make round trip to Web server to do all the workccExecuteQuery() foreach (List list in lists) ConsoleWriteLine(listTitle)
wwwAndrewConnellcom
AndrewConnell
CSOM using JavaScriptvar ctxvar webvar lists $(onPageLoad) function onPageLoad() ExecuteOrDelayUntilScriptLoaded(initCSOM spjs) function initCSOM() ctx = SPClientContextget_current() web = ctxget_web() ctxload(web) ctxload(webget_currentUser()) lists = webget_lists() ctxload(lists) ctxexecuteQueryAsync(onDisplaySiteInfo onError) function onDisplaySiteInfo() var siteTitle = webget_title() var siteId = webget_id()toString() var siteUrl = webget_url() var currentUser = webget_currentUser()get_loginName() do something with these values function onError(sender args) alert(JSONstringify(args))
wwwAndrewConnellcom
AndrewConnell
Programming CSOM with C
wwwAndrewConnellcom
AndrewConnell
REST URLs in SharePoint 2013
CSOM URLS can go through _api folderSimplifies URLs that need to be builtRemoves clientsvc file name from URL
You can replace this URLhttpwingtipserver_vti_binclientsvcweb
With this URLhttpwingtipserver_apiweb
wwwAndrewConnellcom
AndrewConnell
Mapping Objects to Resources
Example REST URLs targeting SharePoint sites
http[]_apiweblists
http[]_apiweblistsgetByTitle(lsquoContacts)
http[]_apiwebgetAvailableWebTemplates(lcid=1033)
wwwAndrewConnellcom
AndrewConnell
Testing REST Calls Through the Browser
wwwAndrewConnellcom
AndrewConnell
Executing REST Queries Through The Browser
wwwAndrewConnellcom
AndrewConnell
Returning ATOM XML vs JSON
Control data format response withACCEPT header
ATOM-PUB (XML) Verbose
Easier to read
ACCEPT = applicationatom+xml
JSON Condensed notation
Smaller payload
ACCEPT = applicationjsonodata=verbose
d __metadata idF05C411B-943E-42A0-A5DF-205F5C75E673 urihttpintranetwingtipcom_apiWebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2) etag0 typeSPList Id0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2 TitleDocuments
ltentry xmlbase=httpintranetwingtipcom_api xmlns=httpwwww3org2005Atom xmlnsd=httpschemasmicrosoftcomado200708dataservices xmlnsm=httpschemasmicrosoftcomado200708dataservicesmetadata metag=ampquot0ampquotgt ltidgthttpintranetwingtipcom_apiWebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2)ltidgt ltcategory term=SPList scheme=httpschemasmicrosoftcomado200708dataservicesscheme gt ltlink rel=edit href=WebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2) gt lttitle gt ltupdatedgt2012-10-05T205347Zltupdatedgt ltauthorgt ltname gt ltauthorgt ltcontent type=applicationxmlgt ltmpropertiesgt ltdTitlegtDocumentsltdTitlegt ltmpropertiesgt ltcontentgtltentrygt
wwwAndrewConnellcom
AndrewConnell
REST Query from Managed Code
Tips for making REST calls from managed codeUse HttpWebRequest amp HttpWebResponseQuery XML using XDocumentDescendantsOr use JSON amp JavascriptSeralizer JSONNET
build requestUri uri = new Uri(siteUrl + _apiweblistsgetByTitle(Documents)ampselect=Title)HttpWebRequest request = WebRequestCreate(uri) as HttpWebRequestrequestCredentials = CredentialCacheDefaultCredentialsrequestAccept = applicationatom+xml send requestHttpWebResponse response = requestGetResponse() as HttpWebResponse use LINQ to XML to get dataXDocument doc = XDocumentLoad(responseGetResponseStream())XNamespace nsDataService = httpschemasmicrosoftcomado200708dataservicesstring title = docDescendants(nsDataService + Title)First()Value
wwwAndrewConnellcom
AndrewConnell
REST Query Using JavaScript amp jQuery
$(onPageLoad) function onPageLoad() $(cmdGetSiteInfo)click(onGetSiteInfo) function onGetSiteInfo() var requestUri = _spPageContextInfowebAbsoluteUrl + _apiWeb$select=Title execute AJAX request jqxhr = $getJSON(requestUri null OnDataReturned) jqxhrerror(onError) function OnDataReturned(data) var odataResults = datad var siteTitle= odataResultsTitle $(results)html(Title + siteTitle) function onError(err) $(results)text(ERROR + JSONstringify(err))
d __metadata idF05C411B-943E-42A0-A5DF-205F5C75E673 urihttpintranetwingtipcom_apiWeb typeSPWeb Id0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2 TitleMy Site Title
wwwAndrewConnellcom
AndrewConnell
Updates and the Form Digest
Updates using REST require Form DigestSpecial value created using cryptographyUsed to protect against replay attackSharePoint pages include control that contains the Form
DigestWeb service clients must acquire Form
Digest separatelyForm Digest can be acquired through
httpsite_vti_binsitesasmx
wwwAndrewConnellcom
AndrewConnell
Creating Lists with Managed Code amp REST
Parse together URL to point to lists collectionAdd X-RequestDigest header with form
digest valueSet HTTP method to POSTCreate body content with new list info
wwwAndrewConnellcom
AndrewConnell
Creating Lists with JavaScript and REST
function onCreateList() var newList = __metadata typeSPList BaseTemplate105 TemplateFeatureId4AE88D99-DBBC-4B9E-95CC-CA3C320A2345 TitleNewListName var requestHeaders = ACCEPTapplicationjson X-RequestDigest$(__REQUESTDIGEST)val() $ajax( url _spPageContextInfowebAbsoluteUrl + _apiweblists type POST contentType applicationjson data JSONstringify(newList) headers requestHeaders success onSuccess error onError )
Create appropriate JavaScript object and convert to JSON format for request body
Get form digest value from control on page
Create request headers for HTTP Request
Send request to Web server using jQuery $ajax function
Convert request body data to string-based JSON object
wwwAndrewConnellcom
AndrewConnell
Querying and Updating Content Using REST
wwwAndrewConnellcom
AndrewConnell
Questions Want to Learn More
SharePoint Courses for Everyone SharePoint 2007 2010 amp 2013 Developers Administrators amp End Users
Get Training How You Like it Hands-On (classroom with hands-on
labs) Online (live webcast with take-away labs)
Private Classes Available for Large Groups
SharePoint Courses for Everyone SharePoint 2007 2010 amp 2013 Developers Administrators amp End Users
Individual Small Business amp Enterprise Plans Monthly or Annual Subscriptions Watch Online amp Offline
Subscribers Have Access to Entire Catalog
wwwCriticalPathTrainingcom
Hands-On amp Virtual Training
wwwPluralsightcom
On-Demand Training
meandrewconnellcom
- Building Apps for SharePoint 2013 Inside and Outside of the Fir
- Slide 2
- Agenda
- SharePoint 2013 Deployment Options
- Overview of the SharePoint App Model
- App Installation Scopes
- SharePoint App Architecture
- Creating SharePoint Hosted amp Cloud-Hosted Apps
- App Web
- Inspecting the AppWeb
- App Shapes
- App Shapes ndash What It Really Is
- Inspecting App Shapes
- Authentication in SharePoint 2013
- User vs App Authentication Flow
- SharePoint 2013 Authentication Flow
- Provider-Hosted Apps amp App Identity
- OAuth 20 Primer
- Windows Azure ACS
- What is a Server-to-Server (S2S) Trust
- Developing Apps that use S2S Trusts
- OAuth amp S2S Trusts
- What You Might Not Be Aware Of 1
- Creating Apps with Identities amp Permissions
- What You Might Not Be Aware Of 2
- The Sandbox Isnrsquot Dead
- App Model Parting Thoughts
- CSOM in SharePoint 2010
- Changes in SharePoint 2013
- What is covered in the new CSOM
- SharePoint 2013 Remote API Architecture
- What About ListDatasvc
- Changes to CSOM in SharePoint 2013
- CSOM using Managed Code
- CSOM using JavaScript
- Programming CSOM with C
- REST URLs in SharePoint 2013
- Mapping Objects to Resources
- Testing REST Calls Through the Browser
- Executing REST Queries Through The Browser
- Returning ATOM XML vs JSON
- REST Query from Managed Code
- REST Query Using JavaScript amp jQuery
- Updates and the Form Digest
- Creating Lists with Managed Code amp REST
- Creating Lists with JavaScript and REST
- Querying and Updating Content Using REST
- Questions Want to Learn More
-
wwwAndrewConnellcom
AndrewConnell
App Shapes
What SharePoint Tells youhellipSharePoint-Hosted AppsCloud-Hosted Apps
What Visual Studio Forces You to SelecthellipSharePoint-Hosted AppProvider-Hosted AppAuto-Hosted App
wwwAndrewConnellcom
AndrewConnell
App Shapes ndash What It Really Is
SharePoint-Hosted Apps Everything resides in SharePoint
All Other Types Majority resides external to SharePoint (IIS Azure etc) By default donrsquot trigger creation of AppWebhellip
Unless they include SharePoint artifacts
Auto-Hosted Apps SharePoint handles deployment of external assets
Azure Web SiteSQL Azure Database
wwwAndrewConnellcom
AndrewConnell
Inspecting App Shapes
wwwAndrewConnellcom
AndrewConnell
Authentication in SharePoint 2013
Authentication Flow in SharePoint 2013 User authentication stays the same with standard sites In calls to app web app authentication occurs internally Internal authentication occurs in calls to app web External authentication used for calls from remote web Call context can contain both user and app identity
Requirements for establishing app identity Host web application must be a claims-based Incoming calls must target CSOMREST endpoints
Supported CSOMREST endpoints not extensible
wwwAndrewConnellcom
AndrewConnell
User vs App Authentication Flow
call from user SAMLtoken
call from appOAuthtoken
SharePoint Farm
Web Servers
wwwAndrewConnellcom
AndrewConnell
SharePoint 2013 Authentication Flow
startauthentication
SAML Token
OAuth token
request toapp web
CSOMRESTendpoint
user infoin token
endauthentication
set up call context with user identity
set up call context with user identity and app identity
set up call context with app identity
set up call context with no identity
(anonymous access)
YES NO
YESNO
NO
YES YES YES
NO
NO
wwwAndrewConnellcom
AndrewConnell
Provider-Hosted Apps amp App Identity
OAuth (via Azure ACS)
High-Trust (via S2S Trust amp
certificates)
bull Apps can obtain an identity using one of two methods
wwwAndrewConnellcom
AndrewConnell
OAuth 20 Primer
What is OAuthInternet protocol for creating and managing app identityA cross-platform mechanism for authenticating appsInternet standard used by Facebook Google
and Twitter
SharePoint 2013 use OAuth to establish app identitySharePoint integration with OAuth based on Azure ACSOAuth authentication used in Office 365 but not on-premises farms
wwwAndrewConnellcom
AndrewConnell
Windows Azure ACS
Windows Azure Access Control Service (ACS)Required to use OAuth with SharePoint 2013ACS server acts as authentication serverACS server must be trusted by content serverACS server must be trusted by client app
How is ACS configured as authentication serverIts configured automatically in Office 365 tenanciesNot supported in on-prem farms in SharePoint 2013
wwwAndrewConnellcom
AndrewConnell
What is a Server-to-Server (S2S) Trust
Trusted connection between client app and SharePoint Eliminates need for ACS when running apps in on-premises farm
Trust between servers configured using SSL certificates
App code requires access to private key of SSL certificate
Requires creating Security Token Service on SharePoint server(s)
wwwAndrewConnellcom
AndrewConnell
Developing Apps that use S2S Trusts
What are the developer responsibilities with an S2S app Expose an endpoint to SharePoint to
discover service metadata Authenticate the user (can use Windows Auth FBA etc) Create security tokens to send to SharePoint server
Details of creating the S2S security token S2S token like OAuth token but differs from
OAuth specification Security token must contain app identity Security token can optionally include user identity Security token must be signed using certificatersquos private key
wwwAndrewConnellcom
AndrewConnell
OAuth amp S2S Trusts
OAuth Enabled Apps Before deployment marketplace app must be registered with Azure ACS Apps obtain their identity token from Azure ACS When calling SharePoint app includes OAuth token SharePoint trusts Azure ACS
On-Prem deployments will typically use S2S Before deployment app must be
registered with SharePoint Developer registers a certificate with SharePoint amp associates app with
certificate App creates token using private key of certificate SharePoint trusts this token because it was signed with the private key
wwwAndrewConnellcom
AndrewConnell
What You Might Not Be Aware Of 1
OAuth is only supported in Office 365No support in On-Prem deployments at RTMWhy
Possible update to this story after RTMExtra stepsHotfixCumulative UpdateService PackNext Version
wwwAndrewConnellcom
AndrewConnell
Creating Apps with Identities amp Permissions
wwwAndrewConnellcom
AndrewConnell
What You Might Not Be Aware Of 2
Office 365 Azure
bull ldquoPrivate Cloudrdquobull Azure Web Sitesbull SQL Azure DBsbull Access Control Service
Windows Azure
bull wwwazurecombull Cloud servicesbull Web Sitesbull Virtual Machinesbull Storage (blob queue table)bull Service Busbull SQL Azurebull Access Control Servicebull hellip
Office 365 Azure = Windows Azure
wwwAndrewConnellcom
AndrewConnell
The Sandbox Isnrsquot Dead
Where you build sandbox solutions try to replace them with SharePoint Apps
There are many scenarios where Apps canrsquot replace sandbox solutions
Some things are ONLY possible with sandboxed solutions in a hosted deployment
Remember they are deprecated not dead
wwwAndrewConnellcom
AndrewConnell
App Model Parting Thoughts
SharePoint ALM has always been hard NET ALM gt SharePoint ALM
More tools more mature more documentation amp support No longer limited to what SharePoint supports
Latest version of the NET Framework New ldquotoysrdquo (MVC Entity Framework etc) Not limited to any technology stack infrastructure
Working with service layer vs server side API More community tools amp libraries to choose from Can follow more ldquostandardsrdquo
Donrsquot have to scale SharePoint can now just scale the app
wwwAndrewConnellcom
AndrewConnell
CSOM in SharePoint 2010
CSOM made accessible through clientsvcDirect access to clientsvc not supportedCalls to clientsvc must go through
supported entry pointsSupported entry points
NETSilverlight JavaScript
wwwAndrewConnellcom
AndrewConnell
Changes in SharePoint 2013
clientsvc extended with REST capabilitiesclientsvc now supports direct access from
REST clientsclientsvc accepts HTTP GET PUT POST requestsImplemented in accordance with OData protocol
CSOM extended with new APIsNew APIs for SharePoint Server functionalityNew API for Windows Phone Applications
wwwAndrewConnellcom
AndrewConnell
What is covered in the new CSOM
New APIs with SharePoint Server functionality User Profiles
Search
Taxonomy
Feeds
Publishing
Sharing
Workflow
E-Discovery
IRM
Analytics
Business Data
wwwAndrewConnellcom
AndrewConnell
SharePoint 2013 Remote API Architecture
JavaScript Library
Silverlight Library
Net CLR Library
Custom Client Code
Client
Server
_api is new alias for _vti_binclientsvc
OData
Execute Query
wwwAndrewConnellcom
AndrewConnell
What About ListDatasvc
ListDatasvc added REST support for reading amp writing to SharePoint lists in SharePoint 2010
Still present in SharePoint 2013 but primarily only for backwards capability Existing code wonrsquot break
New development recommendation use new SharePoint 2013 RESTOData API
wwwAndrewConnellcom
AndrewConnell
Changes to CSOM in SharePoint 2013
SharePoint Foundation 2013No significant changes to CSOM beyond REST supportPrimary investment was adding REST to existing API
SharePoint Server 2013New APIs added with CSOM and REST support
wwwAndrewConnellcom
AndrewConnell
CSOM using Managed CodeClientContext cc = new ClientContext(httpclientsidewingtipcom)ccCredentials = CredentialCacheDefaultCredentialsWeb site = ccWebListCollection lists = siteLists load site infoccLoad(site s =gt sTitle)ccExecuteQuery()ConsoleWriteLine(Site Title + siteTitle) create listListCreationInformation newList = new ListCreationInformation()newListTitle = Customers CSOMnewListUrl = ListsCustomers_CSOMnewListQuickLaunchOption = QuickLaunchOptionsOnnewListTemplateType = (int)ListTemplateTypeContactssiteListsAdd(newList) refresh lists collectionccLoad(lists) make round trip to Web server to do all the workccExecuteQuery() foreach (List list in lists) ConsoleWriteLine(listTitle)
wwwAndrewConnellcom
AndrewConnell
CSOM using JavaScriptvar ctxvar webvar lists $(onPageLoad) function onPageLoad() ExecuteOrDelayUntilScriptLoaded(initCSOM spjs) function initCSOM() ctx = SPClientContextget_current() web = ctxget_web() ctxload(web) ctxload(webget_currentUser()) lists = webget_lists() ctxload(lists) ctxexecuteQueryAsync(onDisplaySiteInfo onError) function onDisplaySiteInfo() var siteTitle = webget_title() var siteId = webget_id()toString() var siteUrl = webget_url() var currentUser = webget_currentUser()get_loginName() do something with these values function onError(sender args) alert(JSONstringify(args))
wwwAndrewConnellcom
AndrewConnell
Programming CSOM with C
wwwAndrewConnellcom
AndrewConnell
REST URLs in SharePoint 2013
CSOM URLS can go through _api folderSimplifies URLs that need to be builtRemoves clientsvc file name from URL
You can replace this URLhttpwingtipserver_vti_binclientsvcweb
With this URLhttpwingtipserver_apiweb
wwwAndrewConnellcom
AndrewConnell
Mapping Objects to Resources
Example REST URLs targeting SharePoint sites
http[]_apiweblists
http[]_apiweblistsgetByTitle(lsquoContacts)
http[]_apiwebgetAvailableWebTemplates(lcid=1033)
wwwAndrewConnellcom
AndrewConnell
Testing REST Calls Through the Browser
wwwAndrewConnellcom
AndrewConnell
Executing REST Queries Through The Browser
wwwAndrewConnellcom
AndrewConnell
Returning ATOM XML vs JSON
Control data format response withACCEPT header
ATOM-PUB (XML) Verbose
Easier to read
ACCEPT = applicationatom+xml
JSON Condensed notation
Smaller payload
ACCEPT = applicationjsonodata=verbose
d __metadata idF05C411B-943E-42A0-A5DF-205F5C75E673 urihttpintranetwingtipcom_apiWebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2) etag0 typeSPList Id0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2 TitleDocuments
ltentry xmlbase=httpintranetwingtipcom_api xmlns=httpwwww3org2005Atom xmlnsd=httpschemasmicrosoftcomado200708dataservices xmlnsm=httpschemasmicrosoftcomado200708dataservicesmetadata metag=ampquot0ampquotgt ltidgthttpintranetwingtipcom_apiWebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2)ltidgt ltcategory term=SPList scheme=httpschemasmicrosoftcomado200708dataservicesscheme gt ltlink rel=edit href=WebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2) gt lttitle gt ltupdatedgt2012-10-05T205347Zltupdatedgt ltauthorgt ltname gt ltauthorgt ltcontent type=applicationxmlgt ltmpropertiesgt ltdTitlegtDocumentsltdTitlegt ltmpropertiesgt ltcontentgtltentrygt
wwwAndrewConnellcom
AndrewConnell
REST Query from Managed Code
Tips for making REST calls from managed codeUse HttpWebRequest amp HttpWebResponseQuery XML using XDocumentDescendantsOr use JSON amp JavascriptSeralizer JSONNET
build requestUri uri = new Uri(siteUrl + _apiweblistsgetByTitle(Documents)ampselect=Title)HttpWebRequest request = WebRequestCreate(uri) as HttpWebRequestrequestCredentials = CredentialCacheDefaultCredentialsrequestAccept = applicationatom+xml send requestHttpWebResponse response = requestGetResponse() as HttpWebResponse use LINQ to XML to get dataXDocument doc = XDocumentLoad(responseGetResponseStream())XNamespace nsDataService = httpschemasmicrosoftcomado200708dataservicesstring title = docDescendants(nsDataService + Title)First()Value
wwwAndrewConnellcom
AndrewConnell
REST Query Using JavaScript amp jQuery
$(onPageLoad) function onPageLoad() $(cmdGetSiteInfo)click(onGetSiteInfo) function onGetSiteInfo() var requestUri = _spPageContextInfowebAbsoluteUrl + _apiWeb$select=Title execute AJAX request jqxhr = $getJSON(requestUri null OnDataReturned) jqxhrerror(onError) function OnDataReturned(data) var odataResults = datad var siteTitle= odataResultsTitle $(results)html(Title + siteTitle) function onError(err) $(results)text(ERROR + JSONstringify(err))
d __metadata idF05C411B-943E-42A0-A5DF-205F5C75E673 urihttpintranetwingtipcom_apiWeb typeSPWeb Id0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2 TitleMy Site Title
wwwAndrewConnellcom
AndrewConnell
Updates and the Form Digest
Updates using REST require Form DigestSpecial value created using cryptographyUsed to protect against replay attackSharePoint pages include control that contains the Form
DigestWeb service clients must acquire Form
Digest separatelyForm Digest can be acquired through
httpsite_vti_binsitesasmx
wwwAndrewConnellcom
AndrewConnell
Creating Lists with Managed Code amp REST
Parse together URL to point to lists collectionAdd X-RequestDigest header with form
digest valueSet HTTP method to POSTCreate body content with new list info
wwwAndrewConnellcom
AndrewConnell
Creating Lists with JavaScript and REST
function onCreateList() var newList = __metadata typeSPList BaseTemplate105 TemplateFeatureId4AE88D99-DBBC-4B9E-95CC-CA3C320A2345 TitleNewListName var requestHeaders = ACCEPTapplicationjson X-RequestDigest$(__REQUESTDIGEST)val() $ajax( url _spPageContextInfowebAbsoluteUrl + _apiweblists type POST contentType applicationjson data JSONstringify(newList) headers requestHeaders success onSuccess error onError )
Create appropriate JavaScript object and convert to JSON format for request body
Get form digest value from control on page
Create request headers for HTTP Request
Send request to Web server using jQuery $ajax function
Convert request body data to string-based JSON object
wwwAndrewConnellcom
AndrewConnell
Querying and Updating Content Using REST
wwwAndrewConnellcom
AndrewConnell
Questions Want to Learn More
SharePoint Courses for Everyone SharePoint 2007 2010 amp 2013 Developers Administrators amp End Users
Get Training How You Like it Hands-On (classroom with hands-on
labs) Online (live webcast with take-away labs)
Private Classes Available for Large Groups
SharePoint Courses for Everyone SharePoint 2007 2010 amp 2013 Developers Administrators amp End Users
Individual Small Business amp Enterprise Plans Monthly or Annual Subscriptions Watch Online amp Offline
Subscribers Have Access to Entire Catalog
wwwCriticalPathTrainingcom
Hands-On amp Virtual Training
wwwPluralsightcom
On-Demand Training
meandrewconnellcom
- Building Apps for SharePoint 2013 Inside and Outside of the Fir
- Slide 2
- Agenda
- SharePoint 2013 Deployment Options
- Overview of the SharePoint App Model
- App Installation Scopes
- SharePoint App Architecture
- Creating SharePoint Hosted amp Cloud-Hosted Apps
- App Web
- Inspecting the AppWeb
- App Shapes
- App Shapes ndash What It Really Is
- Inspecting App Shapes
- Authentication in SharePoint 2013
- User vs App Authentication Flow
- SharePoint 2013 Authentication Flow
- Provider-Hosted Apps amp App Identity
- OAuth 20 Primer
- Windows Azure ACS
- What is a Server-to-Server (S2S) Trust
- Developing Apps that use S2S Trusts
- OAuth amp S2S Trusts
- What You Might Not Be Aware Of 1
- Creating Apps with Identities amp Permissions
- What You Might Not Be Aware Of 2
- The Sandbox Isnrsquot Dead
- App Model Parting Thoughts
- CSOM in SharePoint 2010
- Changes in SharePoint 2013
- What is covered in the new CSOM
- SharePoint 2013 Remote API Architecture
- What About ListDatasvc
- Changes to CSOM in SharePoint 2013
- CSOM using Managed Code
- CSOM using JavaScript
- Programming CSOM with C
- REST URLs in SharePoint 2013
- Mapping Objects to Resources
- Testing REST Calls Through the Browser
- Executing REST Queries Through The Browser
- Returning ATOM XML vs JSON
- REST Query from Managed Code
- REST Query Using JavaScript amp jQuery
- Updates and the Form Digest
- Creating Lists with Managed Code amp REST
- Creating Lists with JavaScript and REST
- Querying and Updating Content Using REST
- Questions Want to Learn More
-
wwwAndrewConnellcom
AndrewConnell
App Shapes ndash What It Really Is
SharePoint-Hosted Apps Everything resides in SharePoint
All Other Types Majority resides external to SharePoint (IIS Azure etc) By default donrsquot trigger creation of AppWebhellip
Unless they include SharePoint artifacts
Auto-Hosted Apps SharePoint handles deployment of external assets
Azure Web SiteSQL Azure Database
wwwAndrewConnellcom
AndrewConnell
Inspecting App Shapes
wwwAndrewConnellcom
AndrewConnell
Authentication in SharePoint 2013
Authentication Flow in SharePoint 2013 User authentication stays the same with standard sites In calls to app web app authentication occurs internally Internal authentication occurs in calls to app web External authentication used for calls from remote web Call context can contain both user and app identity
Requirements for establishing app identity Host web application must be a claims-based Incoming calls must target CSOMREST endpoints
Supported CSOMREST endpoints not extensible
wwwAndrewConnellcom
AndrewConnell
User vs App Authentication Flow
call from user SAMLtoken
call from appOAuthtoken
SharePoint Farm
Web Servers
wwwAndrewConnellcom
AndrewConnell
SharePoint 2013 Authentication Flow
startauthentication
SAML Token
OAuth token
request toapp web
CSOMRESTendpoint
user infoin token
endauthentication
set up call context with user identity
set up call context with user identity and app identity
set up call context with app identity
set up call context with no identity
(anonymous access)
YES NO
YESNO
NO
YES YES YES
NO
NO
wwwAndrewConnellcom
AndrewConnell
Provider-Hosted Apps amp App Identity
OAuth (via Azure ACS)
High-Trust (via S2S Trust amp
certificates)
bull Apps can obtain an identity using one of two methods
wwwAndrewConnellcom
AndrewConnell
OAuth 20 Primer
What is OAuthInternet protocol for creating and managing app identityA cross-platform mechanism for authenticating appsInternet standard used by Facebook Google
and Twitter
SharePoint 2013 use OAuth to establish app identitySharePoint integration with OAuth based on Azure ACSOAuth authentication used in Office 365 but not on-premises farms
wwwAndrewConnellcom
AndrewConnell
Windows Azure ACS
Windows Azure Access Control Service (ACS)Required to use OAuth with SharePoint 2013ACS server acts as authentication serverACS server must be trusted by content serverACS server must be trusted by client app
How is ACS configured as authentication serverIts configured automatically in Office 365 tenanciesNot supported in on-prem farms in SharePoint 2013
wwwAndrewConnellcom
AndrewConnell
What is a Server-to-Server (S2S) Trust
Trusted connection between client app and SharePoint Eliminates need for ACS when running apps in on-premises farm
Trust between servers configured using SSL certificates
App code requires access to private key of SSL certificate
Requires creating Security Token Service on SharePoint server(s)
wwwAndrewConnellcom
AndrewConnell
Developing Apps that use S2S Trusts
What are the developer responsibilities with an S2S app Expose an endpoint to SharePoint to
discover service metadata Authenticate the user (can use Windows Auth FBA etc) Create security tokens to send to SharePoint server
Details of creating the S2S security token S2S token like OAuth token but differs from
OAuth specification Security token must contain app identity Security token can optionally include user identity Security token must be signed using certificatersquos private key
wwwAndrewConnellcom
AndrewConnell
OAuth amp S2S Trusts
OAuth Enabled Apps Before deployment marketplace app must be registered with Azure ACS Apps obtain their identity token from Azure ACS When calling SharePoint app includes OAuth token SharePoint trusts Azure ACS
On-Prem deployments will typically use S2S Before deployment app must be
registered with SharePoint Developer registers a certificate with SharePoint amp associates app with
certificate App creates token using private key of certificate SharePoint trusts this token because it was signed with the private key
wwwAndrewConnellcom
AndrewConnell
What You Might Not Be Aware Of 1
OAuth is only supported in Office 365No support in On-Prem deployments at RTMWhy
Possible update to this story after RTMExtra stepsHotfixCumulative UpdateService PackNext Version
wwwAndrewConnellcom
AndrewConnell
Creating Apps with Identities amp Permissions
wwwAndrewConnellcom
AndrewConnell
What You Might Not Be Aware Of 2
Office 365 Azure
bull ldquoPrivate Cloudrdquobull Azure Web Sitesbull SQL Azure DBsbull Access Control Service
Windows Azure
bull wwwazurecombull Cloud servicesbull Web Sitesbull Virtual Machinesbull Storage (blob queue table)bull Service Busbull SQL Azurebull Access Control Servicebull hellip
Office 365 Azure = Windows Azure
wwwAndrewConnellcom
AndrewConnell
The Sandbox Isnrsquot Dead
Where you build sandbox solutions try to replace them with SharePoint Apps
There are many scenarios where Apps canrsquot replace sandbox solutions
Some things are ONLY possible with sandboxed solutions in a hosted deployment
Remember they are deprecated not dead
wwwAndrewConnellcom
AndrewConnell
App Model Parting Thoughts
SharePoint ALM has always been hard NET ALM gt SharePoint ALM
More tools more mature more documentation amp support No longer limited to what SharePoint supports
Latest version of the NET Framework New ldquotoysrdquo (MVC Entity Framework etc) Not limited to any technology stack infrastructure
Working with service layer vs server side API More community tools amp libraries to choose from Can follow more ldquostandardsrdquo
Donrsquot have to scale SharePoint can now just scale the app
wwwAndrewConnellcom
AndrewConnell
CSOM in SharePoint 2010
CSOM made accessible through clientsvcDirect access to clientsvc not supportedCalls to clientsvc must go through
supported entry pointsSupported entry points
NETSilverlight JavaScript
wwwAndrewConnellcom
AndrewConnell
Changes in SharePoint 2013
clientsvc extended with REST capabilitiesclientsvc now supports direct access from
REST clientsclientsvc accepts HTTP GET PUT POST requestsImplemented in accordance with OData protocol
CSOM extended with new APIsNew APIs for SharePoint Server functionalityNew API for Windows Phone Applications
wwwAndrewConnellcom
AndrewConnell
What is covered in the new CSOM
New APIs with SharePoint Server functionality User Profiles
Search
Taxonomy
Feeds
Publishing
Sharing
Workflow
E-Discovery
IRM
Analytics
Business Data
wwwAndrewConnellcom
AndrewConnell
SharePoint 2013 Remote API Architecture
JavaScript Library
Silverlight Library
Net CLR Library
Custom Client Code
Client
Server
_api is new alias for _vti_binclientsvc
OData
Execute Query
wwwAndrewConnellcom
AndrewConnell
What About ListDatasvc
ListDatasvc added REST support for reading amp writing to SharePoint lists in SharePoint 2010
Still present in SharePoint 2013 but primarily only for backwards capability Existing code wonrsquot break
New development recommendation use new SharePoint 2013 RESTOData API
wwwAndrewConnellcom
AndrewConnell
Changes to CSOM in SharePoint 2013
SharePoint Foundation 2013No significant changes to CSOM beyond REST supportPrimary investment was adding REST to existing API
SharePoint Server 2013New APIs added with CSOM and REST support
wwwAndrewConnellcom
AndrewConnell
CSOM using Managed CodeClientContext cc = new ClientContext(httpclientsidewingtipcom)ccCredentials = CredentialCacheDefaultCredentialsWeb site = ccWebListCollection lists = siteLists load site infoccLoad(site s =gt sTitle)ccExecuteQuery()ConsoleWriteLine(Site Title + siteTitle) create listListCreationInformation newList = new ListCreationInformation()newListTitle = Customers CSOMnewListUrl = ListsCustomers_CSOMnewListQuickLaunchOption = QuickLaunchOptionsOnnewListTemplateType = (int)ListTemplateTypeContactssiteListsAdd(newList) refresh lists collectionccLoad(lists) make round trip to Web server to do all the workccExecuteQuery() foreach (List list in lists) ConsoleWriteLine(listTitle)
wwwAndrewConnellcom
AndrewConnell
CSOM using JavaScriptvar ctxvar webvar lists $(onPageLoad) function onPageLoad() ExecuteOrDelayUntilScriptLoaded(initCSOM spjs) function initCSOM() ctx = SPClientContextget_current() web = ctxget_web() ctxload(web) ctxload(webget_currentUser()) lists = webget_lists() ctxload(lists) ctxexecuteQueryAsync(onDisplaySiteInfo onError) function onDisplaySiteInfo() var siteTitle = webget_title() var siteId = webget_id()toString() var siteUrl = webget_url() var currentUser = webget_currentUser()get_loginName() do something with these values function onError(sender args) alert(JSONstringify(args))
wwwAndrewConnellcom
AndrewConnell
Programming CSOM with C
wwwAndrewConnellcom
AndrewConnell
REST URLs in SharePoint 2013
CSOM URLS can go through _api folderSimplifies URLs that need to be builtRemoves clientsvc file name from URL
You can replace this URLhttpwingtipserver_vti_binclientsvcweb
With this URLhttpwingtipserver_apiweb
wwwAndrewConnellcom
AndrewConnell
Mapping Objects to Resources
Example REST URLs targeting SharePoint sites
http[]_apiweblists
http[]_apiweblistsgetByTitle(lsquoContacts)
http[]_apiwebgetAvailableWebTemplates(lcid=1033)
wwwAndrewConnellcom
AndrewConnell
Testing REST Calls Through the Browser
wwwAndrewConnellcom
AndrewConnell
Executing REST Queries Through The Browser
wwwAndrewConnellcom
AndrewConnell
Returning ATOM XML vs JSON
Control data format response withACCEPT header
ATOM-PUB (XML) Verbose
Easier to read
ACCEPT = applicationatom+xml
JSON Condensed notation
Smaller payload
ACCEPT = applicationjsonodata=verbose
d __metadata idF05C411B-943E-42A0-A5DF-205F5C75E673 urihttpintranetwingtipcom_apiWebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2) etag0 typeSPList Id0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2 TitleDocuments
ltentry xmlbase=httpintranetwingtipcom_api xmlns=httpwwww3org2005Atom xmlnsd=httpschemasmicrosoftcomado200708dataservices xmlnsm=httpschemasmicrosoftcomado200708dataservicesmetadata metag=ampquot0ampquotgt ltidgthttpintranetwingtipcom_apiWebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2)ltidgt ltcategory term=SPList scheme=httpschemasmicrosoftcomado200708dataservicesscheme gt ltlink rel=edit href=WebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2) gt lttitle gt ltupdatedgt2012-10-05T205347Zltupdatedgt ltauthorgt ltname gt ltauthorgt ltcontent type=applicationxmlgt ltmpropertiesgt ltdTitlegtDocumentsltdTitlegt ltmpropertiesgt ltcontentgtltentrygt
wwwAndrewConnellcom
AndrewConnell
REST Query from Managed Code
Tips for making REST calls from managed codeUse HttpWebRequest amp HttpWebResponseQuery XML using XDocumentDescendantsOr use JSON amp JavascriptSeralizer JSONNET
build requestUri uri = new Uri(siteUrl + _apiweblistsgetByTitle(Documents)ampselect=Title)HttpWebRequest request = WebRequestCreate(uri) as HttpWebRequestrequestCredentials = CredentialCacheDefaultCredentialsrequestAccept = applicationatom+xml send requestHttpWebResponse response = requestGetResponse() as HttpWebResponse use LINQ to XML to get dataXDocument doc = XDocumentLoad(responseGetResponseStream())XNamespace nsDataService = httpschemasmicrosoftcomado200708dataservicesstring title = docDescendants(nsDataService + Title)First()Value
wwwAndrewConnellcom
AndrewConnell
REST Query Using JavaScript amp jQuery
$(onPageLoad) function onPageLoad() $(cmdGetSiteInfo)click(onGetSiteInfo) function onGetSiteInfo() var requestUri = _spPageContextInfowebAbsoluteUrl + _apiWeb$select=Title execute AJAX request jqxhr = $getJSON(requestUri null OnDataReturned) jqxhrerror(onError) function OnDataReturned(data) var odataResults = datad var siteTitle= odataResultsTitle $(results)html(Title + siteTitle) function onError(err) $(results)text(ERROR + JSONstringify(err))
d __metadata idF05C411B-943E-42A0-A5DF-205F5C75E673 urihttpintranetwingtipcom_apiWeb typeSPWeb Id0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2 TitleMy Site Title
wwwAndrewConnellcom
AndrewConnell
Updates and the Form Digest
Updates using REST require Form DigestSpecial value created using cryptographyUsed to protect against replay attackSharePoint pages include control that contains the Form
DigestWeb service clients must acquire Form
Digest separatelyForm Digest can be acquired through
httpsite_vti_binsitesasmx
wwwAndrewConnellcom
AndrewConnell
Creating Lists with Managed Code amp REST
Parse together URL to point to lists collectionAdd X-RequestDigest header with form
digest valueSet HTTP method to POSTCreate body content with new list info
wwwAndrewConnellcom
AndrewConnell
Creating Lists with JavaScript and REST
function onCreateList() var newList = __metadata typeSPList BaseTemplate105 TemplateFeatureId4AE88D99-DBBC-4B9E-95CC-CA3C320A2345 TitleNewListName var requestHeaders = ACCEPTapplicationjson X-RequestDigest$(__REQUESTDIGEST)val() $ajax( url _spPageContextInfowebAbsoluteUrl + _apiweblists type POST contentType applicationjson data JSONstringify(newList) headers requestHeaders success onSuccess error onError )
Create appropriate JavaScript object and convert to JSON format for request body
Get form digest value from control on page
Create request headers for HTTP Request
Send request to Web server using jQuery $ajax function
Convert request body data to string-based JSON object
wwwAndrewConnellcom
AndrewConnell
Querying and Updating Content Using REST
wwwAndrewConnellcom
AndrewConnell
Questions Want to Learn More
SharePoint Courses for Everyone SharePoint 2007 2010 amp 2013 Developers Administrators amp End Users
Get Training How You Like it Hands-On (classroom with hands-on
labs) Online (live webcast with take-away labs)
Private Classes Available for Large Groups
SharePoint Courses for Everyone SharePoint 2007 2010 amp 2013 Developers Administrators amp End Users
Individual Small Business amp Enterprise Plans Monthly or Annual Subscriptions Watch Online amp Offline
Subscribers Have Access to Entire Catalog
wwwCriticalPathTrainingcom
Hands-On amp Virtual Training
wwwPluralsightcom
On-Demand Training
meandrewconnellcom
- Building Apps for SharePoint 2013 Inside and Outside of the Fir
- Slide 2
- Agenda
- SharePoint 2013 Deployment Options
- Overview of the SharePoint App Model
- App Installation Scopes
- SharePoint App Architecture
- Creating SharePoint Hosted amp Cloud-Hosted Apps
- App Web
- Inspecting the AppWeb
- App Shapes
- App Shapes ndash What It Really Is
- Inspecting App Shapes
- Authentication in SharePoint 2013
- User vs App Authentication Flow
- SharePoint 2013 Authentication Flow
- Provider-Hosted Apps amp App Identity
- OAuth 20 Primer
- Windows Azure ACS
- What is a Server-to-Server (S2S) Trust
- Developing Apps that use S2S Trusts
- OAuth amp S2S Trusts
- What You Might Not Be Aware Of 1
- Creating Apps with Identities amp Permissions
- What You Might Not Be Aware Of 2
- The Sandbox Isnrsquot Dead
- App Model Parting Thoughts
- CSOM in SharePoint 2010
- Changes in SharePoint 2013
- What is covered in the new CSOM
- SharePoint 2013 Remote API Architecture
- What About ListDatasvc
- Changes to CSOM in SharePoint 2013
- CSOM using Managed Code
- CSOM using JavaScript
- Programming CSOM with C
- REST URLs in SharePoint 2013
- Mapping Objects to Resources
- Testing REST Calls Through the Browser
- Executing REST Queries Through The Browser
- Returning ATOM XML vs JSON
- REST Query from Managed Code
- REST Query Using JavaScript amp jQuery
- Updates and the Form Digest
- Creating Lists with Managed Code amp REST
- Creating Lists with JavaScript and REST
- Querying and Updating Content Using REST
- Questions Want to Learn More
-
wwwAndrewConnellcom
AndrewConnell
Inspecting App Shapes
wwwAndrewConnellcom
AndrewConnell
Authentication in SharePoint 2013
Authentication Flow in SharePoint 2013 User authentication stays the same with standard sites In calls to app web app authentication occurs internally Internal authentication occurs in calls to app web External authentication used for calls from remote web Call context can contain both user and app identity
Requirements for establishing app identity Host web application must be a claims-based Incoming calls must target CSOMREST endpoints
Supported CSOMREST endpoints not extensible
wwwAndrewConnellcom
AndrewConnell
User vs App Authentication Flow
call from user SAMLtoken
call from appOAuthtoken
SharePoint Farm
Web Servers
wwwAndrewConnellcom
AndrewConnell
SharePoint 2013 Authentication Flow
startauthentication
SAML Token
OAuth token
request toapp web
CSOMRESTendpoint
user infoin token
endauthentication
set up call context with user identity
set up call context with user identity and app identity
set up call context with app identity
set up call context with no identity
(anonymous access)
YES NO
YESNO
NO
YES YES YES
NO
NO
wwwAndrewConnellcom
AndrewConnell
Provider-Hosted Apps amp App Identity
OAuth (via Azure ACS)
High-Trust (via S2S Trust amp
certificates)
bull Apps can obtain an identity using one of two methods
wwwAndrewConnellcom
AndrewConnell
OAuth 20 Primer
What is OAuthInternet protocol for creating and managing app identityA cross-platform mechanism for authenticating appsInternet standard used by Facebook Google
and Twitter
SharePoint 2013 use OAuth to establish app identitySharePoint integration with OAuth based on Azure ACSOAuth authentication used in Office 365 but not on-premises farms
wwwAndrewConnellcom
AndrewConnell
Windows Azure ACS
Windows Azure Access Control Service (ACS)Required to use OAuth with SharePoint 2013ACS server acts as authentication serverACS server must be trusted by content serverACS server must be trusted by client app
How is ACS configured as authentication serverIts configured automatically in Office 365 tenanciesNot supported in on-prem farms in SharePoint 2013
wwwAndrewConnellcom
AndrewConnell
What is a Server-to-Server (S2S) Trust
Trusted connection between client app and SharePoint Eliminates need for ACS when running apps in on-premises farm
Trust between servers configured using SSL certificates
App code requires access to private key of SSL certificate
Requires creating Security Token Service on SharePoint server(s)
wwwAndrewConnellcom
AndrewConnell
Developing Apps that use S2S Trusts
What are the developer responsibilities with an S2S app Expose an endpoint to SharePoint to
discover service metadata Authenticate the user (can use Windows Auth FBA etc) Create security tokens to send to SharePoint server
Details of creating the S2S security token S2S token like OAuth token but differs from
OAuth specification Security token must contain app identity Security token can optionally include user identity Security token must be signed using certificatersquos private key
wwwAndrewConnellcom
AndrewConnell
OAuth amp S2S Trusts
OAuth Enabled Apps Before deployment marketplace app must be registered with Azure ACS Apps obtain their identity token from Azure ACS When calling SharePoint app includes OAuth token SharePoint trusts Azure ACS
On-Prem deployments will typically use S2S Before deployment app must be
registered with SharePoint Developer registers a certificate with SharePoint amp associates app with
certificate App creates token using private key of certificate SharePoint trusts this token because it was signed with the private key
wwwAndrewConnellcom
AndrewConnell
What You Might Not Be Aware Of 1
OAuth is only supported in Office 365No support in On-Prem deployments at RTMWhy
Possible update to this story after RTMExtra stepsHotfixCumulative UpdateService PackNext Version
wwwAndrewConnellcom
AndrewConnell
Creating Apps with Identities amp Permissions
wwwAndrewConnellcom
AndrewConnell
What You Might Not Be Aware Of 2
Office 365 Azure
bull ldquoPrivate Cloudrdquobull Azure Web Sitesbull SQL Azure DBsbull Access Control Service
Windows Azure
bull wwwazurecombull Cloud servicesbull Web Sitesbull Virtual Machinesbull Storage (blob queue table)bull Service Busbull SQL Azurebull Access Control Servicebull hellip
Office 365 Azure = Windows Azure
wwwAndrewConnellcom
AndrewConnell
The Sandbox Isnrsquot Dead
Where you build sandbox solutions try to replace them with SharePoint Apps
There are many scenarios where Apps canrsquot replace sandbox solutions
Some things are ONLY possible with sandboxed solutions in a hosted deployment
Remember they are deprecated not dead
wwwAndrewConnellcom
AndrewConnell
App Model Parting Thoughts
SharePoint ALM has always been hard NET ALM gt SharePoint ALM
More tools more mature more documentation amp support No longer limited to what SharePoint supports
Latest version of the NET Framework New ldquotoysrdquo (MVC Entity Framework etc) Not limited to any technology stack infrastructure
Working with service layer vs server side API More community tools amp libraries to choose from Can follow more ldquostandardsrdquo
Donrsquot have to scale SharePoint can now just scale the app
wwwAndrewConnellcom
AndrewConnell
CSOM in SharePoint 2010
CSOM made accessible through clientsvcDirect access to clientsvc not supportedCalls to clientsvc must go through
supported entry pointsSupported entry points
NETSilverlight JavaScript
wwwAndrewConnellcom
AndrewConnell
Changes in SharePoint 2013
clientsvc extended with REST capabilitiesclientsvc now supports direct access from
REST clientsclientsvc accepts HTTP GET PUT POST requestsImplemented in accordance with OData protocol
CSOM extended with new APIsNew APIs for SharePoint Server functionalityNew API for Windows Phone Applications
wwwAndrewConnellcom
AndrewConnell
What is covered in the new CSOM
New APIs with SharePoint Server functionality User Profiles
Search
Taxonomy
Feeds
Publishing
Sharing
Workflow
E-Discovery
IRM
Analytics
Business Data
wwwAndrewConnellcom
AndrewConnell
SharePoint 2013 Remote API Architecture
JavaScript Library
Silverlight Library
Net CLR Library
Custom Client Code
Client
Server
_api is new alias for _vti_binclientsvc
OData
Execute Query
wwwAndrewConnellcom
AndrewConnell
What About ListDatasvc
ListDatasvc added REST support for reading amp writing to SharePoint lists in SharePoint 2010
Still present in SharePoint 2013 but primarily only for backwards capability Existing code wonrsquot break
New development recommendation use new SharePoint 2013 RESTOData API
wwwAndrewConnellcom
AndrewConnell
Changes to CSOM in SharePoint 2013
SharePoint Foundation 2013No significant changes to CSOM beyond REST supportPrimary investment was adding REST to existing API
SharePoint Server 2013New APIs added with CSOM and REST support
wwwAndrewConnellcom
AndrewConnell
CSOM using Managed CodeClientContext cc = new ClientContext(httpclientsidewingtipcom)ccCredentials = CredentialCacheDefaultCredentialsWeb site = ccWebListCollection lists = siteLists load site infoccLoad(site s =gt sTitle)ccExecuteQuery()ConsoleWriteLine(Site Title + siteTitle) create listListCreationInformation newList = new ListCreationInformation()newListTitle = Customers CSOMnewListUrl = ListsCustomers_CSOMnewListQuickLaunchOption = QuickLaunchOptionsOnnewListTemplateType = (int)ListTemplateTypeContactssiteListsAdd(newList) refresh lists collectionccLoad(lists) make round trip to Web server to do all the workccExecuteQuery() foreach (List list in lists) ConsoleWriteLine(listTitle)
wwwAndrewConnellcom
AndrewConnell
CSOM using JavaScriptvar ctxvar webvar lists $(onPageLoad) function onPageLoad() ExecuteOrDelayUntilScriptLoaded(initCSOM spjs) function initCSOM() ctx = SPClientContextget_current() web = ctxget_web() ctxload(web) ctxload(webget_currentUser()) lists = webget_lists() ctxload(lists) ctxexecuteQueryAsync(onDisplaySiteInfo onError) function onDisplaySiteInfo() var siteTitle = webget_title() var siteId = webget_id()toString() var siteUrl = webget_url() var currentUser = webget_currentUser()get_loginName() do something with these values function onError(sender args) alert(JSONstringify(args))
wwwAndrewConnellcom
AndrewConnell
Programming CSOM with C
wwwAndrewConnellcom
AndrewConnell
REST URLs in SharePoint 2013
CSOM URLS can go through _api folderSimplifies URLs that need to be builtRemoves clientsvc file name from URL
You can replace this URLhttpwingtipserver_vti_binclientsvcweb
With this URLhttpwingtipserver_apiweb
wwwAndrewConnellcom
AndrewConnell
Mapping Objects to Resources
Example REST URLs targeting SharePoint sites
http[]_apiweblists
http[]_apiweblistsgetByTitle(lsquoContacts)
http[]_apiwebgetAvailableWebTemplates(lcid=1033)
wwwAndrewConnellcom
AndrewConnell
Testing REST Calls Through the Browser
wwwAndrewConnellcom
AndrewConnell
Executing REST Queries Through The Browser
wwwAndrewConnellcom
AndrewConnell
Returning ATOM XML vs JSON
Control data format response withACCEPT header
ATOM-PUB (XML) Verbose
Easier to read
ACCEPT = applicationatom+xml
JSON Condensed notation
Smaller payload
ACCEPT = applicationjsonodata=verbose
d __metadata idF05C411B-943E-42A0-A5DF-205F5C75E673 urihttpintranetwingtipcom_apiWebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2) etag0 typeSPList Id0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2 TitleDocuments
ltentry xmlbase=httpintranetwingtipcom_api xmlns=httpwwww3org2005Atom xmlnsd=httpschemasmicrosoftcomado200708dataservices xmlnsm=httpschemasmicrosoftcomado200708dataservicesmetadata metag=ampquot0ampquotgt ltidgthttpintranetwingtipcom_apiWebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2)ltidgt ltcategory term=SPList scheme=httpschemasmicrosoftcomado200708dataservicesscheme gt ltlink rel=edit href=WebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2) gt lttitle gt ltupdatedgt2012-10-05T205347Zltupdatedgt ltauthorgt ltname gt ltauthorgt ltcontent type=applicationxmlgt ltmpropertiesgt ltdTitlegtDocumentsltdTitlegt ltmpropertiesgt ltcontentgtltentrygt
wwwAndrewConnellcom
AndrewConnell
REST Query from Managed Code
Tips for making REST calls from managed codeUse HttpWebRequest amp HttpWebResponseQuery XML using XDocumentDescendantsOr use JSON amp JavascriptSeralizer JSONNET
build requestUri uri = new Uri(siteUrl + _apiweblistsgetByTitle(Documents)ampselect=Title)HttpWebRequest request = WebRequestCreate(uri) as HttpWebRequestrequestCredentials = CredentialCacheDefaultCredentialsrequestAccept = applicationatom+xml send requestHttpWebResponse response = requestGetResponse() as HttpWebResponse use LINQ to XML to get dataXDocument doc = XDocumentLoad(responseGetResponseStream())XNamespace nsDataService = httpschemasmicrosoftcomado200708dataservicesstring title = docDescendants(nsDataService + Title)First()Value
wwwAndrewConnellcom
AndrewConnell
REST Query Using JavaScript amp jQuery
$(onPageLoad) function onPageLoad() $(cmdGetSiteInfo)click(onGetSiteInfo) function onGetSiteInfo() var requestUri = _spPageContextInfowebAbsoluteUrl + _apiWeb$select=Title execute AJAX request jqxhr = $getJSON(requestUri null OnDataReturned) jqxhrerror(onError) function OnDataReturned(data) var odataResults = datad var siteTitle= odataResultsTitle $(results)html(Title + siteTitle) function onError(err) $(results)text(ERROR + JSONstringify(err))
d __metadata idF05C411B-943E-42A0-A5DF-205F5C75E673 urihttpintranetwingtipcom_apiWeb typeSPWeb Id0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2 TitleMy Site Title
wwwAndrewConnellcom
AndrewConnell
Updates and the Form Digest
Updates using REST require Form DigestSpecial value created using cryptographyUsed to protect against replay attackSharePoint pages include control that contains the Form
DigestWeb service clients must acquire Form
Digest separatelyForm Digest can be acquired through
httpsite_vti_binsitesasmx
wwwAndrewConnellcom
AndrewConnell
Creating Lists with Managed Code amp REST
Parse together URL to point to lists collectionAdd X-RequestDigest header with form
digest valueSet HTTP method to POSTCreate body content with new list info
wwwAndrewConnellcom
AndrewConnell
Creating Lists with JavaScript and REST
function onCreateList() var newList = __metadata typeSPList BaseTemplate105 TemplateFeatureId4AE88D99-DBBC-4B9E-95CC-CA3C320A2345 TitleNewListName var requestHeaders = ACCEPTapplicationjson X-RequestDigest$(__REQUESTDIGEST)val() $ajax( url _spPageContextInfowebAbsoluteUrl + _apiweblists type POST contentType applicationjson data JSONstringify(newList) headers requestHeaders success onSuccess error onError )
Create appropriate JavaScript object and convert to JSON format for request body
Get form digest value from control on page
Create request headers for HTTP Request
Send request to Web server using jQuery $ajax function
Convert request body data to string-based JSON object
wwwAndrewConnellcom
AndrewConnell
Querying and Updating Content Using REST
wwwAndrewConnellcom
AndrewConnell
Questions Want to Learn More
SharePoint Courses for Everyone SharePoint 2007 2010 amp 2013 Developers Administrators amp End Users
Get Training How You Like it Hands-On (classroom with hands-on
labs) Online (live webcast with take-away labs)
Private Classes Available for Large Groups
SharePoint Courses for Everyone SharePoint 2007 2010 amp 2013 Developers Administrators amp End Users
Individual Small Business amp Enterprise Plans Monthly or Annual Subscriptions Watch Online amp Offline
Subscribers Have Access to Entire Catalog
wwwCriticalPathTrainingcom
Hands-On amp Virtual Training
wwwPluralsightcom
On-Demand Training
meandrewconnellcom
- Building Apps for SharePoint 2013 Inside and Outside of the Fir
- Slide 2
- Agenda
- SharePoint 2013 Deployment Options
- Overview of the SharePoint App Model
- App Installation Scopes
- SharePoint App Architecture
- Creating SharePoint Hosted amp Cloud-Hosted Apps
- App Web
- Inspecting the AppWeb
- App Shapes
- App Shapes ndash What It Really Is
- Inspecting App Shapes
- Authentication in SharePoint 2013
- User vs App Authentication Flow
- SharePoint 2013 Authentication Flow
- Provider-Hosted Apps amp App Identity
- OAuth 20 Primer
- Windows Azure ACS
- What is a Server-to-Server (S2S) Trust
- Developing Apps that use S2S Trusts
- OAuth amp S2S Trusts
- What You Might Not Be Aware Of 1
- Creating Apps with Identities amp Permissions
- What You Might Not Be Aware Of 2
- The Sandbox Isnrsquot Dead
- App Model Parting Thoughts
- CSOM in SharePoint 2010
- Changes in SharePoint 2013
- What is covered in the new CSOM
- SharePoint 2013 Remote API Architecture
- What About ListDatasvc
- Changes to CSOM in SharePoint 2013
- CSOM using Managed Code
- CSOM using JavaScript
- Programming CSOM with C
- REST URLs in SharePoint 2013
- Mapping Objects to Resources
- Testing REST Calls Through the Browser
- Executing REST Queries Through The Browser
- Returning ATOM XML vs JSON
- REST Query from Managed Code
- REST Query Using JavaScript amp jQuery
- Updates and the Form Digest
- Creating Lists with Managed Code amp REST
- Creating Lists with JavaScript and REST
- Querying and Updating Content Using REST
- Questions Want to Learn More
-
wwwAndrewConnellcom
AndrewConnell
Authentication in SharePoint 2013
Authentication Flow in SharePoint 2013 User authentication stays the same with standard sites In calls to app web app authentication occurs internally Internal authentication occurs in calls to app web External authentication used for calls from remote web Call context can contain both user and app identity
Requirements for establishing app identity Host web application must be a claims-based Incoming calls must target CSOMREST endpoints
Supported CSOMREST endpoints not extensible
wwwAndrewConnellcom
AndrewConnell
User vs App Authentication Flow
call from user SAMLtoken
call from appOAuthtoken
SharePoint Farm
Web Servers
wwwAndrewConnellcom
AndrewConnell
SharePoint 2013 Authentication Flow
startauthentication
SAML Token
OAuth token
request toapp web
CSOMRESTendpoint
user infoin token
endauthentication
set up call context with user identity
set up call context with user identity and app identity
set up call context with app identity
set up call context with no identity
(anonymous access)
YES NO
YESNO
NO
YES YES YES
NO
NO
wwwAndrewConnellcom
AndrewConnell
Provider-Hosted Apps amp App Identity
OAuth (via Azure ACS)
High-Trust (via S2S Trust amp
certificates)
bull Apps can obtain an identity using one of two methods
wwwAndrewConnellcom
AndrewConnell
OAuth 20 Primer
What is OAuthInternet protocol for creating and managing app identityA cross-platform mechanism for authenticating appsInternet standard used by Facebook Google
and Twitter
SharePoint 2013 use OAuth to establish app identitySharePoint integration with OAuth based on Azure ACSOAuth authentication used in Office 365 but not on-premises farms
wwwAndrewConnellcom
AndrewConnell
Windows Azure ACS
Windows Azure Access Control Service (ACS)Required to use OAuth with SharePoint 2013ACS server acts as authentication serverACS server must be trusted by content serverACS server must be trusted by client app
How is ACS configured as authentication serverIts configured automatically in Office 365 tenanciesNot supported in on-prem farms in SharePoint 2013
wwwAndrewConnellcom
AndrewConnell
What is a Server-to-Server (S2S) Trust
Trusted connection between client app and SharePoint Eliminates need for ACS when running apps in on-premises farm
Trust between servers configured using SSL certificates
App code requires access to private key of SSL certificate
Requires creating Security Token Service on SharePoint server(s)
wwwAndrewConnellcom
AndrewConnell
Developing Apps that use S2S Trusts
What are the developer responsibilities with an S2S app Expose an endpoint to SharePoint to
discover service metadata Authenticate the user (can use Windows Auth FBA etc) Create security tokens to send to SharePoint server
Details of creating the S2S security token S2S token like OAuth token but differs from
OAuth specification Security token must contain app identity Security token can optionally include user identity Security token must be signed using certificatersquos private key
wwwAndrewConnellcom
AndrewConnell
OAuth amp S2S Trusts
OAuth Enabled Apps Before deployment marketplace app must be registered with Azure ACS Apps obtain their identity token from Azure ACS When calling SharePoint app includes OAuth token SharePoint trusts Azure ACS
On-Prem deployments will typically use S2S Before deployment app must be
registered with SharePoint Developer registers a certificate with SharePoint amp associates app with
certificate App creates token using private key of certificate SharePoint trusts this token because it was signed with the private key
wwwAndrewConnellcom
AndrewConnell
What You Might Not Be Aware Of 1
OAuth is only supported in Office 365No support in On-Prem deployments at RTMWhy
Possible update to this story after RTMExtra stepsHotfixCumulative UpdateService PackNext Version
wwwAndrewConnellcom
AndrewConnell
Creating Apps with Identities amp Permissions
wwwAndrewConnellcom
AndrewConnell
What You Might Not Be Aware Of 2
Office 365 Azure
bull ldquoPrivate Cloudrdquobull Azure Web Sitesbull SQL Azure DBsbull Access Control Service
Windows Azure
bull wwwazurecombull Cloud servicesbull Web Sitesbull Virtual Machinesbull Storage (blob queue table)bull Service Busbull SQL Azurebull Access Control Servicebull hellip
Office 365 Azure = Windows Azure
wwwAndrewConnellcom
AndrewConnell
The Sandbox Isnrsquot Dead
Where you build sandbox solutions try to replace them with SharePoint Apps
There are many scenarios where Apps canrsquot replace sandbox solutions
Some things are ONLY possible with sandboxed solutions in a hosted deployment
Remember they are deprecated not dead
wwwAndrewConnellcom
AndrewConnell
App Model Parting Thoughts
SharePoint ALM has always been hard NET ALM gt SharePoint ALM
More tools more mature more documentation amp support No longer limited to what SharePoint supports
Latest version of the NET Framework New ldquotoysrdquo (MVC Entity Framework etc) Not limited to any technology stack infrastructure
Working with service layer vs server side API More community tools amp libraries to choose from Can follow more ldquostandardsrdquo
Donrsquot have to scale SharePoint can now just scale the app
wwwAndrewConnellcom
AndrewConnell
CSOM in SharePoint 2010
CSOM made accessible through clientsvcDirect access to clientsvc not supportedCalls to clientsvc must go through
supported entry pointsSupported entry points
NETSilverlight JavaScript
wwwAndrewConnellcom
AndrewConnell
Changes in SharePoint 2013
clientsvc extended with REST capabilitiesclientsvc now supports direct access from
REST clientsclientsvc accepts HTTP GET PUT POST requestsImplemented in accordance with OData protocol
CSOM extended with new APIsNew APIs for SharePoint Server functionalityNew API for Windows Phone Applications
wwwAndrewConnellcom
AndrewConnell
What is covered in the new CSOM
New APIs with SharePoint Server functionality User Profiles
Search
Taxonomy
Feeds
Publishing
Sharing
Workflow
E-Discovery
IRM
Analytics
Business Data
wwwAndrewConnellcom
AndrewConnell
SharePoint 2013 Remote API Architecture
JavaScript Library
Silverlight Library
Net CLR Library
Custom Client Code
Client
Server
_api is new alias for _vti_binclientsvc
OData
Execute Query
wwwAndrewConnellcom
AndrewConnell
What About ListDatasvc
ListDatasvc added REST support for reading amp writing to SharePoint lists in SharePoint 2010
Still present in SharePoint 2013 but primarily only for backwards capability Existing code wonrsquot break
New development recommendation use new SharePoint 2013 RESTOData API
wwwAndrewConnellcom
AndrewConnell
Changes to CSOM in SharePoint 2013
SharePoint Foundation 2013No significant changes to CSOM beyond REST supportPrimary investment was adding REST to existing API
SharePoint Server 2013New APIs added with CSOM and REST support
wwwAndrewConnellcom
AndrewConnell
CSOM using Managed CodeClientContext cc = new ClientContext(httpclientsidewingtipcom)ccCredentials = CredentialCacheDefaultCredentialsWeb site = ccWebListCollection lists = siteLists load site infoccLoad(site s =gt sTitle)ccExecuteQuery()ConsoleWriteLine(Site Title + siteTitle) create listListCreationInformation newList = new ListCreationInformation()newListTitle = Customers CSOMnewListUrl = ListsCustomers_CSOMnewListQuickLaunchOption = QuickLaunchOptionsOnnewListTemplateType = (int)ListTemplateTypeContactssiteListsAdd(newList) refresh lists collectionccLoad(lists) make round trip to Web server to do all the workccExecuteQuery() foreach (List list in lists) ConsoleWriteLine(listTitle)
wwwAndrewConnellcom
AndrewConnell
CSOM using JavaScriptvar ctxvar webvar lists $(onPageLoad) function onPageLoad() ExecuteOrDelayUntilScriptLoaded(initCSOM spjs) function initCSOM() ctx = SPClientContextget_current() web = ctxget_web() ctxload(web) ctxload(webget_currentUser()) lists = webget_lists() ctxload(lists) ctxexecuteQueryAsync(onDisplaySiteInfo onError) function onDisplaySiteInfo() var siteTitle = webget_title() var siteId = webget_id()toString() var siteUrl = webget_url() var currentUser = webget_currentUser()get_loginName() do something with these values function onError(sender args) alert(JSONstringify(args))
wwwAndrewConnellcom
AndrewConnell
Programming CSOM with C
wwwAndrewConnellcom
AndrewConnell
REST URLs in SharePoint 2013
CSOM URLS can go through _api folderSimplifies URLs that need to be builtRemoves clientsvc file name from URL
You can replace this URLhttpwingtipserver_vti_binclientsvcweb
With this URLhttpwingtipserver_apiweb
wwwAndrewConnellcom
AndrewConnell
Mapping Objects to Resources
Example REST URLs targeting SharePoint sites
http[]_apiweblists
http[]_apiweblistsgetByTitle(lsquoContacts)
http[]_apiwebgetAvailableWebTemplates(lcid=1033)
wwwAndrewConnellcom
AndrewConnell
Testing REST Calls Through the Browser
wwwAndrewConnellcom
AndrewConnell
Executing REST Queries Through The Browser
wwwAndrewConnellcom
AndrewConnell
Returning ATOM XML vs JSON
Control data format response withACCEPT header
ATOM-PUB (XML) Verbose
Easier to read
ACCEPT = applicationatom+xml
JSON Condensed notation
Smaller payload
ACCEPT = applicationjsonodata=verbose
d __metadata idF05C411B-943E-42A0-A5DF-205F5C75E673 urihttpintranetwingtipcom_apiWebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2) etag0 typeSPList Id0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2 TitleDocuments
ltentry xmlbase=httpintranetwingtipcom_api xmlns=httpwwww3org2005Atom xmlnsd=httpschemasmicrosoftcomado200708dataservices xmlnsm=httpschemasmicrosoftcomado200708dataservicesmetadata metag=ampquot0ampquotgt ltidgthttpintranetwingtipcom_apiWebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2)ltidgt ltcategory term=SPList scheme=httpschemasmicrosoftcomado200708dataservicesscheme gt ltlink rel=edit href=WebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2) gt lttitle gt ltupdatedgt2012-10-05T205347Zltupdatedgt ltauthorgt ltname gt ltauthorgt ltcontent type=applicationxmlgt ltmpropertiesgt ltdTitlegtDocumentsltdTitlegt ltmpropertiesgt ltcontentgtltentrygt
wwwAndrewConnellcom
AndrewConnell
REST Query from Managed Code
Tips for making REST calls from managed codeUse HttpWebRequest amp HttpWebResponseQuery XML using XDocumentDescendantsOr use JSON amp JavascriptSeralizer JSONNET
build requestUri uri = new Uri(siteUrl + _apiweblistsgetByTitle(Documents)ampselect=Title)HttpWebRequest request = WebRequestCreate(uri) as HttpWebRequestrequestCredentials = CredentialCacheDefaultCredentialsrequestAccept = applicationatom+xml send requestHttpWebResponse response = requestGetResponse() as HttpWebResponse use LINQ to XML to get dataXDocument doc = XDocumentLoad(responseGetResponseStream())XNamespace nsDataService = httpschemasmicrosoftcomado200708dataservicesstring title = docDescendants(nsDataService + Title)First()Value
wwwAndrewConnellcom
AndrewConnell
REST Query Using JavaScript amp jQuery
$(onPageLoad) function onPageLoad() $(cmdGetSiteInfo)click(onGetSiteInfo) function onGetSiteInfo() var requestUri = _spPageContextInfowebAbsoluteUrl + _apiWeb$select=Title execute AJAX request jqxhr = $getJSON(requestUri null OnDataReturned) jqxhrerror(onError) function OnDataReturned(data) var odataResults = datad var siteTitle= odataResultsTitle $(results)html(Title + siteTitle) function onError(err) $(results)text(ERROR + JSONstringify(err))
d __metadata idF05C411B-943E-42A0-A5DF-205F5C75E673 urihttpintranetwingtipcom_apiWeb typeSPWeb Id0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2 TitleMy Site Title
wwwAndrewConnellcom
AndrewConnell
Updates and the Form Digest
Updates using REST require Form DigestSpecial value created using cryptographyUsed to protect against replay attackSharePoint pages include control that contains the Form
DigestWeb service clients must acquire Form
Digest separatelyForm Digest can be acquired through
httpsite_vti_binsitesasmx
wwwAndrewConnellcom
AndrewConnell
Creating Lists with Managed Code amp REST
Parse together URL to point to lists collectionAdd X-RequestDigest header with form
digest valueSet HTTP method to POSTCreate body content with new list info
wwwAndrewConnellcom
AndrewConnell
Creating Lists with JavaScript and REST
function onCreateList() var newList = __metadata typeSPList BaseTemplate105 TemplateFeatureId4AE88D99-DBBC-4B9E-95CC-CA3C320A2345 TitleNewListName var requestHeaders = ACCEPTapplicationjson X-RequestDigest$(__REQUESTDIGEST)val() $ajax( url _spPageContextInfowebAbsoluteUrl + _apiweblists type POST contentType applicationjson data JSONstringify(newList) headers requestHeaders success onSuccess error onError )
Create appropriate JavaScript object and convert to JSON format for request body
Get form digest value from control on page
Create request headers for HTTP Request
Send request to Web server using jQuery $ajax function
Convert request body data to string-based JSON object
wwwAndrewConnellcom
AndrewConnell
Querying and Updating Content Using REST
wwwAndrewConnellcom
AndrewConnell
Questions Want to Learn More
SharePoint Courses for Everyone SharePoint 2007 2010 amp 2013 Developers Administrators amp End Users
Get Training How You Like it Hands-On (classroom with hands-on
labs) Online (live webcast with take-away labs)
Private Classes Available for Large Groups
SharePoint Courses for Everyone SharePoint 2007 2010 amp 2013 Developers Administrators amp End Users
Individual Small Business amp Enterprise Plans Monthly or Annual Subscriptions Watch Online amp Offline
Subscribers Have Access to Entire Catalog
wwwCriticalPathTrainingcom
Hands-On amp Virtual Training
wwwPluralsightcom
On-Demand Training
meandrewconnellcom
- Building Apps for SharePoint 2013 Inside and Outside of the Fir
- Slide 2
- Agenda
- SharePoint 2013 Deployment Options
- Overview of the SharePoint App Model
- App Installation Scopes
- SharePoint App Architecture
- Creating SharePoint Hosted amp Cloud-Hosted Apps
- App Web
- Inspecting the AppWeb
- App Shapes
- App Shapes ndash What It Really Is
- Inspecting App Shapes
- Authentication in SharePoint 2013
- User vs App Authentication Flow
- SharePoint 2013 Authentication Flow
- Provider-Hosted Apps amp App Identity
- OAuth 20 Primer
- Windows Azure ACS
- What is a Server-to-Server (S2S) Trust
- Developing Apps that use S2S Trusts
- OAuth amp S2S Trusts
- What You Might Not Be Aware Of 1
- Creating Apps with Identities amp Permissions
- What You Might Not Be Aware Of 2
- The Sandbox Isnrsquot Dead
- App Model Parting Thoughts
- CSOM in SharePoint 2010
- Changes in SharePoint 2013
- What is covered in the new CSOM
- SharePoint 2013 Remote API Architecture
- What About ListDatasvc
- Changes to CSOM in SharePoint 2013
- CSOM using Managed Code
- CSOM using JavaScript
- Programming CSOM with C
- REST URLs in SharePoint 2013
- Mapping Objects to Resources
- Testing REST Calls Through the Browser
- Executing REST Queries Through The Browser
- Returning ATOM XML vs JSON
- REST Query from Managed Code
- REST Query Using JavaScript amp jQuery
- Updates and the Form Digest
- Creating Lists with Managed Code amp REST
- Creating Lists with JavaScript and REST
- Querying and Updating Content Using REST
- Questions Want to Learn More
-
wwwAndrewConnellcom
AndrewConnell
User vs App Authentication Flow
call from user SAMLtoken
call from appOAuthtoken
SharePoint Farm
Web Servers
wwwAndrewConnellcom
AndrewConnell
SharePoint 2013 Authentication Flow
startauthentication
SAML Token
OAuth token
request toapp web
CSOMRESTendpoint
user infoin token
endauthentication
set up call context with user identity
set up call context with user identity and app identity
set up call context with app identity
set up call context with no identity
(anonymous access)
YES NO
YESNO
NO
YES YES YES
NO
NO
wwwAndrewConnellcom
AndrewConnell
Provider-Hosted Apps amp App Identity
OAuth (via Azure ACS)
High-Trust (via S2S Trust amp
certificates)
bull Apps can obtain an identity using one of two methods
wwwAndrewConnellcom
AndrewConnell
OAuth 20 Primer
What is OAuthInternet protocol for creating and managing app identityA cross-platform mechanism for authenticating appsInternet standard used by Facebook Google
and Twitter
SharePoint 2013 use OAuth to establish app identitySharePoint integration with OAuth based on Azure ACSOAuth authentication used in Office 365 but not on-premises farms
wwwAndrewConnellcom
AndrewConnell
Windows Azure ACS
Windows Azure Access Control Service (ACS)Required to use OAuth with SharePoint 2013ACS server acts as authentication serverACS server must be trusted by content serverACS server must be trusted by client app
How is ACS configured as authentication serverIts configured automatically in Office 365 tenanciesNot supported in on-prem farms in SharePoint 2013
wwwAndrewConnellcom
AndrewConnell
What is a Server-to-Server (S2S) Trust
Trusted connection between client app and SharePoint Eliminates need for ACS when running apps in on-premises farm
Trust between servers configured using SSL certificates
App code requires access to private key of SSL certificate
Requires creating Security Token Service on SharePoint server(s)
wwwAndrewConnellcom
AndrewConnell
Developing Apps that use S2S Trusts
What are the developer responsibilities with an S2S app Expose an endpoint to SharePoint to
discover service metadata Authenticate the user (can use Windows Auth FBA etc) Create security tokens to send to SharePoint server
Details of creating the S2S security token S2S token like OAuth token but differs from
OAuth specification Security token must contain app identity Security token can optionally include user identity Security token must be signed using certificatersquos private key
wwwAndrewConnellcom
AndrewConnell
OAuth amp S2S Trusts
OAuth Enabled Apps Before deployment marketplace app must be registered with Azure ACS Apps obtain their identity token from Azure ACS When calling SharePoint app includes OAuth token SharePoint trusts Azure ACS
On-Prem deployments will typically use S2S Before deployment app must be
registered with SharePoint Developer registers a certificate with SharePoint amp associates app with
certificate App creates token using private key of certificate SharePoint trusts this token because it was signed with the private key
wwwAndrewConnellcom
AndrewConnell
What You Might Not Be Aware Of 1
OAuth is only supported in Office 365No support in On-Prem deployments at RTMWhy
Possible update to this story after RTMExtra stepsHotfixCumulative UpdateService PackNext Version
wwwAndrewConnellcom
AndrewConnell
Creating Apps with Identities amp Permissions
wwwAndrewConnellcom
AndrewConnell
What You Might Not Be Aware Of 2
Office 365 Azure
bull ldquoPrivate Cloudrdquobull Azure Web Sitesbull SQL Azure DBsbull Access Control Service
Windows Azure
bull wwwazurecombull Cloud servicesbull Web Sitesbull Virtual Machinesbull Storage (blob queue table)bull Service Busbull SQL Azurebull Access Control Servicebull hellip
Office 365 Azure = Windows Azure
wwwAndrewConnellcom
AndrewConnell
The Sandbox Isnrsquot Dead
Where you build sandbox solutions try to replace them with SharePoint Apps
There are many scenarios where Apps canrsquot replace sandbox solutions
Some things are ONLY possible with sandboxed solutions in a hosted deployment
Remember they are deprecated not dead
wwwAndrewConnellcom
AndrewConnell
App Model Parting Thoughts
SharePoint ALM has always been hard NET ALM gt SharePoint ALM
More tools more mature more documentation amp support No longer limited to what SharePoint supports
Latest version of the NET Framework New ldquotoysrdquo (MVC Entity Framework etc) Not limited to any technology stack infrastructure
Working with service layer vs server side API More community tools amp libraries to choose from Can follow more ldquostandardsrdquo
Donrsquot have to scale SharePoint can now just scale the app
wwwAndrewConnellcom
AndrewConnell
CSOM in SharePoint 2010
CSOM made accessible through clientsvcDirect access to clientsvc not supportedCalls to clientsvc must go through
supported entry pointsSupported entry points
NETSilverlight JavaScript
wwwAndrewConnellcom
AndrewConnell
Changes in SharePoint 2013
clientsvc extended with REST capabilitiesclientsvc now supports direct access from
REST clientsclientsvc accepts HTTP GET PUT POST requestsImplemented in accordance with OData protocol
CSOM extended with new APIsNew APIs for SharePoint Server functionalityNew API for Windows Phone Applications
wwwAndrewConnellcom
AndrewConnell
What is covered in the new CSOM
New APIs with SharePoint Server functionality User Profiles
Search
Taxonomy
Feeds
Publishing
Sharing
Workflow
E-Discovery
IRM
Analytics
Business Data
wwwAndrewConnellcom
AndrewConnell
SharePoint 2013 Remote API Architecture
JavaScript Library
Silverlight Library
Net CLR Library
Custom Client Code
Client
Server
_api is new alias for _vti_binclientsvc
OData
Execute Query
wwwAndrewConnellcom
AndrewConnell
What About ListDatasvc
ListDatasvc added REST support for reading amp writing to SharePoint lists in SharePoint 2010
Still present in SharePoint 2013 but primarily only for backwards capability Existing code wonrsquot break
New development recommendation use new SharePoint 2013 RESTOData API
wwwAndrewConnellcom
AndrewConnell
Changes to CSOM in SharePoint 2013
SharePoint Foundation 2013No significant changes to CSOM beyond REST supportPrimary investment was adding REST to existing API
SharePoint Server 2013New APIs added with CSOM and REST support
wwwAndrewConnellcom
AndrewConnell
CSOM using Managed CodeClientContext cc = new ClientContext(httpclientsidewingtipcom)ccCredentials = CredentialCacheDefaultCredentialsWeb site = ccWebListCollection lists = siteLists load site infoccLoad(site s =gt sTitle)ccExecuteQuery()ConsoleWriteLine(Site Title + siteTitle) create listListCreationInformation newList = new ListCreationInformation()newListTitle = Customers CSOMnewListUrl = ListsCustomers_CSOMnewListQuickLaunchOption = QuickLaunchOptionsOnnewListTemplateType = (int)ListTemplateTypeContactssiteListsAdd(newList) refresh lists collectionccLoad(lists) make round trip to Web server to do all the workccExecuteQuery() foreach (List list in lists) ConsoleWriteLine(listTitle)
wwwAndrewConnellcom
AndrewConnell
CSOM using JavaScriptvar ctxvar webvar lists $(onPageLoad) function onPageLoad() ExecuteOrDelayUntilScriptLoaded(initCSOM spjs) function initCSOM() ctx = SPClientContextget_current() web = ctxget_web() ctxload(web) ctxload(webget_currentUser()) lists = webget_lists() ctxload(lists) ctxexecuteQueryAsync(onDisplaySiteInfo onError) function onDisplaySiteInfo() var siteTitle = webget_title() var siteId = webget_id()toString() var siteUrl = webget_url() var currentUser = webget_currentUser()get_loginName() do something with these values function onError(sender args) alert(JSONstringify(args))
wwwAndrewConnellcom
AndrewConnell
Programming CSOM with C
wwwAndrewConnellcom
AndrewConnell
REST URLs in SharePoint 2013
CSOM URLS can go through _api folderSimplifies URLs that need to be builtRemoves clientsvc file name from URL
You can replace this URLhttpwingtipserver_vti_binclientsvcweb
With this URLhttpwingtipserver_apiweb
wwwAndrewConnellcom
AndrewConnell
Mapping Objects to Resources
Example REST URLs targeting SharePoint sites
http[]_apiweblists
http[]_apiweblistsgetByTitle(lsquoContacts)
http[]_apiwebgetAvailableWebTemplates(lcid=1033)
wwwAndrewConnellcom
AndrewConnell
Testing REST Calls Through the Browser
wwwAndrewConnellcom
AndrewConnell
Executing REST Queries Through The Browser
wwwAndrewConnellcom
AndrewConnell
Returning ATOM XML vs JSON
Control data format response withACCEPT header
ATOM-PUB (XML) Verbose
Easier to read
ACCEPT = applicationatom+xml
JSON Condensed notation
Smaller payload
ACCEPT = applicationjsonodata=verbose
d __metadata idF05C411B-943E-42A0-A5DF-205F5C75E673 urihttpintranetwingtipcom_apiWebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2) etag0 typeSPList Id0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2 TitleDocuments
ltentry xmlbase=httpintranetwingtipcom_api xmlns=httpwwww3org2005Atom xmlnsd=httpschemasmicrosoftcomado200708dataservices xmlnsm=httpschemasmicrosoftcomado200708dataservicesmetadata metag=ampquot0ampquotgt ltidgthttpintranetwingtipcom_apiWebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2)ltidgt ltcategory term=SPList scheme=httpschemasmicrosoftcomado200708dataservicesscheme gt ltlink rel=edit href=WebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2) gt lttitle gt ltupdatedgt2012-10-05T205347Zltupdatedgt ltauthorgt ltname gt ltauthorgt ltcontent type=applicationxmlgt ltmpropertiesgt ltdTitlegtDocumentsltdTitlegt ltmpropertiesgt ltcontentgtltentrygt
wwwAndrewConnellcom
AndrewConnell
REST Query from Managed Code
Tips for making REST calls from managed codeUse HttpWebRequest amp HttpWebResponseQuery XML using XDocumentDescendantsOr use JSON amp JavascriptSeralizer JSONNET
build requestUri uri = new Uri(siteUrl + _apiweblistsgetByTitle(Documents)ampselect=Title)HttpWebRequest request = WebRequestCreate(uri) as HttpWebRequestrequestCredentials = CredentialCacheDefaultCredentialsrequestAccept = applicationatom+xml send requestHttpWebResponse response = requestGetResponse() as HttpWebResponse use LINQ to XML to get dataXDocument doc = XDocumentLoad(responseGetResponseStream())XNamespace nsDataService = httpschemasmicrosoftcomado200708dataservicesstring title = docDescendants(nsDataService + Title)First()Value
wwwAndrewConnellcom
AndrewConnell
REST Query Using JavaScript amp jQuery
$(onPageLoad) function onPageLoad() $(cmdGetSiteInfo)click(onGetSiteInfo) function onGetSiteInfo() var requestUri = _spPageContextInfowebAbsoluteUrl + _apiWeb$select=Title execute AJAX request jqxhr = $getJSON(requestUri null OnDataReturned) jqxhrerror(onError) function OnDataReturned(data) var odataResults = datad var siteTitle= odataResultsTitle $(results)html(Title + siteTitle) function onError(err) $(results)text(ERROR + JSONstringify(err))
d __metadata idF05C411B-943E-42A0-A5DF-205F5C75E673 urihttpintranetwingtipcom_apiWeb typeSPWeb Id0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2 TitleMy Site Title
wwwAndrewConnellcom
AndrewConnell
Updates and the Form Digest
Updates using REST require Form DigestSpecial value created using cryptographyUsed to protect against replay attackSharePoint pages include control that contains the Form
DigestWeb service clients must acquire Form
Digest separatelyForm Digest can be acquired through
httpsite_vti_binsitesasmx
wwwAndrewConnellcom
AndrewConnell
Creating Lists with Managed Code amp REST
Parse together URL to point to lists collectionAdd X-RequestDigest header with form
digest valueSet HTTP method to POSTCreate body content with new list info
wwwAndrewConnellcom
AndrewConnell
Creating Lists with JavaScript and REST
function onCreateList() var newList = __metadata typeSPList BaseTemplate105 TemplateFeatureId4AE88D99-DBBC-4B9E-95CC-CA3C320A2345 TitleNewListName var requestHeaders = ACCEPTapplicationjson X-RequestDigest$(__REQUESTDIGEST)val() $ajax( url _spPageContextInfowebAbsoluteUrl + _apiweblists type POST contentType applicationjson data JSONstringify(newList) headers requestHeaders success onSuccess error onError )
Create appropriate JavaScript object and convert to JSON format for request body
Get form digest value from control on page
Create request headers for HTTP Request
Send request to Web server using jQuery $ajax function
Convert request body data to string-based JSON object
wwwAndrewConnellcom
AndrewConnell
Querying and Updating Content Using REST
wwwAndrewConnellcom
AndrewConnell
Questions Want to Learn More
SharePoint Courses for Everyone SharePoint 2007 2010 amp 2013 Developers Administrators amp End Users
Get Training How You Like it Hands-On (classroom with hands-on
labs) Online (live webcast with take-away labs)
Private Classes Available for Large Groups
SharePoint Courses for Everyone SharePoint 2007 2010 amp 2013 Developers Administrators amp End Users
Individual Small Business amp Enterprise Plans Monthly or Annual Subscriptions Watch Online amp Offline
Subscribers Have Access to Entire Catalog
wwwCriticalPathTrainingcom
Hands-On amp Virtual Training
wwwPluralsightcom
On-Demand Training
meandrewconnellcom
- Building Apps for SharePoint 2013 Inside and Outside of the Fir
- Slide 2
- Agenda
- SharePoint 2013 Deployment Options
- Overview of the SharePoint App Model
- App Installation Scopes
- SharePoint App Architecture
- Creating SharePoint Hosted amp Cloud-Hosted Apps
- App Web
- Inspecting the AppWeb
- App Shapes
- App Shapes ndash What It Really Is
- Inspecting App Shapes
- Authentication in SharePoint 2013
- User vs App Authentication Flow
- SharePoint 2013 Authentication Flow
- Provider-Hosted Apps amp App Identity
- OAuth 20 Primer
- Windows Azure ACS
- What is a Server-to-Server (S2S) Trust
- Developing Apps that use S2S Trusts
- OAuth amp S2S Trusts
- What You Might Not Be Aware Of 1
- Creating Apps with Identities amp Permissions
- What You Might Not Be Aware Of 2
- The Sandbox Isnrsquot Dead
- App Model Parting Thoughts
- CSOM in SharePoint 2010
- Changes in SharePoint 2013
- What is covered in the new CSOM
- SharePoint 2013 Remote API Architecture
- What About ListDatasvc
- Changes to CSOM in SharePoint 2013
- CSOM using Managed Code
- CSOM using JavaScript
- Programming CSOM with C
- REST URLs in SharePoint 2013
- Mapping Objects to Resources
- Testing REST Calls Through the Browser
- Executing REST Queries Through The Browser
- Returning ATOM XML vs JSON
- REST Query from Managed Code
- REST Query Using JavaScript amp jQuery
- Updates and the Form Digest
- Creating Lists with Managed Code amp REST
- Creating Lists with JavaScript and REST
- Querying and Updating Content Using REST
- Questions Want to Learn More
-
wwwAndrewConnellcom
AndrewConnell
SharePoint 2013 Authentication Flow
startauthentication
SAML Token
OAuth token
request toapp web
CSOMRESTendpoint
user infoin token
endauthentication
set up call context with user identity
set up call context with user identity and app identity
set up call context with app identity
set up call context with no identity
(anonymous access)
YES NO
YESNO
NO
YES YES YES
NO
NO
wwwAndrewConnellcom
AndrewConnell
Provider-Hosted Apps amp App Identity
OAuth (via Azure ACS)
High-Trust (via S2S Trust amp
certificates)
bull Apps can obtain an identity using one of two methods
wwwAndrewConnellcom
AndrewConnell
OAuth 20 Primer
What is OAuthInternet protocol for creating and managing app identityA cross-platform mechanism for authenticating appsInternet standard used by Facebook Google
and Twitter
SharePoint 2013 use OAuth to establish app identitySharePoint integration with OAuth based on Azure ACSOAuth authentication used in Office 365 but not on-premises farms
wwwAndrewConnellcom
AndrewConnell
Windows Azure ACS
Windows Azure Access Control Service (ACS)Required to use OAuth with SharePoint 2013ACS server acts as authentication serverACS server must be trusted by content serverACS server must be trusted by client app
How is ACS configured as authentication serverIts configured automatically in Office 365 tenanciesNot supported in on-prem farms in SharePoint 2013
wwwAndrewConnellcom
AndrewConnell
What is a Server-to-Server (S2S) Trust
Trusted connection between client app and SharePoint Eliminates need for ACS when running apps in on-premises farm
Trust between servers configured using SSL certificates
App code requires access to private key of SSL certificate
Requires creating Security Token Service on SharePoint server(s)
wwwAndrewConnellcom
AndrewConnell
Developing Apps that use S2S Trusts
What are the developer responsibilities with an S2S app Expose an endpoint to SharePoint to
discover service metadata Authenticate the user (can use Windows Auth FBA etc) Create security tokens to send to SharePoint server
Details of creating the S2S security token S2S token like OAuth token but differs from
OAuth specification Security token must contain app identity Security token can optionally include user identity Security token must be signed using certificatersquos private key
wwwAndrewConnellcom
AndrewConnell
OAuth amp S2S Trusts
OAuth Enabled Apps Before deployment marketplace app must be registered with Azure ACS Apps obtain their identity token from Azure ACS When calling SharePoint app includes OAuth token SharePoint trusts Azure ACS
On-Prem deployments will typically use S2S Before deployment app must be
registered with SharePoint Developer registers a certificate with SharePoint amp associates app with
certificate App creates token using private key of certificate SharePoint trusts this token because it was signed with the private key
wwwAndrewConnellcom
AndrewConnell
What You Might Not Be Aware Of 1
OAuth is only supported in Office 365No support in On-Prem deployments at RTMWhy
Possible update to this story after RTMExtra stepsHotfixCumulative UpdateService PackNext Version
wwwAndrewConnellcom
AndrewConnell
Creating Apps with Identities amp Permissions
wwwAndrewConnellcom
AndrewConnell
What You Might Not Be Aware Of 2
Office 365 Azure
bull ldquoPrivate Cloudrdquobull Azure Web Sitesbull SQL Azure DBsbull Access Control Service
Windows Azure
bull wwwazurecombull Cloud servicesbull Web Sitesbull Virtual Machinesbull Storage (blob queue table)bull Service Busbull SQL Azurebull Access Control Servicebull hellip
Office 365 Azure = Windows Azure
wwwAndrewConnellcom
AndrewConnell
The Sandbox Isnrsquot Dead
Where you build sandbox solutions try to replace them with SharePoint Apps
There are many scenarios where Apps canrsquot replace sandbox solutions
Some things are ONLY possible with sandboxed solutions in a hosted deployment
Remember they are deprecated not dead
wwwAndrewConnellcom
AndrewConnell
App Model Parting Thoughts
SharePoint ALM has always been hard NET ALM gt SharePoint ALM
More tools more mature more documentation amp support No longer limited to what SharePoint supports
Latest version of the NET Framework New ldquotoysrdquo (MVC Entity Framework etc) Not limited to any technology stack infrastructure
Working with service layer vs server side API More community tools amp libraries to choose from Can follow more ldquostandardsrdquo
Donrsquot have to scale SharePoint can now just scale the app
wwwAndrewConnellcom
AndrewConnell
CSOM in SharePoint 2010
CSOM made accessible through clientsvcDirect access to clientsvc not supportedCalls to clientsvc must go through
supported entry pointsSupported entry points
NETSilverlight JavaScript
wwwAndrewConnellcom
AndrewConnell
Changes in SharePoint 2013
clientsvc extended with REST capabilitiesclientsvc now supports direct access from
REST clientsclientsvc accepts HTTP GET PUT POST requestsImplemented in accordance with OData protocol
CSOM extended with new APIsNew APIs for SharePoint Server functionalityNew API for Windows Phone Applications
wwwAndrewConnellcom
AndrewConnell
What is covered in the new CSOM
New APIs with SharePoint Server functionality User Profiles
Search
Taxonomy
Feeds
Publishing
Sharing
Workflow
E-Discovery
IRM
Analytics
Business Data
wwwAndrewConnellcom
AndrewConnell
SharePoint 2013 Remote API Architecture
JavaScript Library
Silverlight Library
Net CLR Library
Custom Client Code
Client
Server
_api is new alias for _vti_binclientsvc
OData
Execute Query
wwwAndrewConnellcom
AndrewConnell
What About ListDatasvc
ListDatasvc added REST support for reading amp writing to SharePoint lists in SharePoint 2010
Still present in SharePoint 2013 but primarily only for backwards capability Existing code wonrsquot break
New development recommendation use new SharePoint 2013 RESTOData API
wwwAndrewConnellcom
AndrewConnell
Changes to CSOM in SharePoint 2013
SharePoint Foundation 2013No significant changes to CSOM beyond REST supportPrimary investment was adding REST to existing API
SharePoint Server 2013New APIs added with CSOM and REST support
wwwAndrewConnellcom
AndrewConnell
CSOM using Managed CodeClientContext cc = new ClientContext(httpclientsidewingtipcom)ccCredentials = CredentialCacheDefaultCredentialsWeb site = ccWebListCollection lists = siteLists load site infoccLoad(site s =gt sTitle)ccExecuteQuery()ConsoleWriteLine(Site Title + siteTitle) create listListCreationInformation newList = new ListCreationInformation()newListTitle = Customers CSOMnewListUrl = ListsCustomers_CSOMnewListQuickLaunchOption = QuickLaunchOptionsOnnewListTemplateType = (int)ListTemplateTypeContactssiteListsAdd(newList) refresh lists collectionccLoad(lists) make round trip to Web server to do all the workccExecuteQuery() foreach (List list in lists) ConsoleWriteLine(listTitle)
wwwAndrewConnellcom
AndrewConnell
CSOM using JavaScriptvar ctxvar webvar lists $(onPageLoad) function onPageLoad() ExecuteOrDelayUntilScriptLoaded(initCSOM spjs) function initCSOM() ctx = SPClientContextget_current() web = ctxget_web() ctxload(web) ctxload(webget_currentUser()) lists = webget_lists() ctxload(lists) ctxexecuteQueryAsync(onDisplaySiteInfo onError) function onDisplaySiteInfo() var siteTitle = webget_title() var siteId = webget_id()toString() var siteUrl = webget_url() var currentUser = webget_currentUser()get_loginName() do something with these values function onError(sender args) alert(JSONstringify(args))
wwwAndrewConnellcom
AndrewConnell
Programming CSOM with C
wwwAndrewConnellcom
AndrewConnell
REST URLs in SharePoint 2013
CSOM URLS can go through _api folderSimplifies URLs that need to be builtRemoves clientsvc file name from URL
You can replace this URLhttpwingtipserver_vti_binclientsvcweb
With this URLhttpwingtipserver_apiweb
wwwAndrewConnellcom
AndrewConnell
Mapping Objects to Resources
Example REST URLs targeting SharePoint sites
http[]_apiweblists
http[]_apiweblistsgetByTitle(lsquoContacts)
http[]_apiwebgetAvailableWebTemplates(lcid=1033)
wwwAndrewConnellcom
AndrewConnell
Testing REST Calls Through the Browser
wwwAndrewConnellcom
AndrewConnell
Executing REST Queries Through The Browser
wwwAndrewConnellcom
AndrewConnell
Returning ATOM XML vs JSON
Control data format response withACCEPT header
ATOM-PUB (XML) Verbose
Easier to read
ACCEPT = applicationatom+xml
JSON Condensed notation
Smaller payload
ACCEPT = applicationjsonodata=verbose
d __metadata idF05C411B-943E-42A0-A5DF-205F5C75E673 urihttpintranetwingtipcom_apiWebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2) etag0 typeSPList Id0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2 TitleDocuments
ltentry xmlbase=httpintranetwingtipcom_api xmlns=httpwwww3org2005Atom xmlnsd=httpschemasmicrosoftcomado200708dataservices xmlnsm=httpschemasmicrosoftcomado200708dataservicesmetadata metag=ampquot0ampquotgt ltidgthttpintranetwingtipcom_apiWebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2)ltidgt ltcategory term=SPList scheme=httpschemasmicrosoftcomado200708dataservicesscheme gt ltlink rel=edit href=WebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2) gt lttitle gt ltupdatedgt2012-10-05T205347Zltupdatedgt ltauthorgt ltname gt ltauthorgt ltcontent type=applicationxmlgt ltmpropertiesgt ltdTitlegtDocumentsltdTitlegt ltmpropertiesgt ltcontentgtltentrygt
wwwAndrewConnellcom
AndrewConnell
REST Query from Managed Code
Tips for making REST calls from managed codeUse HttpWebRequest amp HttpWebResponseQuery XML using XDocumentDescendantsOr use JSON amp JavascriptSeralizer JSONNET
build requestUri uri = new Uri(siteUrl + _apiweblistsgetByTitle(Documents)ampselect=Title)HttpWebRequest request = WebRequestCreate(uri) as HttpWebRequestrequestCredentials = CredentialCacheDefaultCredentialsrequestAccept = applicationatom+xml send requestHttpWebResponse response = requestGetResponse() as HttpWebResponse use LINQ to XML to get dataXDocument doc = XDocumentLoad(responseGetResponseStream())XNamespace nsDataService = httpschemasmicrosoftcomado200708dataservicesstring title = docDescendants(nsDataService + Title)First()Value
wwwAndrewConnellcom
AndrewConnell
REST Query Using JavaScript amp jQuery
$(onPageLoad) function onPageLoad() $(cmdGetSiteInfo)click(onGetSiteInfo) function onGetSiteInfo() var requestUri = _spPageContextInfowebAbsoluteUrl + _apiWeb$select=Title execute AJAX request jqxhr = $getJSON(requestUri null OnDataReturned) jqxhrerror(onError) function OnDataReturned(data) var odataResults = datad var siteTitle= odataResultsTitle $(results)html(Title + siteTitle) function onError(err) $(results)text(ERROR + JSONstringify(err))
d __metadata idF05C411B-943E-42A0-A5DF-205F5C75E673 urihttpintranetwingtipcom_apiWeb typeSPWeb Id0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2 TitleMy Site Title
wwwAndrewConnellcom
AndrewConnell
Updates and the Form Digest
Updates using REST require Form DigestSpecial value created using cryptographyUsed to protect against replay attackSharePoint pages include control that contains the Form
DigestWeb service clients must acquire Form
Digest separatelyForm Digest can be acquired through
httpsite_vti_binsitesasmx
wwwAndrewConnellcom
AndrewConnell
Creating Lists with Managed Code amp REST
Parse together URL to point to lists collectionAdd X-RequestDigest header with form
digest valueSet HTTP method to POSTCreate body content with new list info
wwwAndrewConnellcom
AndrewConnell
Creating Lists with JavaScript and REST
function onCreateList() var newList = __metadata typeSPList BaseTemplate105 TemplateFeatureId4AE88D99-DBBC-4B9E-95CC-CA3C320A2345 TitleNewListName var requestHeaders = ACCEPTapplicationjson X-RequestDigest$(__REQUESTDIGEST)val() $ajax( url _spPageContextInfowebAbsoluteUrl + _apiweblists type POST contentType applicationjson data JSONstringify(newList) headers requestHeaders success onSuccess error onError )
Create appropriate JavaScript object and convert to JSON format for request body
Get form digest value from control on page
Create request headers for HTTP Request
Send request to Web server using jQuery $ajax function
Convert request body data to string-based JSON object
wwwAndrewConnellcom
AndrewConnell
Querying and Updating Content Using REST
wwwAndrewConnellcom
AndrewConnell
Questions Want to Learn More
SharePoint Courses for Everyone SharePoint 2007 2010 amp 2013 Developers Administrators amp End Users
Get Training How You Like it Hands-On (classroom with hands-on
labs) Online (live webcast with take-away labs)
Private Classes Available for Large Groups
SharePoint Courses for Everyone SharePoint 2007 2010 amp 2013 Developers Administrators amp End Users
Individual Small Business amp Enterprise Plans Monthly or Annual Subscriptions Watch Online amp Offline
Subscribers Have Access to Entire Catalog
wwwCriticalPathTrainingcom
Hands-On amp Virtual Training
wwwPluralsightcom
On-Demand Training
meandrewconnellcom
- Building Apps for SharePoint 2013 Inside and Outside of the Fir
- Slide 2
- Agenda
- SharePoint 2013 Deployment Options
- Overview of the SharePoint App Model
- App Installation Scopes
- SharePoint App Architecture
- Creating SharePoint Hosted amp Cloud-Hosted Apps
- App Web
- Inspecting the AppWeb
- App Shapes
- App Shapes ndash What It Really Is
- Inspecting App Shapes
- Authentication in SharePoint 2013
- User vs App Authentication Flow
- SharePoint 2013 Authentication Flow
- Provider-Hosted Apps amp App Identity
- OAuth 20 Primer
- Windows Azure ACS
- What is a Server-to-Server (S2S) Trust
- Developing Apps that use S2S Trusts
- OAuth amp S2S Trusts
- What You Might Not Be Aware Of 1
- Creating Apps with Identities amp Permissions
- What You Might Not Be Aware Of 2
- The Sandbox Isnrsquot Dead
- App Model Parting Thoughts
- CSOM in SharePoint 2010
- Changes in SharePoint 2013
- What is covered in the new CSOM
- SharePoint 2013 Remote API Architecture
- What About ListDatasvc
- Changes to CSOM in SharePoint 2013
- CSOM using Managed Code
- CSOM using JavaScript
- Programming CSOM with C
- REST URLs in SharePoint 2013
- Mapping Objects to Resources
- Testing REST Calls Through the Browser
- Executing REST Queries Through The Browser
- Returning ATOM XML vs JSON
- REST Query from Managed Code
- REST Query Using JavaScript amp jQuery
- Updates and the Form Digest
- Creating Lists with Managed Code amp REST
- Creating Lists with JavaScript and REST
- Querying and Updating Content Using REST
- Questions Want to Learn More
-
wwwAndrewConnellcom
AndrewConnell
Provider-Hosted Apps amp App Identity
OAuth (via Azure ACS)
High-Trust (via S2S Trust amp
certificates)
bull Apps can obtain an identity using one of two methods
wwwAndrewConnellcom
AndrewConnell
OAuth 20 Primer
What is OAuthInternet protocol for creating and managing app identityA cross-platform mechanism for authenticating appsInternet standard used by Facebook Google
and Twitter
SharePoint 2013 use OAuth to establish app identitySharePoint integration with OAuth based on Azure ACSOAuth authentication used in Office 365 but not on-premises farms
wwwAndrewConnellcom
AndrewConnell
Windows Azure ACS
Windows Azure Access Control Service (ACS)Required to use OAuth with SharePoint 2013ACS server acts as authentication serverACS server must be trusted by content serverACS server must be trusted by client app
How is ACS configured as authentication serverIts configured automatically in Office 365 tenanciesNot supported in on-prem farms in SharePoint 2013
wwwAndrewConnellcom
AndrewConnell
What is a Server-to-Server (S2S) Trust
Trusted connection between client app and SharePoint Eliminates need for ACS when running apps in on-premises farm
Trust between servers configured using SSL certificates
App code requires access to private key of SSL certificate
Requires creating Security Token Service on SharePoint server(s)
wwwAndrewConnellcom
AndrewConnell
Developing Apps that use S2S Trusts
What are the developer responsibilities with an S2S app Expose an endpoint to SharePoint to
discover service metadata Authenticate the user (can use Windows Auth FBA etc) Create security tokens to send to SharePoint server
Details of creating the S2S security token S2S token like OAuth token but differs from
OAuth specification Security token must contain app identity Security token can optionally include user identity Security token must be signed using certificatersquos private key
wwwAndrewConnellcom
AndrewConnell
OAuth amp S2S Trusts
OAuth Enabled Apps Before deployment marketplace app must be registered with Azure ACS Apps obtain their identity token from Azure ACS When calling SharePoint app includes OAuth token SharePoint trusts Azure ACS
On-Prem deployments will typically use S2S Before deployment app must be
registered with SharePoint Developer registers a certificate with SharePoint amp associates app with
certificate App creates token using private key of certificate SharePoint trusts this token because it was signed with the private key
wwwAndrewConnellcom
AndrewConnell
What You Might Not Be Aware Of 1
OAuth is only supported in Office 365No support in On-Prem deployments at RTMWhy
Possible update to this story after RTMExtra stepsHotfixCumulative UpdateService PackNext Version
wwwAndrewConnellcom
AndrewConnell
Creating Apps with Identities amp Permissions
wwwAndrewConnellcom
AndrewConnell
What You Might Not Be Aware Of 2
Office 365 Azure
bull ldquoPrivate Cloudrdquobull Azure Web Sitesbull SQL Azure DBsbull Access Control Service
Windows Azure
bull wwwazurecombull Cloud servicesbull Web Sitesbull Virtual Machinesbull Storage (blob queue table)bull Service Busbull SQL Azurebull Access Control Servicebull hellip
Office 365 Azure = Windows Azure
wwwAndrewConnellcom
AndrewConnell
The Sandbox Isnrsquot Dead
Where you build sandbox solutions try to replace them with SharePoint Apps
There are many scenarios where Apps canrsquot replace sandbox solutions
Some things are ONLY possible with sandboxed solutions in a hosted deployment
Remember they are deprecated not dead
wwwAndrewConnellcom
AndrewConnell
App Model Parting Thoughts
SharePoint ALM has always been hard NET ALM gt SharePoint ALM
More tools more mature more documentation amp support No longer limited to what SharePoint supports
Latest version of the NET Framework New ldquotoysrdquo (MVC Entity Framework etc) Not limited to any technology stack infrastructure
Working with service layer vs server side API More community tools amp libraries to choose from Can follow more ldquostandardsrdquo
Donrsquot have to scale SharePoint can now just scale the app
wwwAndrewConnellcom
AndrewConnell
CSOM in SharePoint 2010
CSOM made accessible through clientsvcDirect access to clientsvc not supportedCalls to clientsvc must go through
supported entry pointsSupported entry points
NETSilverlight JavaScript
wwwAndrewConnellcom
AndrewConnell
Changes in SharePoint 2013
clientsvc extended with REST capabilitiesclientsvc now supports direct access from
REST clientsclientsvc accepts HTTP GET PUT POST requestsImplemented in accordance with OData protocol
CSOM extended with new APIsNew APIs for SharePoint Server functionalityNew API for Windows Phone Applications
wwwAndrewConnellcom
AndrewConnell
What is covered in the new CSOM
New APIs with SharePoint Server functionality User Profiles
Search
Taxonomy
Feeds
Publishing
Sharing
Workflow
E-Discovery
IRM
Analytics
Business Data
wwwAndrewConnellcom
AndrewConnell
SharePoint 2013 Remote API Architecture
JavaScript Library
Silverlight Library
Net CLR Library
Custom Client Code
Client
Server
_api is new alias for _vti_binclientsvc
OData
Execute Query
wwwAndrewConnellcom
AndrewConnell
What About ListDatasvc
ListDatasvc added REST support for reading amp writing to SharePoint lists in SharePoint 2010
Still present in SharePoint 2013 but primarily only for backwards capability Existing code wonrsquot break
New development recommendation use new SharePoint 2013 RESTOData API
wwwAndrewConnellcom
AndrewConnell
Changes to CSOM in SharePoint 2013
SharePoint Foundation 2013No significant changes to CSOM beyond REST supportPrimary investment was adding REST to existing API
SharePoint Server 2013New APIs added with CSOM and REST support
wwwAndrewConnellcom
AndrewConnell
CSOM using Managed CodeClientContext cc = new ClientContext(httpclientsidewingtipcom)ccCredentials = CredentialCacheDefaultCredentialsWeb site = ccWebListCollection lists = siteLists load site infoccLoad(site s =gt sTitle)ccExecuteQuery()ConsoleWriteLine(Site Title + siteTitle) create listListCreationInformation newList = new ListCreationInformation()newListTitle = Customers CSOMnewListUrl = ListsCustomers_CSOMnewListQuickLaunchOption = QuickLaunchOptionsOnnewListTemplateType = (int)ListTemplateTypeContactssiteListsAdd(newList) refresh lists collectionccLoad(lists) make round trip to Web server to do all the workccExecuteQuery() foreach (List list in lists) ConsoleWriteLine(listTitle)
wwwAndrewConnellcom
AndrewConnell
CSOM using JavaScriptvar ctxvar webvar lists $(onPageLoad) function onPageLoad() ExecuteOrDelayUntilScriptLoaded(initCSOM spjs) function initCSOM() ctx = SPClientContextget_current() web = ctxget_web() ctxload(web) ctxload(webget_currentUser()) lists = webget_lists() ctxload(lists) ctxexecuteQueryAsync(onDisplaySiteInfo onError) function onDisplaySiteInfo() var siteTitle = webget_title() var siteId = webget_id()toString() var siteUrl = webget_url() var currentUser = webget_currentUser()get_loginName() do something with these values function onError(sender args) alert(JSONstringify(args))
wwwAndrewConnellcom
AndrewConnell
Programming CSOM with C
wwwAndrewConnellcom
AndrewConnell
REST URLs in SharePoint 2013
CSOM URLS can go through _api folderSimplifies URLs that need to be builtRemoves clientsvc file name from URL
You can replace this URLhttpwingtipserver_vti_binclientsvcweb
With this URLhttpwingtipserver_apiweb
wwwAndrewConnellcom
AndrewConnell
Mapping Objects to Resources
Example REST URLs targeting SharePoint sites
http[]_apiweblists
http[]_apiweblistsgetByTitle(lsquoContacts)
http[]_apiwebgetAvailableWebTemplates(lcid=1033)
wwwAndrewConnellcom
AndrewConnell
Testing REST Calls Through the Browser
wwwAndrewConnellcom
AndrewConnell
Executing REST Queries Through The Browser
wwwAndrewConnellcom
AndrewConnell
Returning ATOM XML vs JSON
Control data format response withACCEPT header
ATOM-PUB (XML) Verbose
Easier to read
ACCEPT = applicationatom+xml
JSON Condensed notation
Smaller payload
ACCEPT = applicationjsonodata=verbose
d __metadata idF05C411B-943E-42A0-A5DF-205F5C75E673 urihttpintranetwingtipcom_apiWebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2) etag0 typeSPList Id0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2 TitleDocuments
ltentry xmlbase=httpintranetwingtipcom_api xmlns=httpwwww3org2005Atom xmlnsd=httpschemasmicrosoftcomado200708dataservices xmlnsm=httpschemasmicrosoftcomado200708dataservicesmetadata metag=ampquot0ampquotgt ltidgthttpintranetwingtipcom_apiWebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2)ltidgt ltcategory term=SPList scheme=httpschemasmicrosoftcomado200708dataservicesscheme gt ltlink rel=edit href=WebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2) gt lttitle gt ltupdatedgt2012-10-05T205347Zltupdatedgt ltauthorgt ltname gt ltauthorgt ltcontent type=applicationxmlgt ltmpropertiesgt ltdTitlegtDocumentsltdTitlegt ltmpropertiesgt ltcontentgtltentrygt
wwwAndrewConnellcom
AndrewConnell
REST Query from Managed Code
Tips for making REST calls from managed codeUse HttpWebRequest amp HttpWebResponseQuery XML using XDocumentDescendantsOr use JSON amp JavascriptSeralizer JSONNET
build requestUri uri = new Uri(siteUrl + _apiweblistsgetByTitle(Documents)ampselect=Title)HttpWebRequest request = WebRequestCreate(uri) as HttpWebRequestrequestCredentials = CredentialCacheDefaultCredentialsrequestAccept = applicationatom+xml send requestHttpWebResponse response = requestGetResponse() as HttpWebResponse use LINQ to XML to get dataXDocument doc = XDocumentLoad(responseGetResponseStream())XNamespace nsDataService = httpschemasmicrosoftcomado200708dataservicesstring title = docDescendants(nsDataService + Title)First()Value
wwwAndrewConnellcom
AndrewConnell
REST Query Using JavaScript amp jQuery
$(onPageLoad) function onPageLoad() $(cmdGetSiteInfo)click(onGetSiteInfo) function onGetSiteInfo() var requestUri = _spPageContextInfowebAbsoluteUrl + _apiWeb$select=Title execute AJAX request jqxhr = $getJSON(requestUri null OnDataReturned) jqxhrerror(onError) function OnDataReturned(data) var odataResults = datad var siteTitle= odataResultsTitle $(results)html(Title + siteTitle) function onError(err) $(results)text(ERROR + JSONstringify(err))
d __metadata idF05C411B-943E-42A0-A5DF-205F5C75E673 urihttpintranetwingtipcom_apiWeb typeSPWeb Id0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2 TitleMy Site Title
wwwAndrewConnellcom
AndrewConnell
Updates and the Form Digest
Updates using REST require Form DigestSpecial value created using cryptographyUsed to protect against replay attackSharePoint pages include control that contains the Form
DigestWeb service clients must acquire Form
Digest separatelyForm Digest can be acquired through
httpsite_vti_binsitesasmx
wwwAndrewConnellcom
AndrewConnell
Creating Lists with Managed Code amp REST
Parse together URL to point to lists collectionAdd X-RequestDigest header with form
digest valueSet HTTP method to POSTCreate body content with new list info
wwwAndrewConnellcom
AndrewConnell
Creating Lists with JavaScript and REST
function onCreateList() var newList = __metadata typeSPList BaseTemplate105 TemplateFeatureId4AE88D99-DBBC-4B9E-95CC-CA3C320A2345 TitleNewListName var requestHeaders = ACCEPTapplicationjson X-RequestDigest$(__REQUESTDIGEST)val() $ajax( url _spPageContextInfowebAbsoluteUrl + _apiweblists type POST contentType applicationjson data JSONstringify(newList) headers requestHeaders success onSuccess error onError )
Create appropriate JavaScript object and convert to JSON format for request body
Get form digest value from control on page
Create request headers for HTTP Request
Send request to Web server using jQuery $ajax function
Convert request body data to string-based JSON object
wwwAndrewConnellcom
AndrewConnell
Querying and Updating Content Using REST
wwwAndrewConnellcom
AndrewConnell
Questions Want to Learn More
SharePoint Courses for Everyone SharePoint 2007 2010 amp 2013 Developers Administrators amp End Users
Get Training How You Like it Hands-On (classroom with hands-on
labs) Online (live webcast with take-away labs)
Private Classes Available for Large Groups
SharePoint Courses for Everyone SharePoint 2007 2010 amp 2013 Developers Administrators amp End Users
Individual Small Business amp Enterprise Plans Monthly or Annual Subscriptions Watch Online amp Offline
Subscribers Have Access to Entire Catalog
wwwCriticalPathTrainingcom
Hands-On amp Virtual Training
wwwPluralsightcom
On-Demand Training
meandrewconnellcom
- Building Apps for SharePoint 2013 Inside and Outside of the Fir
- Slide 2
- Agenda
- SharePoint 2013 Deployment Options
- Overview of the SharePoint App Model
- App Installation Scopes
- SharePoint App Architecture
- Creating SharePoint Hosted amp Cloud-Hosted Apps
- App Web
- Inspecting the AppWeb
- App Shapes
- App Shapes ndash What It Really Is
- Inspecting App Shapes
- Authentication in SharePoint 2013
- User vs App Authentication Flow
- SharePoint 2013 Authentication Flow
- Provider-Hosted Apps amp App Identity
- OAuth 20 Primer
- Windows Azure ACS
- What is a Server-to-Server (S2S) Trust
- Developing Apps that use S2S Trusts
- OAuth amp S2S Trusts
- What You Might Not Be Aware Of 1
- Creating Apps with Identities amp Permissions
- What You Might Not Be Aware Of 2
- The Sandbox Isnrsquot Dead
- App Model Parting Thoughts
- CSOM in SharePoint 2010
- Changes in SharePoint 2013
- What is covered in the new CSOM
- SharePoint 2013 Remote API Architecture
- What About ListDatasvc
- Changes to CSOM in SharePoint 2013
- CSOM using Managed Code
- CSOM using JavaScript
- Programming CSOM with C
- REST URLs in SharePoint 2013
- Mapping Objects to Resources
- Testing REST Calls Through the Browser
- Executing REST Queries Through The Browser
- Returning ATOM XML vs JSON
- REST Query from Managed Code
- REST Query Using JavaScript amp jQuery
- Updates and the Form Digest
- Creating Lists with Managed Code amp REST
- Creating Lists with JavaScript and REST
- Querying and Updating Content Using REST
- Questions Want to Learn More
-
wwwAndrewConnellcom
AndrewConnell
OAuth 20 Primer
What is OAuthInternet protocol for creating and managing app identityA cross-platform mechanism for authenticating appsInternet standard used by Facebook Google
and Twitter
SharePoint 2013 use OAuth to establish app identitySharePoint integration with OAuth based on Azure ACSOAuth authentication used in Office 365 but not on-premises farms
wwwAndrewConnellcom
AndrewConnell
Windows Azure ACS
Windows Azure Access Control Service (ACS)Required to use OAuth with SharePoint 2013ACS server acts as authentication serverACS server must be trusted by content serverACS server must be trusted by client app
How is ACS configured as authentication serverIts configured automatically in Office 365 tenanciesNot supported in on-prem farms in SharePoint 2013
wwwAndrewConnellcom
AndrewConnell
What is a Server-to-Server (S2S) Trust
Trusted connection between client app and SharePoint Eliminates need for ACS when running apps in on-premises farm
Trust between servers configured using SSL certificates
App code requires access to private key of SSL certificate
Requires creating Security Token Service on SharePoint server(s)
wwwAndrewConnellcom
AndrewConnell
Developing Apps that use S2S Trusts
What are the developer responsibilities with an S2S app Expose an endpoint to SharePoint to
discover service metadata Authenticate the user (can use Windows Auth FBA etc) Create security tokens to send to SharePoint server
Details of creating the S2S security token S2S token like OAuth token but differs from
OAuth specification Security token must contain app identity Security token can optionally include user identity Security token must be signed using certificatersquos private key
wwwAndrewConnellcom
AndrewConnell
OAuth amp S2S Trusts
OAuth Enabled Apps Before deployment marketplace app must be registered with Azure ACS Apps obtain their identity token from Azure ACS When calling SharePoint app includes OAuth token SharePoint trusts Azure ACS
On-Prem deployments will typically use S2S Before deployment app must be
registered with SharePoint Developer registers a certificate with SharePoint amp associates app with
certificate App creates token using private key of certificate SharePoint trusts this token because it was signed with the private key
wwwAndrewConnellcom
AndrewConnell
What You Might Not Be Aware Of 1
OAuth is only supported in Office 365No support in On-Prem deployments at RTMWhy
Possible update to this story after RTMExtra stepsHotfixCumulative UpdateService PackNext Version
wwwAndrewConnellcom
AndrewConnell
Creating Apps with Identities amp Permissions
wwwAndrewConnellcom
AndrewConnell
What You Might Not Be Aware Of 2
Office 365 Azure
bull ldquoPrivate Cloudrdquobull Azure Web Sitesbull SQL Azure DBsbull Access Control Service
Windows Azure
bull wwwazurecombull Cloud servicesbull Web Sitesbull Virtual Machinesbull Storage (blob queue table)bull Service Busbull SQL Azurebull Access Control Servicebull hellip
Office 365 Azure = Windows Azure
wwwAndrewConnellcom
AndrewConnell
The Sandbox Isnrsquot Dead
Where you build sandbox solutions try to replace them with SharePoint Apps
There are many scenarios where Apps canrsquot replace sandbox solutions
Some things are ONLY possible with sandboxed solutions in a hosted deployment
Remember they are deprecated not dead
wwwAndrewConnellcom
AndrewConnell
App Model Parting Thoughts
SharePoint ALM has always been hard NET ALM gt SharePoint ALM
More tools more mature more documentation amp support No longer limited to what SharePoint supports
Latest version of the NET Framework New ldquotoysrdquo (MVC Entity Framework etc) Not limited to any technology stack infrastructure
Working with service layer vs server side API More community tools amp libraries to choose from Can follow more ldquostandardsrdquo
Donrsquot have to scale SharePoint can now just scale the app
wwwAndrewConnellcom
AndrewConnell
CSOM in SharePoint 2010
CSOM made accessible through clientsvcDirect access to clientsvc not supportedCalls to clientsvc must go through
supported entry pointsSupported entry points
NETSilverlight JavaScript
wwwAndrewConnellcom
AndrewConnell
Changes in SharePoint 2013
clientsvc extended with REST capabilitiesclientsvc now supports direct access from
REST clientsclientsvc accepts HTTP GET PUT POST requestsImplemented in accordance with OData protocol
CSOM extended with new APIsNew APIs for SharePoint Server functionalityNew API for Windows Phone Applications
wwwAndrewConnellcom
AndrewConnell
What is covered in the new CSOM
New APIs with SharePoint Server functionality User Profiles
Search
Taxonomy
Feeds
Publishing
Sharing
Workflow
E-Discovery
IRM
Analytics
Business Data
wwwAndrewConnellcom
AndrewConnell
SharePoint 2013 Remote API Architecture
JavaScript Library
Silverlight Library
Net CLR Library
Custom Client Code
Client
Server
_api is new alias for _vti_binclientsvc
OData
Execute Query
wwwAndrewConnellcom
AndrewConnell
What About ListDatasvc
ListDatasvc added REST support for reading amp writing to SharePoint lists in SharePoint 2010
Still present in SharePoint 2013 but primarily only for backwards capability Existing code wonrsquot break
New development recommendation use new SharePoint 2013 RESTOData API
wwwAndrewConnellcom
AndrewConnell
Changes to CSOM in SharePoint 2013
SharePoint Foundation 2013No significant changes to CSOM beyond REST supportPrimary investment was adding REST to existing API
SharePoint Server 2013New APIs added with CSOM and REST support
wwwAndrewConnellcom
AndrewConnell
CSOM using Managed CodeClientContext cc = new ClientContext(httpclientsidewingtipcom)ccCredentials = CredentialCacheDefaultCredentialsWeb site = ccWebListCollection lists = siteLists load site infoccLoad(site s =gt sTitle)ccExecuteQuery()ConsoleWriteLine(Site Title + siteTitle) create listListCreationInformation newList = new ListCreationInformation()newListTitle = Customers CSOMnewListUrl = ListsCustomers_CSOMnewListQuickLaunchOption = QuickLaunchOptionsOnnewListTemplateType = (int)ListTemplateTypeContactssiteListsAdd(newList) refresh lists collectionccLoad(lists) make round trip to Web server to do all the workccExecuteQuery() foreach (List list in lists) ConsoleWriteLine(listTitle)
wwwAndrewConnellcom
AndrewConnell
CSOM using JavaScriptvar ctxvar webvar lists $(onPageLoad) function onPageLoad() ExecuteOrDelayUntilScriptLoaded(initCSOM spjs) function initCSOM() ctx = SPClientContextget_current() web = ctxget_web() ctxload(web) ctxload(webget_currentUser()) lists = webget_lists() ctxload(lists) ctxexecuteQueryAsync(onDisplaySiteInfo onError) function onDisplaySiteInfo() var siteTitle = webget_title() var siteId = webget_id()toString() var siteUrl = webget_url() var currentUser = webget_currentUser()get_loginName() do something with these values function onError(sender args) alert(JSONstringify(args))
wwwAndrewConnellcom
AndrewConnell
Programming CSOM with C
wwwAndrewConnellcom
AndrewConnell
REST URLs in SharePoint 2013
CSOM URLS can go through _api folderSimplifies URLs that need to be builtRemoves clientsvc file name from URL
You can replace this URLhttpwingtipserver_vti_binclientsvcweb
With this URLhttpwingtipserver_apiweb
wwwAndrewConnellcom
AndrewConnell
Mapping Objects to Resources
Example REST URLs targeting SharePoint sites
http[]_apiweblists
http[]_apiweblistsgetByTitle(lsquoContacts)
http[]_apiwebgetAvailableWebTemplates(lcid=1033)
wwwAndrewConnellcom
AndrewConnell
Testing REST Calls Through the Browser
wwwAndrewConnellcom
AndrewConnell
Executing REST Queries Through The Browser
wwwAndrewConnellcom
AndrewConnell
Returning ATOM XML vs JSON
Control data format response withACCEPT header
ATOM-PUB (XML) Verbose
Easier to read
ACCEPT = applicationatom+xml
JSON Condensed notation
Smaller payload
ACCEPT = applicationjsonodata=verbose
d __metadata idF05C411B-943E-42A0-A5DF-205F5C75E673 urihttpintranetwingtipcom_apiWebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2) etag0 typeSPList Id0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2 TitleDocuments
ltentry xmlbase=httpintranetwingtipcom_api xmlns=httpwwww3org2005Atom xmlnsd=httpschemasmicrosoftcomado200708dataservices xmlnsm=httpschemasmicrosoftcomado200708dataservicesmetadata metag=ampquot0ampquotgt ltidgthttpintranetwingtipcom_apiWebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2)ltidgt ltcategory term=SPList scheme=httpschemasmicrosoftcomado200708dataservicesscheme gt ltlink rel=edit href=WebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2) gt lttitle gt ltupdatedgt2012-10-05T205347Zltupdatedgt ltauthorgt ltname gt ltauthorgt ltcontent type=applicationxmlgt ltmpropertiesgt ltdTitlegtDocumentsltdTitlegt ltmpropertiesgt ltcontentgtltentrygt
wwwAndrewConnellcom
AndrewConnell
REST Query from Managed Code
Tips for making REST calls from managed codeUse HttpWebRequest amp HttpWebResponseQuery XML using XDocumentDescendantsOr use JSON amp JavascriptSeralizer JSONNET
build requestUri uri = new Uri(siteUrl + _apiweblistsgetByTitle(Documents)ampselect=Title)HttpWebRequest request = WebRequestCreate(uri) as HttpWebRequestrequestCredentials = CredentialCacheDefaultCredentialsrequestAccept = applicationatom+xml send requestHttpWebResponse response = requestGetResponse() as HttpWebResponse use LINQ to XML to get dataXDocument doc = XDocumentLoad(responseGetResponseStream())XNamespace nsDataService = httpschemasmicrosoftcomado200708dataservicesstring title = docDescendants(nsDataService + Title)First()Value
wwwAndrewConnellcom
AndrewConnell
REST Query Using JavaScript amp jQuery
$(onPageLoad) function onPageLoad() $(cmdGetSiteInfo)click(onGetSiteInfo) function onGetSiteInfo() var requestUri = _spPageContextInfowebAbsoluteUrl + _apiWeb$select=Title execute AJAX request jqxhr = $getJSON(requestUri null OnDataReturned) jqxhrerror(onError) function OnDataReturned(data) var odataResults = datad var siteTitle= odataResultsTitle $(results)html(Title + siteTitle) function onError(err) $(results)text(ERROR + JSONstringify(err))
d __metadata idF05C411B-943E-42A0-A5DF-205F5C75E673 urihttpintranetwingtipcom_apiWeb typeSPWeb Id0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2 TitleMy Site Title
wwwAndrewConnellcom
AndrewConnell
Updates and the Form Digest
Updates using REST require Form DigestSpecial value created using cryptographyUsed to protect against replay attackSharePoint pages include control that contains the Form
DigestWeb service clients must acquire Form
Digest separatelyForm Digest can be acquired through
httpsite_vti_binsitesasmx
wwwAndrewConnellcom
AndrewConnell
Creating Lists with Managed Code amp REST
Parse together URL to point to lists collectionAdd X-RequestDigest header with form
digest valueSet HTTP method to POSTCreate body content with new list info
wwwAndrewConnellcom
AndrewConnell
Creating Lists with JavaScript and REST
function onCreateList() var newList = __metadata typeSPList BaseTemplate105 TemplateFeatureId4AE88D99-DBBC-4B9E-95CC-CA3C320A2345 TitleNewListName var requestHeaders = ACCEPTapplicationjson X-RequestDigest$(__REQUESTDIGEST)val() $ajax( url _spPageContextInfowebAbsoluteUrl + _apiweblists type POST contentType applicationjson data JSONstringify(newList) headers requestHeaders success onSuccess error onError )
Create appropriate JavaScript object and convert to JSON format for request body
Get form digest value from control on page
Create request headers for HTTP Request
Send request to Web server using jQuery $ajax function
Convert request body data to string-based JSON object
wwwAndrewConnellcom
AndrewConnell
Querying and Updating Content Using REST
wwwAndrewConnellcom
AndrewConnell
Questions Want to Learn More
SharePoint Courses for Everyone SharePoint 2007 2010 amp 2013 Developers Administrators amp End Users
Get Training How You Like it Hands-On (classroom with hands-on
labs) Online (live webcast with take-away labs)
Private Classes Available for Large Groups
SharePoint Courses for Everyone SharePoint 2007 2010 amp 2013 Developers Administrators amp End Users
Individual Small Business amp Enterprise Plans Monthly or Annual Subscriptions Watch Online amp Offline
Subscribers Have Access to Entire Catalog
wwwCriticalPathTrainingcom
Hands-On amp Virtual Training
wwwPluralsightcom
On-Demand Training
meandrewconnellcom
- Building Apps for SharePoint 2013 Inside and Outside of the Fir
- Slide 2
- Agenda
- SharePoint 2013 Deployment Options
- Overview of the SharePoint App Model
- App Installation Scopes
- SharePoint App Architecture
- Creating SharePoint Hosted amp Cloud-Hosted Apps
- App Web
- Inspecting the AppWeb
- App Shapes
- App Shapes ndash What It Really Is
- Inspecting App Shapes
- Authentication in SharePoint 2013
- User vs App Authentication Flow
- SharePoint 2013 Authentication Flow
- Provider-Hosted Apps amp App Identity
- OAuth 20 Primer
- Windows Azure ACS
- What is a Server-to-Server (S2S) Trust
- Developing Apps that use S2S Trusts
- OAuth amp S2S Trusts
- What You Might Not Be Aware Of 1
- Creating Apps with Identities amp Permissions
- What You Might Not Be Aware Of 2
- The Sandbox Isnrsquot Dead
- App Model Parting Thoughts
- CSOM in SharePoint 2010
- Changes in SharePoint 2013
- What is covered in the new CSOM
- SharePoint 2013 Remote API Architecture
- What About ListDatasvc
- Changes to CSOM in SharePoint 2013
- CSOM using Managed Code
- CSOM using JavaScript
- Programming CSOM with C
- REST URLs in SharePoint 2013
- Mapping Objects to Resources
- Testing REST Calls Through the Browser
- Executing REST Queries Through The Browser
- Returning ATOM XML vs JSON
- REST Query from Managed Code
- REST Query Using JavaScript amp jQuery
- Updates and the Form Digest
- Creating Lists with Managed Code amp REST
- Creating Lists with JavaScript and REST
- Querying and Updating Content Using REST
- Questions Want to Learn More
-
wwwAndrewConnellcom
AndrewConnell
Windows Azure ACS
Windows Azure Access Control Service (ACS)Required to use OAuth with SharePoint 2013ACS server acts as authentication serverACS server must be trusted by content serverACS server must be trusted by client app
How is ACS configured as authentication serverIts configured automatically in Office 365 tenanciesNot supported in on-prem farms in SharePoint 2013
wwwAndrewConnellcom
AndrewConnell
What is a Server-to-Server (S2S) Trust
Trusted connection between client app and SharePoint Eliminates need for ACS when running apps in on-premises farm
Trust between servers configured using SSL certificates
App code requires access to private key of SSL certificate
Requires creating Security Token Service on SharePoint server(s)
wwwAndrewConnellcom
AndrewConnell
Developing Apps that use S2S Trusts
What are the developer responsibilities with an S2S app Expose an endpoint to SharePoint to
discover service metadata Authenticate the user (can use Windows Auth FBA etc) Create security tokens to send to SharePoint server
Details of creating the S2S security token S2S token like OAuth token but differs from
OAuth specification Security token must contain app identity Security token can optionally include user identity Security token must be signed using certificatersquos private key
wwwAndrewConnellcom
AndrewConnell
OAuth amp S2S Trusts
OAuth Enabled Apps Before deployment marketplace app must be registered with Azure ACS Apps obtain their identity token from Azure ACS When calling SharePoint app includes OAuth token SharePoint trusts Azure ACS
On-Prem deployments will typically use S2S Before deployment app must be
registered with SharePoint Developer registers a certificate with SharePoint amp associates app with
certificate App creates token using private key of certificate SharePoint trusts this token because it was signed with the private key
wwwAndrewConnellcom
AndrewConnell
What You Might Not Be Aware Of 1
OAuth is only supported in Office 365No support in On-Prem deployments at RTMWhy
Possible update to this story after RTMExtra stepsHotfixCumulative UpdateService PackNext Version
wwwAndrewConnellcom
AndrewConnell
Creating Apps with Identities amp Permissions
wwwAndrewConnellcom
AndrewConnell
What You Might Not Be Aware Of 2
Office 365 Azure
bull ldquoPrivate Cloudrdquobull Azure Web Sitesbull SQL Azure DBsbull Access Control Service
Windows Azure
bull wwwazurecombull Cloud servicesbull Web Sitesbull Virtual Machinesbull Storage (blob queue table)bull Service Busbull SQL Azurebull Access Control Servicebull hellip
Office 365 Azure = Windows Azure
wwwAndrewConnellcom
AndrewConnell
The Sandbox Isnrsquot Dead
Where you build sandbox solutions try to replace them with SharePoint Apps
There are many scenarios where Apps canrsquot replace sandbox solutions
Some things are ONLY possible with sandboxed solutions in a hosted deployment
Remember they are deprecated not dead
wwwAndrewConnellcom
AndrewConnell
App Model Parting Thoughts
SharePoint ALM has always been hard NET ALM gt SharePoint ALM
More tools more mature more documentation amp support No longer limited to what SharePoint supports
Latest version of the NET Framework New ldquotoysrdquo (MVC Entity Framework etc) Not limited to any technology stack infrastructure
Working with service layer vs server side API More community tools amp libraries to choose from Can follow more ldquostandardsrdquo
Donrsquot have to scale SharePoint can now just scale the app
wwwAndrewConnellcom
AndrewConnell
CSOM in SharePoint 2010
CSOM made accessible through clientsvcDirect access to clientsvc not supportedCalls to clientsvc must go through
supported entry pointsSupported entry points
NETSilverlight JavaScript
wwwAndrewConnellcom
AndrewConnell
Changes in SharePoint 2013
clientsvc extended with REST capabilitiesclientsvc now supports direct access from
REST clientsclientsvc accepts HTTP GET PUT POST requestsImplemented in accordance with OData protocol
CSOM extended with new APIsNew APIs for SharePoint Server functionalityNew API for Windows Phone Applications
wwwAndrewConnellcom
AndrewConnell
What is covered in the new CSOM
New APIs with SharePoint Server functionality User Profiles
Search
Taxonomy
Feeds
Publishing
Sharing
Workflow
E-Discovery
IRM
Analytics
Business Data
wwwAndrewConnellcom
AndrewConnell
SharePoint 2013 Remote API Architecture
JavaScript Library
Silverlight Library
Net CLR Library
Custom Client Code
Client
Server
_api is new alias for _vti_binclientsvc
OData
Execute Query
wwwAndrewConnellcom
AndrewConnell
What About ListDatasvc
ListDatasvc added REST support for reading amp writing to SharePoint lists in SharePoint 2010
Still present in SharePoint 2013 but primarily only for backwards capability Existing code wonrsquot break
New development recommendation use new SharePoint 2013 RESTOData API
wwwAndrewConnellcom
AndrewConnell
Changes to CSOM in SharePoint 2013
SharePoint Foundation 2013No significant changes to CSOM beyond REST supportPrimary investment was adding REST to existing API
SharePoint Server 2013New APIs added with CSOM and REST support
wwwAndrewConnellcom
AndrewConnell
CSOM using Managed CodeClientContext cc = new ClientContext(httpclientsidewingtipcom)ccCredentials = CredentialCacheDefaultCredentialsWeb site = ccWebListCollection lists = siteLists load site infoccLoad(site s =gt sTitle)ccExecuteQuery()ConsoleWriteLine(Site Title + siteTitle) create listListCreationInformation newList = new ListCreationInformation()newListTitle = Customers CSOMnewListUrl = ListsCustomers_CSOMnewListQuickLaunchOption = QuickLaunchOptionsOnnewListTemplateType = (int)ListTemplateTypeContactssiteListsAdd(newList) refresh lists collectionccLoad(lists) make round trip to Web server to do all the workccExecuteQuery() foreach (List list in lists) ConsoleWriteLine(listTitle)
wwwAndrewConnellcom
AndrewConnell
CSOM using JavaScriptvar ctxvar webvar lists $(onPageLoad) function onPageLoad() ExecuteOrDelayUntilScriptLoaded(initCSOM spjs) function initCSOM() ctx = SPClientContextget_current() web = ctxget_web() ctxload(web) ctxload(webget_currentUser()) lists = webget_lists() ctxload(lists) ctxexecuteQueryAsync(onDisplaySiteInfo onError) function onDisplaySiteInfo() var siteTitle = webget_title() var siteId = webget_id()toString() var siteUrl = webget_url() var currentUser = webget_currentUser()get_loginName() do something with these values function onError(sender args) alert(JSONstringify(args))
wwwAndrewConnellcom
AndrewConnell
Programming CSOM with C
wwwAndrewConnellcom
AndrewConnell
REST URLs in SharePoint 2013
CSOM URLS can go through _api folderSimplifies URLs that need to be builtRemoves clientsvc file name from URL
You can replace this URLhttpwingtipserver_vti_binclientsvcweb
With this URLhttpwingtipserver_apiweb
wwwAndrewConnellcom
AndrewConnell
Mapping Objects to Resources
Example REST URLs targeting SharePoint sites
http[]_apiweblists
http[]_apiweblistsgetByTitle(lsquoContacts)
http[]_apiwebgetAvailableWebTemplates(lcid=1033)
wwwAndrewConnellcom
AndrewConnell
Testing REST Calls Through the Browser
wwwAndrewConnellcom
AndrewConnell
Executing REST Queries Through The Browser
wwwAndrewConnellcom
AndrewConnell
Returning ATOM XML vs JSON
Control data format response withACCEPT header
ATOM-PUB (XML) Verbose
Easier to read
ACCEPT = applicationatom+xml
JSON Condensed notation
Smaller payload
ACCEPT = applicationjsonodata=verbose
d __metadata idF05C411B-943E-42A0-A5DF-205F5C75E673 urihttpintranetwingtipcom_apiWebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2) etag0 typeSPList Id0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2 TitleDocuments
ltentry xmlbase=httpintranetwingtipcom_api xmlns=httpwwww3org2005Atom xmlnsd=httpschemasmicrosoftcomado200708dataservices xmlnsm=httpschemasmicrosoftcomado200708dataservicesmetadata metag=ampquot0ampquotgt ltidgthttpintranetwingtipcom_apiWebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2)ltidgt ltcategory term=SPList scheme=httpschemasmicrosoftcomado200708dataservicesscheme gt ltlink rel=edit href=WebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2) gt lttitle gt ltupdatedgt2012-10-05T205347Zltupdatedgt ltauthorgt ltname gt ltauthorgt ltcontent type=applicationxmlgt ltmpropertiesgt ltdTitlegtDocumentsltdTitlegt ltmpropertiesgt ltcontentgtltentrygt
wwwAndrewConnellcom
AndrewConnell
REST Query from Managed Code
Tips for making REST calls from managed codeUse HttpWebRequest amp HttpWebResponseQuery XML using XDocumentDescendantsOr use JSON amp JavascriptSeralizer JSONNET
build requestUri uri = new Uri(siteUrl + _apiweblistsgetByTitle(Documents)ampselect=Title)HttpWebRequest request = WebRequestCreate(uri) as HttpWebRequestrequestCredentials = CredentialCacheDefaultCredentialsrequestAccept = applicationatom+xml send requestHttpWebResponse response = requestGetResponse() as HttpWebResponse use LINQ to XML to get dataXDocument doc = XDocumentLoad(responseGetResponseStream())XNamespace nsDataService = httpschemasmicrosoftcomado200708dataservicesstring title = docDescendants(nsDataService + Title)First()Value
wwwAndrewConnellcom
AndrewConnell
REST Query Using JavaScript amp jQuery
$(onPageLoad) function onPageLoad() $(cmdGetSiteInfo)click(onGetSiteInfo) function onGetSiteInfo() var requestUri = _spPageContextInfowebAbsoluteUrl + _apiWeb$select=Title execute AJAX request jqxhr = $getJSON(requestUri null OnDataReturned) jqxhrerror(onError) function OnDataReturned(data) var odataResults = datad var siteTitle= odataResultsTitle $(results)html(Title + siteTitle) function onError(err) $(results)text(ERROR + JSONstringify(err))
d __metadata idF05C411B-943E-42A0-A5DF-205F5C75E673 urihttpintranetwingtipcom_apiWeb typeSPWeb Id0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2 TitleMy Site Title
wwwAndrewConnellcom
AndrewConnell
Updates and the Form Digest
Updates using REST require Form DigestSpecial value created using cryptographyUsed to protect against replay attackSharePoint pages include control that contains the Form
DigestWeb service clients must acquire Form
Digest separatelyForm Digest can be acquired through
httpsite_vti_binsitesasmx
wwwAndrewConnellcom
AndrewConnell
Creating Lists with Managed Code amp REST
Parse together URL to point to lists collectionAdd X-RequestDigest header with form
digest valueSet HTTP method to POSTCreate body content with new list info
wwwAndrewConnellcom
AndrewConnell
Creating Lists with JavaScript and REST
function onCreateList() var newList = __metadata typeSPList BaseTemplate105 TemplateFeatureId4AE88D99-DBBC-4B9E-95CC-CA3C320A2345 TitleNewListName var requestHeaders = ACCEPTapplicationjson X-RequestDigest$(__REQUESTDIGEST)val() $ajax( url _spPageContextInfowebAbsoluteUrl + _apiweblists type POST contentType applicationjson data JSONstringify(newList) headers requestHeaders success onSuccess error onError )
Create appropriate JavaScript object and convert to JSON format for request body
Get form digest value from control on page
Create request headers for HTTP Request
Send request to Web server using jQuery $ajax function
Convert request body data to string-based JSON object
wwwAndrewConnellcom
AndrewConnell
Querying and Updating Content Using REST
wwwAndrewConnellcom
AndrewConnell
Questions Want to Learn More
SharePoint Courses for Everyone SharePoint 2007 2010 amp 2013 Developers Administrators amp End Users
Get Training How You Like it Hands-On (classroom with hands-on
labs) Online (live webcast with take-away labs)
Private Classes Available for Large Groups
SharePoint Courses for Everyone SharePoint 2007 2010 amp 2013 Developers Administrators amp End Users
Individual Small Business amp Enterprise Plans Monthly or Annual Subscriptions Watch Online amp Offline
Subscribers Have Access to Entire Catalog
wwwCriticalPathTrainingcom
Hands-On amp Virtual Training
wwwPluralsightcom
On-Demand Training
meandrewconnellcom
- Building Apps for SharePoint 2013 Inside and Outside of the Fir
- Slide 2
- Agenda
- SharePoint 2013 Deployment Options
- Overview of the SharePoint App Model
- App Installation Scopes
- SharePoint App Architecture
- Creating SharePoint Hosted amp Cloud-Hosted Apps
- App Web
- Inspecting the AppWeb
- App Shapes
- App Shapes ndash What It Really Is
- Inspecting App Shapes
- Authentication in SharePoint 2013
- User vs App Authentication Flow
- SharePoint 2013 Authentication Flow
- Provider-Hosted Apps amp App Identity
- OAuth 20 Primer
- Windows Azure ACS
- What is a Server-to-Server (S2S) Trust
- Developing Apps that use S2S Trusts
- OAuth amp S2S Trusts
- What You Might Not Be Aware Of 1
- Creating Apps with Identities amp Permissions
- What You Might Not Be Aware Of 2
- The Sandbox Isnrsquot Dead
- App Model Parting Thoughts
- CSOM in SharePoint 2010
- Changes in SharePoint 2013
- What is covered in the new CSOM
- SharePoint 2013 Remote API Architecture
- What About ListDatasvc
- Changes to CSOM in SharePoint 2013
- CSOM using Managed Code
- CSOM using JavaScript
- Programming CSOM with C
- REST URLs in SharePoint 2013
- Mapping Objects to Resources
- Testing REST Calls Through the Browser
- Executing REST Queries Through The Browser
- Returning ATOM XML vs JSON
- REST Query from Managed Code
- REST Query Using JavaScript amp jQuery
- Updates and the Form Digest
- Creating Lists with Managed Code amp REST
- Creating Lists with JavaScript and REST
- Querying and Updating Content Using REST
- Questions Want to Learn More
-
wwwAndrewConnellcom
AndrewConnell
What is a Server-to-Server (S2S) Trust
Trusted connection between client app and SharePoint Eliminates need for ACS when running apps in on-premises farm
Trust between servers configured using SSL certificates
App code requires access to private key of SSL certificate
Requires creating Security Token Service on SharePoint server(s)
wwwAndrewConnellcom
AndrewConnell
Developing Apps that use S2S Trusts
What are the developer responsibilities with an S2S app Expose an endpoint to SharePoint to
discover service metadata Authenticate the user (can use Windows Auth FBA etc) Create security tokens to send to SharePoint server
Details of creating the S2S security token S2S token like OAuth token but differs from
OAuth specification Security token must contain app identity Security token can optionally include user identity Security token must be signed using certificatersquos private key
wwwAndrewConnellcom
AndrewConnell
OAuth amp S2S Trusts
OAuth Enabled Apps Before deployment marketplace app must be registered with Azure ACS Apps obtain their identity token from Azure ACS When calling SharePoint app includes OAuth token SharePoint trusts Azure ACS
On-Prem deployments will typically use S2S Before deployment app must be
registered with SharePoint Developer registers a certificate with SharePoint amp associates app with
certificate App creates token using private key of certificate SharePoint trusts this token because it was signed with the private key
wwwAndrewConnellcom
AndrewConnell
What You Might Not Be Aware Of 1
OAuth is only supported in Office 365No support in On-Prem deployments at RTMWhy
Possible update to this story after RTMExtra stepsHotfixCumulative UpdateService PackNext Version
wwwAndrewConnellcom
AndrewConnell
Creating Apps with Identities amp Permissions
wwwAndrewConnellcom
AndrewConnell
What You Might Not Be Aware Of 2
Office 365 Azure
bull ldquoPrivate Cloudrdquobull Azure Web Sitesbull SQL Azure DBsbull Access Control Service
Windows Azure
bull wwwazurecombull Cloud servicesbull Web Sitesbull Virtual Machinesbull Storage (blob queue table)bull Service Busbull SQL Azurebull Access Control Servicebull hellip
Office 365 Azure = Windows Azure
wwwAndrewConnellcom
AndrewConnell
The Sandbox Isnrsquot Dead
Where you build sandbox solutions try to replace them with SharePoint Apps
There are many scenarios where Apps canrsquot replace sandbox solutions
Some things are ONLY possible with sandboxed solutions in a hosted deployment
Remember they are deprecated not dead
wwwAndrewConnellcom
AndrewConnell
App Model Parting Thoughts
SharePoint ALM has always been hard NET ALM gt SharePoint ALM
More tools more mature more documentation amp support No longer limited to what SharePoint supports
Latest version of the NET Framework New ldquotoysrdquo (MVC Entity Framework etc) Not limited to any technology stack infrastructure
Working with service layer vs server side API More community tools amp libraries to choose from Can follow more ldquostandardsrdquo
Donrsquot have to scale SharePoint can now just scale the app
wwwAndrewConnellcom
AndrewConnell
CSOM in SharePoint 2010
CSOM made accessible through clientsvcDirect access to clientsvc not supportedCalls to clientsvc must go through
supported entry pointsSupported entry points
NETSilverlight JavaScript
wwwAndrewConnellcom
AndrewConnell
Changes in SharePoint 2013
clientsvc extended with REST capabilitiesclientsvc now supports direct access from
REST clientsclientsvc accepts HTTP GET PUT POST requestsImplemented in accordance with OData protocol
CSOM extended with new APIsNew APIs for SharePoint Server functionalityNew API for Windows Phone Applications
wwwAndrewConnellcom
AndrewConnell
What is covered in the new CSOM
New APIs with SharePoint Server functionality User Profiles
Search
Taxonomy
Feeds
Publishing
Sharing
Workflow
E-Discovery
IRM
Analytics
Business Data
wwwAndrewConnellcom
AndrewConnell
SharePoint 2013 Remote API Architecture
JavaScript Library
Silverlight Library
Net CLR Library
Custom Client Code
Client
Server
_api is new alias for _vti_binclientsvc
OData
Execute Query
wwwAndrewConnellcom
AndrewConnell
What About ListDatasvc
ListDatasvc added REST support for reading amp writing to SharePoint lists in SharePoint 2010
Still present in SharePoint 2013 but primarily only for backwards capability Existing code wonrsquot break
New development recommendation use new SharePoint 2013 RESTOData API
wwwAndrewConnellcom
AndrewConnell
Changes to CSOM in SharePoint 2013
SharePoint Foundation 2013No significant changes to CSOM beyond REST supportPrimary investment was adding REST to existing API
SharePoint Server 2013New APIs added with CSOM and REST support
wwwAndrewConnellcom
AndrewConnell
CSOM using Managed CodeClientContext cc = new ClientContext(httpclientsidewingtipcom)ccCredentials = CredentialCacheDefaultCredentialsWeb site = ccWebListCollection lists = siteLists load site infoccLoad(site s =gt sTitle)ccExecuteQuery()ConsoleWriteLine(Site Title + siteTitle) create listListCreationInformation newList = new ListCreationInformation()newListTitle = Customers CSOMnewListUrl = ListsCustomers_CSOMnewListQuickLaunchOption = QuickLaunchOptionsOnnewListTemplateType = (int)ListTemplateTypeContactssiteListsAdd(newList) refresh lists collectionccLoad(lists) make round trip to Web server to do all the workccExecuteQuery() foreach (List list in lists) ConsoleWriteLine(listTitle)
wwwAndrewConnellcom
AndrewConnell
CSOM using JavaScriptvar ctxvar webvar lists $(onPageLoad) function onPageLoad() ExecuteOrDelayUntilScriptLoaded(initCSOM spjs) function initCSOM() ctx = SPClientContextget_current() web = ctxget_web() ctxload(web) ctxload(webget_currentUser()) lists = webget_lists() ctxload(lists) ctxexecuteQueryAsync(onDisplaySiteInfo onError) function onDisplaySiteInfo() var siteTitle = webget_title() var siteId = webget_id()toString() var siteUrl = webget_url() var currentUser = webget_currentUser()get_loginName() do something with these values function onError(sender args) alert(JSONstringify(args))
wwwAndrewConnellcom
AndrewConnell
Programming CSOM with C
wwwAndrewConnellcom
AndrewConnell
REST URLs in SharePoint 2013
CSOM URLS can go through _api folderSimplifies URLs that need to be builtRemoves clientsvc file name from URL
You can replace this URLhttpwingtipserver_vti_binclientsvcweb
With this URLhttpwingtipserver_apiweb
wwwAndrewConnellcom
AndrewConnell
Mapping Objects to Resources
Example REST URLs targeting SharePoint sites
http[]_apiweblists
http[]_apiweblistsgetByTitle(lsquoContacts)
http[]_apiwebgetAvailableWebTemplates(lcid=1033)
wwwAndrewConnellcom
AndrewConnell
Testing REST Calls Through the Browser
wwwAndrewConnellcom
AndrewConnell
Executing REST Queries Through The Browser
wwwAndrewConnellcom
AndrewConnell
Returning ATOM XML vs JSON
Control data format response withACCEPT header
ATOM-PUB (XML) Verbose
Easier to read
ACCEPT = applicationatom+xml
JSON Condensed notation
Smaller payload
ACCEPT = applicationjsonodata=verbose
d __metadata idF05C411B-943E-42A0-A5DF-205F5C75E673 urihttpintranetwingtipcom_apiWebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2) etag0 typeSPList Id0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2 TitleDocuments
ltentry xmlbase=httpintranetwingtipcom_api xmlns=httpwwww3org2005Atom xmlnsd=httpschemasmicrosoftcomado200708dataservices xmlnsm=httpschemasmicrosoftcomado200708dataservicesmetadata metag=ampquot0ampquotgt ltidgthttpintranetwingtipcom_apiWebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2)ltidgt ltcategory term=SPList scheme=httpschemasmicrosoftcomado200708dataservicesscheme gt ltlink rel=edit href=WebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2) gt lttitle gt ltupdatedgt2012-10-05T205347Zltupdatedgt ltauthorgt ltname gt ltauthorgt ltcontent type=applicationxmlgt ltmpropertiesgt ltdTitlegtDocumentsltdTitlegt ltmpropertiesgt ltcontentgtltentrygt
wwwAndrewConnellcom
AndrewConnell
REST Query from Managed Code
Tips for making REST calls from managed codeUse HttpWebRequest amp HttpWebResponseQuery XML using XDocumentDescendantsOr use JSON amp JavascriptSeralizer JSONNET
build requestUri uri = new Uri(siteUrl + _apiweblistsgetByTitle(Documents)ampselect=Title)HttpWebRequest request = WebRequestCreate(uri) as HttpWebRequestrequestCredentials = CredentialCacheDefaultCredentialsrequestAccept = applicationatom+xml send requestHttpWebResponse response = requestGetResponse() as HttpWebResponse use LINQ to XML to get dataXDocument doc = XDocumentLoad(responseGetResponseStream())XNamespace nsDataService = httpschemasmicrosoftcomado200708dataservicesstring title = docDescendants(nsDataService + Title)First()Value
wwwAndrewConnellcom
AndrewConnell
REST Query Using JavaScript amp jQuery
$(onPageLoad) function onPageLoad() $(cmdGetSiteInfo)click(onGetSiteInfo) function onGetSiteInfo() var requestUri = _spPageContextInfowebAbsoluteUrl + _apiWeb$select=Title execute AJAX request jqxhr = $getJSON(requestUri null OnDataReturned) jqxhrerror(onError) function OnDataReturned(data) var odataResults = datad var siteTitle= odataResultsTitle $(results)html(Title + siteTitle) function onError(err) $(results)text(ERROR + JSONstringify(err))
d __metadata idF05C411B-943E-42A0-A5DF-205F5C75E673 urihttpintranetwingtipcom_apiWeb typeSPWeb Id0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2 TitleMy Site Title
wwwAndrewConnellcom
AndrewConnell
Updates and the Form Digest
Updates using REST require Form DigestSpecial value created using cryptographyUsed to protect against replay attackSharePoint pages include control that contains the Form
DigestWeb service clients must acquire Form
Digest separatelyForm Digest can be acquired through
httpsite_vti_binsitesasmx
wwwAndrewConnellcom
AndrewConnell
Creating Lists with Managed Code amp REST
Parse together URL to point to lists collectionAdd X-RequestDigest header with form
digest valueSet HTTP method to POSTCreate body content with new list info
wwwAndrewConnellcom
AndrewConnell
Creating Lists with JavaScript and REST
function onCreateList() var newList = __metadata typeSPList BaseTemplate105 TemplateFeatureId4AE88D99-DBBC-4B9E-95CC-CA3C320A2345 TitleNewListName var requestHeaders = ACCEPTapplicationjson X-RequestDigest$(__REQUESTDIGEST)val() $ajax( url _spPageContextInfowebAbsoluteUrl + _apiweblists type POST contentType applicationjson data JSONstringify(newList) headers requestHeaders success onSuccess error onError )
Create appropriate JavaScript object and convert to JSON format for request body
Get form digest value from control on page
Create request headers for HTTP Request
Send request to Web server using jQuery $ajax function
Convert request body data to string-based JSON object
wwwAndrewConnellcom
AndrewConnell
Querying and Updating Content Using REST
wwwAndrewConnellcom
AndrewConnell
Questions Want to Learn More
SharePoint Courses for Everyone SharePoint 2007 2010 amp 2013 Developers Administrators amp End Users
Get Training How You Like it Hands-On (classroom with hands-on
labs) Online (live webcast with take-away labs)
Private Classes Available for Large Groups
SharePoint Courses for Everyone SharePoint 2007 2010 amp 2013 Developers Administrators amp End Users
Individual Small Business amp Enterprise Plans Monthly or Annual Subscriptions Watch Online amp Offline
Subscribers Have Access to Entire Catalog
wwwCriticalPathTrainingcom
Hands-On amp Virtual Training
wwwPluralsightcom
On-Demand Training
meandrewconnellcom
- Building Apps for SharePoint 2013 Inside and Outside of the Fir
- Slide 2
- Agenda
- SharePoint 2013 Deployment Options
- Overview of the SharePoint App Model
- App Installation Scopes
- SharePoint App Architecture
- Creating SharePoint Hosted amp Cloud-Hosted Apps
- App Web
- Inspecting the AppWeb
- App Shapes
- App Shapes ndash What It Really Is
- Inspecting App Shapes
- Authentication in SharePoint 2013
- User vs App Authentication Flow
- SharePoint 2013 Authentication Flow
- Provider-Hosted Apps amp App Identity
- OAuth 20 Primer
- Windows Azure ACS
- What is a Server-to-Server (S2S) Trust
- Developing Apps that use S2S Trusts
- OAuth amp S2S Trusts
- What You Might Not Be Aware Of 1
- Creating Apps with Identities amp Permissions
- What You Might Not Be Aware Of 2
- The Sandbox Isnrsquot Dead
- App Model Parting Thoughts
- CSOM in SharePoint 2010
- Changes in SharePoint 2013
- What is covered in the new CSOM
- SharePoint 2013 Remote API Architecture
- What About ListDatasvc
- Changes to CSOM in SharePoint 2013
- CSOM using Managed Code
- CSOM using JavaScript
- Programming CSOM with C
- REST URLs in SharePoint 2013
- Mapping Objects to Resources
- Testing REST Calls Through the Browser
- Executing REST Queries Through The Browser
- Returning ATOM XML vs JSON
- REST Query from Managed Code
- REST Query Using JavaScript amp jQuery
- Updates and the Form Digest
- Creating Lists with Managed Code amp REST
- Creating Lists with JavaScript and REST
- Querying and Updating Content Using REST
- Questions Want to Learn More
-
wwwAndrewConnellcom
AndrewConnell
Developing Apps that use S2S Trusts
What are the developer responsibilities with an S2S app Expose an endpoint to SharePoint to
discover service metadata Authenticate the user (can use Windows Auth FBA etc) Create security tokens to send to SharePoint server
Details of creating the S2S security token S2S token like OAuth token but differs from
OAuth specification Security token must contain app identity Security token can optionally include user identity Security token must be signed using certificatersquos private key
wwwAndrewConnellcom
AndrewConnell
OAuth amp S2S Trusts
OAuth Enabled Apps Before deployment marketplace app must be registered with Azure ACS Apps obtain their identity token from Azure ACS When calling SharePoint app includes OAuth token SharePoint trusts Azure ACS
On-Prem deployments will typically use S2S Before deployment app must be
registered with SharePoint Developer registers a certificate with SharePoint amp associates app with
certificate App creates token using private key of certificate SharePoint trusts this token because it was signed with the private key
wwwAndrewConnellcom
AndrewConnell
What You Might Not Be Aware Of 1
OAuth is only supported in Office 365No support in On-Prem deployments at RTMWhy
Possible update to this story after RTMExtra stepsHotfixCumulative UpdateService PackNext Version
wwwAndrewConnellcom
AndrewConnell
Creating Apps with Identities amp Permissions
wwwAndrewConnellcom
AndrewConnell
What You Might Not Be Aware Of 2
Office 365 Azure
bull ldquoPrivate Cloudrdquobull Azure Web Sitesbull SQL Azure DBsbull Access Control Service
Windows Azure
bull wwwazurecombull Cloud servicesbull Web Sitesbull Virtual Machinesbull Storage (blob queue table)bull Service Busbull SQL Azurebull Access Control Servicebull hellip
Office 365 Azure = Windows Azure
wwwAndrewConnellcom
AndrewConnell
The Sandbox Isnrsquot Dead
Where you build sandbox solutions try to replace them with SharePoint Apps
There are many scenarios where Apps canrsquot replace sandbox solutions
Some things are ONLY possible with sandboxed solutions in a hosted deployment
Remember they are deprecated not dead
wwwAndrewConnellcom
AndrewConnell
App Model Parting Thoughts
SharePoint ALM has always been hard NET ALM gt SharePoint ALM
More tools more mature more documentation amp support No longer limited to what SharePoint supports
Latest version of the NET Framework New ldquotoysrdquo (MVC Entity Framework etc) Not limited to any technology stack infrastructure
Working with service layer vs server side API More community tools amp libraries to choose from Can follow more ldquostandardsrdquo
Donrsquot have to scale SharePoint can now just scale the app
wwwAndrewConnellcom
AndrewConnell
CSOM in SharePoint 2010
CSOM made accessible through clientsvcDirect access to clientsvc not supportedCalls to clientsvc must go through
supported entry pointsSupported entry points
NETSilverlight JavaScript
wwwAndrewConnellcom
AndrewConnell
Changes in SharePoint 2013
clientsvc extended with REST capabilitiesclientsvc now supports direct access from
REST clientsclientsvc accepts HTTP GET PUT POST requestsImplemented in accordance with OData protocol
CSOM extended with new APIsNew APIs for SharePoint Server functionalityNew API for Windows Phone Applications
wwwAndrewConnellcom
AndrewConnell
What is covered in the new CSOM
New APIs with SharePoint Server functionality User Profiles
Search
Taxonomy
Feeds
Publishing
Sharing
Workflow
E-Discovery
IRM
Analytics
Business Data
wwwAndrewConnellcom
AndrewConnell
SharePoint 2013 Remote API Architecture
JavaScript Library
Silverlight Library
Net CLR Library
Custom Client Code
Client
Server
_api is new alias for _vti_binclientsvc
OData
Execute Query
wwwAndrewConnellcom
AndrewConnell
What About ListDatasvc
ListDatasvc added REST support for reading amp writing to SharePoint lists in SharePoint 2010
Still present in SharePoint 2013 but primarily only for backwards capability Existing code wonrsquot break
New development recommendation use new SharePoint 2013 RESTOData API
wwwAndrewConnellcom
AndrewConnell
Changes to CSOM in SharePoint 2013
SharePoint Foundation 2013No significant changes to CSOM beyond REST supportPrimary investment was adding REST to existing API
SharePoint Server 2013New APIs added with CSOM and REST support
wwwAndrewConnellcom
AndrewConnell
CSOM using Managed CodeClientContext cc = new ClientContext(httpclientsidewingtipcom)ccCredentials = CredentialCacheDefaultCredentialsWeb site = ccWebListCollection lists = siteLists load site infoccLoad(site s =gt sTitle)ccExecuteQuery()ConsoleWriteLine(Site Title + siteTitle) create listListCreationInformation newList = new ListCreationInformation()newListTitle = Customers CSOMnewListUrl = ListsCustomers_CSOMnewListQuickLaunchOption = QuickLaunchOptionsOnnewListTemplateType = (int)ListTemplateTypeContactssiteListsAdd(newList) refresh lists collectionccLoad(lists) make round trip to Web server to do all the workccExecuteQuery() foreach (List list in lists) ConsoleWriteLine(listTitle)
wwwAndrewConnellcom
AndrewConnell
CSOM using JavaScriptvar ctxvar webvar lists $(onPageLoad) function onPageLoad() ExecuteOrDelayUntilScriptLoaded(initCSOM spjs) function initCSOM() ctx = SPClientContextget_current() web = ctxget_web() ctxload(web) ctxload(webget_currentUser()) lists = webget_lists() ctxload(lists) ctxexecuteQueryAsync(onDisplaySiteInfo onError) function onDisplaySiteInfo() var siteTitle = webget_title() var siteId = webget_id()toString() var siteUrl = webget_url() var currentUser = webget_currentUser()get_loginName() do something with these values function onError(sender args) alert(JSONstringify(args))
wwwAndrewConnellcom
AndrewConnell
Programming CSOM with C
wwwAndrewConnellcom
AndrewConnell
REST URLs in SharePoint 2013
CSOM URLS can go through _api folderSimplifies URLs that need to be builtRemoves clientsvc file name from URL
You can replace this URLhttpwingtipserver_vti_binclientsvcweb
With this URLhttpwingtipserver_apiweb
wwwAndrewConnellcom
AndrewConnell
Mapping Objects to Resources
Example REST URLs targeting SharePoint sites
http[]_apiweblists
http[]_apiweblistsgetByTitle(lsquoContacts)
http[]_apiwebgetAvailableWebTemplates(lcid=1033)
wwwAndrewConnellcom
AndrewConnell
Testing REST Calls Through the Browser
wwwAndrewConnellcom
AndrewConnell
Executing REST Queries Through The Browser
wwwAndrewConnellcom
AndrewConnell
Returning ATOM XML vs JSON
Control data format response withACCEPT header
ATOM-PUB (XML) Verbose
Easier to read
ACCEPT = applicationatom+xml
JSON Condensed notation
Smaller payload
ACCEPT = applicationjsonodata=verbose
d __metadata idF05C411B-943E-42A0-A5DF-205F5C75E673 urihttpintranetwingtipcom_apiWebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2) etag0 typeSPList Id0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2 TitleDocuments
ltentry xmlbase=httpintranetwingtipcom_api xmlns=httpwwww3org2005Atom xmlnsd=httpschemasmicrosoftcomado200708dataservices xmlnsm=httpschemasmicrosoftcomado200708dataservicesmetadata metag=ampquot0ampquotgt ltidgthttpintranetwingtipcom_apiWebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2)ltidgt ltcategory term=SPList scheme=httpschemasmicrosoftcomado200708dataservicesscheme gt ltlink rel=edit href=WebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2) gt lttitle gt ltupdatedgt2012-10-05T205347Zltupdatedgt ltauthorgt ltname gt ltauthorgt ltcontent type=applicationxmlgt ltmpropertiesgt ltdTitlegtDocumentsltdTitlegt ltmpropertiesgt ltcontentgtltentrygt
wwwAndrewConnellcom
AndrewConnell
REST Query from Managed Code
Tips for making REST calls from managed codeUse HttpWebRequest amp HttpWebResponseQuery XML using XDocumentDescendantsOr use JSON amp JavascriptSeralizer JSONNET
build requestUri uri = new Uri(siteUrl + _apiweblistsgetByTitle(Documents)ampselect=Title)HttpWebRequest request = WebRequestCreate(uri) as HttpWebRequestrequestCredentials = CredentialCacheDefaultCredentialsrequestAccept = applicationatom+xml send requestHttpWebResponse response = requestGetResponse() as HttpWebResponse use LINQ to XML to get dataXDocument doc = XDocumentLoad(responseGetResponseStream())XNamespace nsDataService = httpschemasmicrosoftcomado200708dataservicesstring title = docDescendants(nsDataService + Title)First()Value
wwwAndrewConnellcom
AndrewConnell
REST Query Using JavaScript amp jQuery
$(onPageLoad) function onPageLoad() $(cmdGetSiteInfo)click(onGetSiteInfo) function onGetSiteInfo() var requestUri = _spPageContextInfowebAbsoluteUrl + _apiWeb$select=Title execute AJAX request jqxhr = $getJSON(requestUri null OnDataReturned) jqxhrerror(onError) function OnDataReturned(data) var odataResults = datad var siteTitle= odataResultsTitle $(results)html(Title + siteTitle) function onError(err) $(results)text(ERROR + JSONstringify(err))
d __metadata idF05C411B-943E-42A0-A5DF-205F5C75E673 urihttpintranetwingtipcom_apiWeb typeSPWeb Id0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2 TitleMy Site Title
wwwAndrewConnellcom
AndrewConnell
Updates and the Form Digest
Updates using REST require Form DigestSpecial value created using cryptographyUsed to protect against replay attackSharePoint pages include control that contains the Form
DigestWeb service clients must acquire Form
Digest separatelyForm Digest can be acquired through
httpsite_vti_binsitesasmx
wwwAndrewConnellcom
AndrewConnell
Creating Lists with Managed Code amp REST
Parse together URL to point to lists collectionAdd X-RequestDigest header with form
digest valueSet HTTP method to POSTCreate body content with new list info
wwwAndrewConnellcom
AndrewConnell
Creating Lists with JavaScript and REST
function onCreateList() var newList = __metadata typeSPList BaseTemplate105 TemplateFeatureId4AE88D99-DBBC-4B9E-95CC-CA3C320A2345 TitleNewListName var requestHeaders = ACCEPTapplicationjson X-RequestDigest$(__REQUESTDIGEST)val() $ajax( url _spPageContextInfowebAbsoluteUrl + _apiweblists type POST contentType applicationjson data JSONstringify(newList) headers requestHeaders success onSuccess error onError )
Create appropriate JavaScript object and convert to JSON format for request body
Get form digest value from control on page
Create request headers for HTTP Request
Send request to Web server using jQuery $ajax function
Convert request body data to string-based JSON object
wwwAndrewConnellcom
AndrewConnell
Querying and Updating Content Using REST
wwwAndrewConnellcom
AndrewConnell
Questions Want to Learn More
SharePoint Courses for Everyone SharePoint 2007 2010 amp 2013 Developers Administrators amp End Users
Get Training How You Like it Hands-On (classroom with hands-on
labs) Online (live webcast with take-away labs)
Private Classes Available for Large Groups
SharePoint Courses for Everyone SharePoint 2007 2010 amp 2013 Developers Administrators amp End Users
Individual Small Business amp Enterprise Plans Monthly or Annual Subscriptions Watch Online amp Offline
Subscribers Have Access to Entire Catalog
wwwCriticalPathTrainingcom
Hands-On amp Virtual Training
wwwPluralsightcom
On-Demand Training
meandrewconnellcom
- Building Apps for SharePoint 2013 Inside and Outside of the Fir
- Slide 2
- Agenda
- SharePoint 2013 Deployment Options
- Overview of the SharePoint App Model
- App Installation Scopes
- SharePoint App Architecture
- Creating SharePoint Hosted amp Cloud-Hosted Apps
- App Web
- Inspecting the AppWeb
- App Shapes
- App Shapes ndash What It Really Is
- Inspecting App Shapes
- Authentication in SharePoint 2013
- User vs App Authentication Flow
- SharePoint 2013 Authentication Flow
- Provider-Hosted Apps amp App Identity
- OAuth 20 Primer
- Windows Azure ACS
- What is a Server-to-Server (S2S) Trust
- Developing Apps that use S2S Trusts
- OAuth amp S2S Trusts
- What You Might Not Be Aware Of 1
- Creating Apps with Identities amp Permissions
- What You Might Not Be Aware Of 2
- The Sandbox Isnrsquot Dead
- App Model Parting Thoughts
- CSOM in SharePoint 2010
- Changes in SharePoint 2013
- What is covered in the new CSOM
- SharePoint 2013 Remote API Architecture
- What About ListDatasvc
- Changes to CSOM in SharePoint 2013
- CSOM using Managed Code
- CSOM using JavaScript
- Programming CSOM with C
- REST URLs in SharePoint 2013
- Mapping Objects to Resources
- Testing REST Calls Through the Browser
- Executing REST Queries Through The Browser
- Returning ATOM XML vs JSON
- REST Query from Managed Code
- REST Query Using JavaScript amp jQuery
- Updates and the Form Digest
- Creating Lists with Managed Code amp REST
- Creating Lists with JavaScript and REST
- Querying and Updating Content Using REST
- Questions Want to Learn More
-
wwwAndrewConnellcom
AndrewConnell
OAuth amp S2S Trusts
OAuth Enabled Apps Before deployment marketplace app must be registered with Azure ACS Apps obtain their identity token from Azure ACS When calling SharePoint app includes OAuth token SharePoint trusts Azure ACS
On-Prem deployments will typically use S2S Before deployment app must be
registered with SharePoint Developer registers a certificate with SharePoint amp associates app with
certificate App creates token using private key of certificate SharePoint trusts this token because it was signed with the private key
wwwAndrewConnellcom
AndrewConnell
What You Might Not Be Aware Of 1
OAuth is only supported in Office 365No support in On-Prem deployments at RTMWhy
Possible update to this story after RTMExtra stepsHotfixCumulative UpdateService PackNext Version
wwwAndrewConnellcom
AndrewConnell
Creating Apps with Identities amp Permissions
wwwAndrewConnellcom
AndrewConnell
What You Might Not Be Aware Of 2
Office 365 Azure
bull ldquoPrivate Cloudrdquobull Azure Web Sitesbull SQL Azure DBsbull Access Control Service
Windows Azure
bull wwwazurecombull Cloud servicesbull Web Sitesbull Virtual Machinesbull Storage (blob queue table)bull Service Busbull SQL Azurebull Access Control Servicebull hellip
Office 365 Azure = Windows Azure
wwwAndrewConnellcom
AndrewConnell
The Sandbox Isnrsquot Dead
Where you build sandbox solutions try to replace them with SharePoint Apps
There are many scenarios where Apps canrsquot replace sandbox solutions
Some things are ONLY possible with sandboxed solutions in a hosted deployment
Remember they are deprecated not dead
wwwAndrewConnellcom
AndrewConnell
App Model Parting Thoughts
SharePoint ALM has always been hard NET ALM gt SharePoint ALM
More tools more mature more documentation amp support No longer limited to what SharePoint supports
Latest version of the NET Framework New ldquotoysrdquo (MVC Entity Framework etc) Not limited to any technology stack infrastructure
Working with service layer vs server side API More community tools amp libraries to choose from Can follow more ldquostandardsrdquo
Donrsquot have to scale SharePoint can now just scale the app
wwwAndrewConnellcom
AndrewConnell
CSOM in SharePoint 2010
CSOM made accessible through clientsvcDirect access to clientsvc not supportedCalls to clientsvc must go through
supported entry pointsSupported entry points
NETSilverlight JavaScript
wwwAndrewConnellcom
AndrewConnell
Changes in SharePoint 2013
clientsvc extended with REST capabilitiesclientsvc now supports direct access from
REST clientsclientsvc accepts HTTP GET PUT POST requestsImplemented in accordance with OData protocol
CSOM extended with new APIsNew APIs for SharePoint Server functionalityNew API for Windows Phone Applications
wwwAndrewConnellcom
AndrewConnell
What is covered in the new CSOM
New APIs with SharePoint Server functionality User Profiles
Search
Taxonomy
Feeds
Publishing
Sharing
Workflow
E-Discovery
IRM
Analytics
Business Data
wwwAndrewConnellcom
AndrewConnell
SharePoint 2013 Remote API Architecture
JavaScript Library
Silverlight Library
Net CLR Library
Custom Client Code
Client
Server
_api is new alias for _vti_binclientsvc
OData
Execute Query
wwwAndrewConnellcom
AndrewConnell
What About ListDatasvc
ListDatasvc added REST support for reading amp writing to SharePoint lists in SharePoint 2010
Still present in SharePoint 2013 but primarily only for backwards capability Existing code wonrsquot break
New development recommendation use new SharePoint 2013 RESTOData API
wwwAndrewConnellcom
AndrewConnell
Changes to CSOM in SharePoint 2013
SharePoint Foundation 2013No significant changes to CSOM beyond REST supportPrimary investment was adding REST to existing API
SharePoint Server 2013New APIs added with CSOM and REST support
wwwAndrewConnellcom
AndrewConnell
CSOM using Managed CodeClientContext cc = new ClientContext(httpclientsidewingtipcom)ccCredentials = CredentialCacheDefaultCredentialsWeb site = ccWebListCollection lists = siteLists load site infoccLoad(site s =gt sTitle)ccExecuteQuery()ConsoleWriteLine(Site Title + siteTitle) create listListCreationInformation newList = new ListCreationInformation()newListTitle = Customers CSOMnewListUrl = ListsCustomers_CSOMnewListQuickLaunchOption = QuickLaunchOptionsOnnewListTemplateType = (int)ListTemplateTypeContactssiteListsAdd(newList) refresh lists collectionccLoad(lists) make round trip to Web server to do all the workccExecuteQuery() foreach (List list in lists) ConsoleWriteLine(listTitle)
wwwAndrewConnellcom
AndrewConnell
CSOM using JavaScriptvar ctxvar webvar lists $(onPageLoad) function onPageLoad() ExecuteOrDelayUntilScriptLoaded(initCSOM spjs) function initCSOM() ctx = SPClientContextget_current() web = ctxget_web() ctxload(web) ctxload(webget_currentUser()) lists = webget_lists() ctxload(lists) ctxexecuteQueryAsync(onDisplaySiteInfo onError) function onDisplaySiteInfo() var siteTitle = webget_title() var siteId = webget_id()toString() var siteUrl = webget_url() var currentUser = webget_currentUser()get_loginName() do something with these values function onError(sender args) alert(JSONstringify(args))
wwwAndrewConnellcom
AndrewConnell
Programming CSOM with C
wwwAndrewConnellcom
AndrewConnell
REST URLs in SharePoint 2013
CSOM URLS can go through _api folderSimplifies URLs that need to be builtRemoves clientsvc file name from URL
You can replace this URLhttpwingtipserver_vti_binclientsvcweb
With this URLhttpwingtipserver_apiweb
wwwAndrewConnellcom
AndrewConnell
Mapping Objects to Resources
Example REST URLs targeting SharePoint sites
http[]_apiweblists
http[]_apiweblistsgetByTitle(lsquoContacts)
http[]_apiwebgetAvailableWebTemplates(lcid=1033)
wwwAndrewConnellcom
AndrewConnell
Testing REST Calls Through the Browser
wwwAndrewConnellcom
AndrewConnell
Executing REST Queries Through The Browser
wwwAndrewConnellcom
AndrewConnell
Returning ATOM XML vs JSON
Control data format response withACCEPT header
ATOM-PUB (XML) Verbose
Easier to read
ACCEPT = applicationatom+xml
JSON Condensed notation
Smaller payload
ACCEPT = applicationjsonodata=verbose
d __metadata idF05C411B-943E-42A0-A5DF-205F5C75E673 urihttpintranetwingtipcom_apiWebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2) etag0 typeSPList Id0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2 TitleDocuments
ltentry xmlbase=httpintranetwingtipcom_api xmlns=httpwwww3org2005Atom xmlnsd=httpschemasmicrosoftcomado200708dataservices xmlnsm=httpschemasmicrosoftcomado200708dataservicesmetadata metag=ampquot0ampquotgt ltidgthttpintranetwingtipcom_apiWebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2)ltidgt ltcategory term=SPList scheme=httpschemasmicrosoftcomado200708dataservicesscheme gt ltlink rel=edit href=WebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2) gt lttitle gt ltupdatedgt2012-10-05T205347Zltupdatedgt ltauthorgt ltname gt ltauthorgt ltcontent type=applicationxmlgt ltmpropertiesgt ltdTitlegtDocumentsltdTitlegt ltmpropertiesgt ltcontentgtltentrygt
wwwAndrewConnellcom
AndrewConnell
REST Query from Managed Code
Tips for making REST calls from managed codeUse HttpWebRequest amp HttpWebResponseQuery XML using XDocumentDescendantsOr use JSON amp JavascriptSeralizer JSONNET
build requestUri uri = new Uri(siteUrl + _apiweblistsgetByTitle(Documents)ampselect=Title)HttpWebRequest request = WebRequestCreate(uri) as HttpWebRequestrequestCredentials = CredentialCacheDefaultCredentialsrequestAccept = applicationatom+xml send requestHttpWebResponse response = requestGetResponse() as HttpWebResponse use LINQ to XML to get dataXDocument doc = XDocumentLoad(responseGetResponseStream())XNamespace nsDataService = httpschemasmicrosoftcomado200708dataservicesstring title = docDescendants(nsDataService + Title)First()Value
wwwAndrewConnellcom
AndrewConnell
REST Query Using JavaScript amp jQuery
$(onPageLoad) function onPageLoad() $(cmdGetSiteInfo)click(onGetSiteInfo) function onGetSiteInfo() var requestUri = _spPageContextInfowebAbsoluteUrl + _apiWeb$select=Title execute AJAX request jqxhr = $getJSON(requestUri null OnDataReturned) jqxhrerror(onError) function OnDataReturned(data) var odataResults = datad var siteTitle= odataResultsTitle $(results)html(Title + siteTitle) function onError(err) $(results)text(ERROR + JSONstringify(err))
d __metadata idF05C411B-943E-42A0-A5DF-205F5C75E673 urihttpintranetwingtipcom_apiWeb typeSPWeb Id0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2 TitleMy Site Title
wwwAndrewConnellcom
AndrewConnell
Updates and the Form Digest
Updates using REST require Form DigestSpecial value created using cryptographyUsed to protect against replay attackSharePoint pages include control that contains the Form
DigestWeb service clients must acquire Form
Digest separatelyForm Digest can be acquired through
httpsite_vti_binsitesasmx
wwwAndrewConnellcom
AndrewConnell
Creating Lists with Managed Code amp REST
Parse together URL to point to lists collectionAdd X-RequestDigest header with form
digest valueSet HTTP method to POSTCreate body content with new list info
wwwAndrewConnellcom
AndrewConnell
Creating Lists with JavaScript and REST
function onCreateList() var newList = __metadata typeSPList BaseTemplate105 TemplateFeatureId4AE88D99-DBBC-4B9E-95CC-CA3C320A2345 TitleNewListName var requestHeaders = ACCEPTapplicationjson X-RequestDigest$(__REQUESTDIGEST)val() $ajax( url _spPageContextInfowebAbsoluteUrl + _apiweblists type POST contentType applicationjson data JSONstringify(newList) headers requestHeaders success onSuccess error onError )
Create appropriate JavaScript object and convert to JSON format for request body
Get form digest value from control on page
Create request headers for HTTP Request
Send request to Web server using jQuery $ajax function
Convert request body data to string-based JSON object
wwwAndrewConnellcom
AndrewConnell
Querying and Updating Content Using REST
wwwAndrewConnellcom
AndrewConnell
Questions Want to Learn More
SharePoint Courses for Everyone SharePoint 2007 2010 amp 2013 Developers Administrators amp End Users
Get Training How You Like it Hands-On (classroom with hands-on
labs) Online (live webcast with take-away labs)
Private Classes Available for Large Groups
SharePoint Courses for Everyone SharePoint 2007 2010 amp 2013 Developers Administrators amp End Users
Individual Small Business amp Enterprise Plans Monthly or Annual Subscriptions Watch Online amp Offline
Subscribers Have Access to Entire Catalog
wwwCriticalPathTrainingcom
Hands-On amp Virtual Training
wwwPluralsightcom
On-Demand Training
meandrewconnellcom
- Building Apps for SharePoint 2013 Inside and Outside of the Fir
- Slide 2
- Agenda
- SharePoint 2013 Deployment Options
- Overview of the SharePoint App Model
- App Installation Scopes
- SharePoint App Architecture
- Creating SharePoint Hosted amp Cloud-Hosted Apps
- App Web
- Inspecting the AppWeb
- App Shapes
- App Shapes ndash What It Really Is
- Inspecting App Shapes
- Authentication in SharePoint 2013
- User vs App Authentication Flow
- SharePoint 2013 Authentication Flow
- Provider-Hosted Apps amp App Identity
- OAuth 20 Primer
- Windows Azure ACS
- What is a Server-to-Server (S2S) Trust
- Developing Apps that use S2S Trusts
- OAuth amp S2S Trusts
- What You Might Not Be Aware Of 1
- Creating Apps with Identities amp Permissions
- What You Might Not Be Aware Of 2
- The Sandbox Isnrsquot Dead
- App Model Parting Thoughts
- CSOM in SharePoint 2010
- Changes in SharePoint 2013
- What is covered in the new CSOM
- SharePoint 2013 Remote API Architecture
- What About ListDatasvc
- Changes to CSOM in SharePoint 2013
- CSOM using Managed Code
- CSOM using JavaScript
- Programming CSOM with C
- REST URLs in SharePoint 2013
- Mapping Objects to Resources
- Testing REST Calls Through the Browser
- Executing REST Queries Through The Browser
- Returning ATOM XML vs JSON
- REST Query from Managed Code
- REST Query Using JavaScript amp jQuery
- Updates and the Form Digest
- Creating Lists with Managed Code amp REST
- Creating Lists with JavaScript and REST
- Querying and Updating Content Using REST
- Questions Want to Learn More
-
wwwAndrewConnellcom
AndrewConnell
What You Might Not Be Aware Of 1
OAuth is only supported in Office 365No support in On-Prem deployments at RTMWhy
Possible update to this story after RTMExtra stepsHotfixCumulative UpdateService PackNext Version
wwwAndrewConnellcom
AndrewConnell
Creating Apps with Identities amp Permissions
wwwAndrewConnellcom
AndrewConnell
What You Might Not Be Aware Of 2
Office 365 Azure
bull ldquoPrivate Cloudrdquobull Azure Web Sitesbull SQL Azure DBsbull Access Control Service
Windows Azure
bull wwwazurecombull Cloud servicesbull Web Sitesbull Virtual Machinesbull Storage (blob queue table)bull Service Busbull SQL Azurebull Access Control Servicebull hellip
Office 365 Azure = Windows Azure
wwwAndrewConnellcom
AndrewConnell
The Sandbox Isnrsquot Dead
Where you build sandbox solutions try to replace them with SharePoint Apps
There are many scenarios where Apps canrsquot replace sandbox solutions
Some things are ONLY possible with sandboxed solutions in a hosted deployment
Remember they are deprecated not dead
wwwAndrewConnellcom
AndrewConnell
App Model Parting Thoughts
SharePoint ALM has always been hard NET ALM gt SharePoint ALM
More tools more mature more documentation amp support No longer limited to what SharePoint supports
Latest version of the NET Framework New ldquotoysrdquo (MVC Entity Framework etc) Not limited to any technology stack infrastructure
Working with service layer vs server side API More community tools amp libraries to choose from Can follow more ldquostandardsrdquo
Donrsquot have to scale SharePoint can now just scale the app
wwwAndrewConnellcom
AndrewConnell
CSOM in SharePoint 2010
CSOM made accessible through clientsvcDirect access to clientsvc not supportedCalls to clientsvc must go through
supported entry pointsSupported entry points
NETSilverlight JavaScript
wwwAndrewConnellcom
AndrewConnell
Changes in SharePoint 2013
clientsvc extended with REST capabilitiesclientsvc now supports direct access from
REST clientsclientsvc accepts HTTP GET PUT POST requestsImplemented in accordance with OData protocol
CSOM extended with new APIsNew APIs for SharePoint Server functionalityNew API for Windows Phone Applications
wwwAndrewConnellcom
AndrewConnell
What is covered in the new CSOM
New APIs with SharePoint Server functionality User Profiles
Search
Taxonomy
Feeds
Publishing
Sharing
Workflow
E-Discovery
IRM
Analytics
Business Data
wwwAndrewConnellcom
AndrewConnell
SharePoint 2013 Remote API Architecture
JavaScript Library
Silverlight Library
Net CLR Library
Custom Client Code
Client
Server
_api is new alias for _vti_binclientsvc
OData
Execute Query
wwwAndrewConnellcom
AndrewConnell
What About ListDatasvc
ListDatasvc added REST support for reading amp writing to SharePoint lists in SharePoint 2010
Still present in SharePoint 2013 but primarily only for backwards capability Existing code wonrsquot break
New development recommendation use new SharePoint 2013 RESTOData API
wwwAndrewConnellcom
AndrewConnell
Changes to CSOM in SharePoint 2013
SharePoint Foundation 2013No significant changes to CSOM beyond REST supportPrimary investment was adding REST to existing API
SharePoint Server 2013New APIs added with CSOM and REST support
wwwAndrewConnellcom
AndrewConnell
CSOM using Managed CodeClientContext cc = new ClientContext(httpclientsidewingtipcom)ccCredentials = CredentialCacheDefaultCredentialsWeb site = ccWebListCollection lists = siteLists load site infoccLoad(site s =gt sTitle)ccExecuteQuery()ConsoleWriteLine(Site Title + siteTitle) create listListCreationInformation newList = new ListCreationInformation()newListTitle = Customers CSOMnewListUrl = ListsCustomers_CSOMnewListQuickLaunchOption = QuickLaunchOptionsOnnewListTemplateType = (int)ListTemplateTypeContactssiteListsAdd(newList) refresh lists collectionccLoad(lists) make round trip to Web server to do all the workccExecuteQuery() foreach (List list in lists) ConsoleWriteLine(listTitle)
wwwAndrewConnellcom
AndrewConnell
CSOM using JavaScriptvar ctxvar webvar lists $(onPageLoad) function onPageLoad() ExecuteOrDelayUntilScriptLoaded(initCSOM spjs) function initCSOM() ctx = SPClientContextget_current() web = ctxget_web() ctxload(web) ctxload(webget_currentUser()) lists = webget_lists() ctxload(lists) ctxexecuteQueryAsync(onDisplaySiteInfo onError) function onDisplaySiteInfo() var siteTitle = webget_title() var siteId = webget_id()toString() var siteUrl = webget_url() var currentUser = webget_currentUser()get_loginName() do something with these values function onError(sender args) alert(JSONstringify(args))
wwwAndrewConnellcom
AndrewConnell
Programming CSOM with C
wwwAndrewConnellcom
AndrewConnell
REST URLs in SharePoint 2013
CSOM URLS can go through _api folderSimplifies URLs that need to be builtRemoves clientsvc file name from URL
You can replace this URLhttpwingtipserver_vti_binclientsvcweb
With this URLhttpwingtipserver_apiweb
wwwAndrewConnellcom
AndrewConnell
Mapping Objects to Resources
Example REST URLs targeting SharePoint sites
http[]_apiweblists
http[]_apiweblistsgetByTitle(lsquoContacts)
http[]_apiwebgetAvailableWebTemplates(lcid=1033)
wwwAndrewConnellcom
AndrewConnell
Testing REST Calls Through the Browser
wwwAndrewConnellcom
AndrewConnell
Executing REST Queries Through The Browser
wwwAndrewConnellcom
AndrewConnell
Returning ATOM XML vs JSON
Control data format response withACCEPT header
ATOM-PUB (XML) Verbose
Easier to read
ACCEPT = applicationatom+xml
JSON Condensed notation
Smaller payload
ACCEPT = applicationjsonodata=verbose
d __metadata idF05C411B-943E-42A0-A5DF-205F5C75E673 urihttpintranetwingtipcom_apiWebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2) etag0 typeSPList Id0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2 TitleDocuments
ltentry xmlbase=httpintranetwingtipcom_api xmlns=httpwwww3org2005Atom xmlnsd=httpschemasmicrosoftcomado200708dataservices xmlnsm=httpschemasmicrosoftcomado200708dataservicesmetadata metag=ampquot0ampquotgt ltidgthttpintranetwingtipcom_apiWebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2)ltidgt ltcategory term=SPList scheme=httpschemasmicrosoftcomado200708dataservicesscheme gt ltlink rel=edit href=WebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2) gt lttitle gt ltupdatedgt2012-10-05T205347Zltupdatedgt ltauthorgt ltname gt ltauthorgt ltcontent type=applicationxmlgt ltmpropertiesgt ltdTitlegtDocumentsltdTitlegt ltmpropertiesgt ltcontentgtltentrygt
wwwAndrewConnellcom
AndrewConnell
REST Query from Managed Code
Tips for making REST calls from managed codeUse HttpWebRequest amp HttpWebResponseQuery XML using XDocumentDescendantsOr use JSON amp JavascriptSeralizer JSONNET
build requestUri uri = new Uri(siteUrl + _apiweblistsgetByTitle(Documents)ampselect=Title)HttpWebRequest request = WebRequestCreate(uri) as HttpWebRequestrequestCredentials = CredentialCacheDefaultCredentialsrequestAccept = applicationatom+xml send requestHttpWebResponse response = requestGetResponse() as HttpWebResponse use LINQ to XML to get dataXDocument doc = XDocumentLoad(responseGetResponseStream())XNamespace nsDataService = httpschemasmicrosoftcomado200708dataservicesstring title = docDescendants(nsDataService + Title)First()Value
wwwAndrewConnellcom
AndrewConnell
REST Query Using JavaScript amp jQuery
$(onPageLoad) function onPageLoad() $(cmdGetSiteInfo)click(onGetSiteInfo) function onGetSiteInfo() var requestUri = _spPageContextInfowebAbsoluteUrl + _apiWeb$select=Title execute AJAX request jqxhr = $getJSON(requestUri null OnDataReturned) jqxhrerror(onError) function OnDataReturned(data) var odataResults = datad var siteTitle= odataResultsTitle $(results)html(Title + siteTitle) function onError(err) $(results)text(ERROR + JSONstringify(err))
d __metadata idF05C411B-943E-42A0-A5DF-205F5C75E673 urihttpintranetwingtipcom_apiWeb typeSPWeb Id0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2 TitleMy Site Title
wwwAndrewConnellcom
AndrewConnell
Updates and the Form Digest
Updates using REST require Form DigestSpecial value created using cryptographyUsed to protect against replay attackSharePoint pages include control that contains the Form
DigestWeb service clients must acquire Form
Digest separatelyForm Digest can be acquired through
httpsite_vti_binsitesasmx
wwwAndrewConnellcom
AndrewConnell
Creating Lists with Managed Code amp REST
Parse together URL to point to lists collectionAdd X-RequestDigest header with form
digest valueSet HTTP method to POSTCreate body content with new list info
wwwAndrewConnellcom
AndrewConnell
Creating Lists with JavaScript and REST
function onCreateList() var newList = __metadata typeSPList BaseTemplate105 TemplateFeatureId4AE88D99-DBBC-4B9E-95CC-CA3C320A2345 TitleNewListName var requestHeaders = ACCEPTapplicationjson X-RequestDigest$(__REQUESTDIGEST)val() $ajax( url _spPageContextInfowebAbsoluteUrl + _apiweblists type POST contentType applicationjson data JSONstringify(newList) headers requestHeaders success onSuccess error onError )
Create appropriate JavaScript object and convert to JSON format for request body
Get form digest value from control on page
Create request headers for HTTP Request
Send request to Web server using jQuery $ajax function
Convert request body data to string-based JSON object
wwwAndrewConnellcom
AndrewConnell
Querying and Updating Content Using REST
wwwAndrewConnellcom
AndrewConnell
Questions Want to Learn More
SharePoint Courses for Everyone SharePoint 2007 2010 amp 2013 Developers Administrators amp End Users
Get Training How You Like it Hands-On (classroom with hands-on
labs) Online (live webcast with take-away labs)
Private Classes Available for Large Groups
SharePoint Courses for Everyone SharePoint 2007 2010 amp 2013 Developers Administrators amp End Users
Individual Small Business amp Enterprise Plans Monthly or Annual Subscriptions Watch Online amp Offline
Subscribers Have Access to Entire Catalog
wwwCriticalPathTrainingcom
Hands-On amp Virtual Training
wwwPluralsightcom
On-Demand Training
meandrewconnellcom
- Building Apps for SharePoint 2013 Inside and Outside of the Fir
- Slide 2
- Agenda
- SharePoint 2013 Deployment Options
- Overview of the SharePoint App Model
- App Installation Scopes
- SharePoint App Architecture
- Creating SharePoint Hosted amp Cloud-Hosted Apps
- App Web
- Inspecting the AppWeb
- App Shapes
- App Shapes ndash What It Really Is
- Inspecting App Shapes
- Authentication in SharePoint 2013
- User vs App Authentication Flow
- SharePoint 2013 Authentication Flow
- Provider-Hosted Apps amp App Identity
- OAuth 20 Primer
- Windows Azure ACS
- What is a Server-to-Server (S2S) Trust
- Developing Apps that use S2S Trusts
- OAuth amp S2S Trusts
- What You Might Not Be Aware Of 1
- Creating Apps with Identities amp Permissions
- What You Might Not Be Aware Of 2
- The Sandbox Isnrsquot Dead
- App Model Parting Thoughts
- CSOM in SharePoint 2010
- Changes in SharePoint 2013
- What is covered in the new CSOM
- SharePoint 2013 Remote API Architecture
- What About ListDatasvc
- Changes to CSOM in SharePoint 2013
- CSOM using Managed Code
- CSOM using JavaScript
- Programming CSOM with C
- REST URLs in SharePoint 2013
- Mapping Objects to Resources
- Testing REST Calls Through the Browser
- Executing REST Queries Through The Browser
- Returning ATOM XML vs JSON
- REST Query from Managed Code
- REST Query Using JavaScript amp jQuery
- Updates and the Form Digest
- Creating Lists with Managed Code amp REST
- Creating Lists with JavaScript and REST
- Querying and Updating Content Using REST
- Questions Want to Learn More
-
wwwAndrewConnellcom
AndrewConnell
Creating Apps with Identities amp Permissions
wwwAndrewConnellcom
AndrewConnell
What You Might Not Be Aware Of 2
Office 365 Azure
bull ldquoPrivate Cloudrdquobull Azure Web Sitesbull SQL Azure DBsbull Access Control Service
Windows Azure
bull wwwazurecombull Cloud servicesbull Web Sitesbull Virtual Machinesbull Storage (blob queue table)bull Service Busbull SQL Azurebull Access Control Servicebull hellip
Office 365 Azure = Windows Azure
wwwAndrewConnellcom
AndrewConnell
The Sandbox Isnrsquot Dead
Where you build sandbox solutions try to replace them with SharePoint Apps
There are many scenarios where Apps canrsquot replace sandbox solutions
Some things are ONLY possible with sandboxed solutions in a hosted deployment
Remember they are deprecated not dead
wwwAndrewConnellcom
AndrewConnell
App Model Parting Thoughts
SharePoint ALM has always been hard NET ALM gt SharePoint ALM
More tools more mature more documentation amp support No longer limited to what SharePoint supports
Latest version of the NET Framework New ldquotoysrdquo (MVC Entity Framework etc) Not limited to any technology stack infrastructure
Working with service layer vs server side API More community tools amp libraries to choose from Can follow more ldquostandardsrdquo
Donrsquot have to scale SharePoint can now just scale the app
wwwAndrewConnellcom
AndrewConnell
CSOM in SharePoint 2010
CSOM made accessible through clientsvcDirect access to clientsvc not supportedCalls to clientsvc must go through
supported entry pointsSupported entry points
NETSilverlight JavaScript
wwwAndrewConnellcom
AndrewConnell
Changes in SharePoint 2013
clientsvc extended with REST capabilitiesclientsvc now supports direct access from
REST clientsclientsvc accepts HTTP GET PUT POST requestsImplemented in accordance with OData protocol
CSOM extended with new APIsNew APIs for SharePoint Server functionalityNew API for Windows Phone Applications
wwwAndrewConnellcom
AndrewConnell
What is covered in the new CSOM
New APIs with SharePoint Server functionality User Profiles
Search
Taxonomy
Feeds
Publishing
Sharing
Workflow
E-Discovery
IRM
Analytics
Business Data
wwwAndrewConnellcom
AndrewConnell
SharePoint 2013 Remote API Architecture
JavaScript Library
Silverlight Library
Net CLR Library
Custom Client Code
Client
Server
_api is new alias for _vti_binclientsvc
OData
Execute Query
wwwAndrewConnellcom
AndrewConnell
What About ListDatasvc
ListDatasvc added REST support for reading amp writing to SharePoint lists in SharePoint 2010
Still present in SharePoint 2013 but primarily only for backwards capability Existing code wonrsquot break
New development recommendation use new SharePoint 2013 RESTOData API
wwwAndrewConnellcom
AndrewConnell
Changes to CSOM in SharePoint 2013
SharePoint Foundation 2013No significant changes to CSOM beyond REST supportPrimary investment was adding REST to existing API
SharePoint Server 2013New APIs added with CSOM and REST support
wwwAndrewConnellcom
AndrewConnell
CSOM using Managed CodeClientContext cc = new ClientContext(httpclientsidewingtipcom)ccCredentials = CredentialCacheDefaultCredentialsWeb site = ccWebListCollection lists = siteLists load site infoccLoad(site s =gt sTitle)ccExecuteQuery()ConsoleWriteLine(Site Title + siteTitle) create listListCreationInformation newList = new ListCreationInformation()newListTitle = Customers CSOMnewListUrl = ListsCustomers_CSOMnewListQuickLaunchOption = QuickLaunchOptionsOnnewListTemplateType = (int)ListTemplateTypeContactssiteListsAdd(newList) refresh lists collectionccLoad(lists) make round trip to Web server to do all the workccExecuteQuery() foreach (List list in lists) ConsoleWriteLine(listTitle)
wwwAndrewConnellcom
AndrewConnell
CSOM using JavaScriptvar ctxvar webvar lists $(onPageLoad) function onPageLoad() ExecuteOrDelayUntilScriptLoaded(initCSOM spjs) function initCSOM() ctx = SPClientContextget_current() web = ctxget_web() ctxload(web) ctxload(webget_currentUser()) lists = webget_lists() ctxload(lists) ctxexecuteQueryAsync(onDisplaySiteInfo onError) function onDisplaySiteInfo() var siteTitle = webget_title() var siteId = webget_id()toString() var siteUrl = webget_url() var currentUser = webget_currentUser()get_loginName() do something with these values function onError(sender args) alert(JSONstringify(args))
wwwAndrewConnellcom
AndrewConnell
Programming CSOM with C
wwwAndrewConnellcom
AndrewConnell
REST URLs in SharePoint 2013
CSOM URLS can go through _api folderSimplifies URLs that need to be builtRemoves clientsvc file name from URL
You can replace this URLhttpwingtipserver_vti_binclientsvcweb
With this URLhttpwingtipserver_apiweb
wwwAndrewConnellcom
AndrewConnell
Mapping Objects to Resources
Example REST URLs targeting SharePoint sites
http[]_apiweblists
http[]_apiweblistsgetByTitle(lsquoContacts)
http[]_apiwebgetAvailableWebTemplates(lcid=1033)
wwwAndrewConnellcom
AndrewConnell
Testing REST Calls Through the Browser
wwwAndrewConnellcom
AndrewConnell
Executing REST Queries Through The Browser
wwwAndrewConnellcom
AndrewConnell
Returning ATOM XML vs JSON
Control data format response withACCEPT header
ATOM-PUB (XML) Verbose
Easier to read
ACCEPT = applicationatom+xml
JSON Condensed notation
Smaller payload
ACCEPT = applicationjsonodata=verbose
d __metadata idF05C411B-943E-42A0-A5DF-205F5C75E673 urihttpintranetwingtipcom_apiWebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2) etag0 typeSPList Id0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2 TitleDocuments
ltentry xmlbase=httpintranetwingtipcom_api xmlns=httpwwww3org2005Atom xmlnsd=httpschemasmicrosoftcomado200708dataservices xmlnsm=httpschemasmicrosoftcomado200708dataservicesmetadata metag=ampquot0ampquotgt ltidgthttpintranetwingtipcom_apiWebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2)ltidgt ltcategory term=SPList scheme=httpschemasmicrosoftcomado200708dataservicesscheme gt ltlink rel=edit href=WebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2) gt lttitle gt ltupdatedgt2012-10-05T205347Zltupdatedgt ltauthorgt ltname gt ltauthorgt ltcontent type=applicationxmlgt ltmpropertiesgt ltdTitlegtDocumentsltdTitlegt ltmpropertiesgt ltcontentgtltentrygt
wwwAndrewConnellcom
AndrewConnell
REST Query from Managed Code
Tips for making REST calls from managed codeUse HttpWebRequest amp HttpWebResponseQuery XML using XDocumentDescendantsOr use JSON amp JavascriptSeralizer JSONNET
build requestUri uri = new Uri(siteUrl + _apiweblistsgetByTitle(Documents)ampselect=Title)HttpWebRequest request = WebRequestCreate(uri) as HttpWebRequestrequestCredentials = CredentialCacheDefaultCredentialsrequestAccept = applicationatom+xml send requestHttpWebResponse response = requestGetResponse() as HttpWebResponse use LINQ to XML to get dataXDocument doc = XDocumentLoad(responseGetResponseStream())XNamespace nsDataService = httpschemasmicrosoftcomado200708dataservicesstring title = docDescendants(nsDataService + Title)First()Value
wwwAndrewConnellcom
AndrewConnell
REST Query Using JavaScript amp jQuery
$(onPageLoad) function onPageLoad() $(cmdGetSiteInfo)click(onGetSiteInfo) function onGetSiteInfo() var requestUri = _spPageContextInfowebAbsoluteUrl + _apiWeb$select=Title execute AJAX request jqxhr = $getJSON(requestUri null OnDataReturned) jqxhrerror(onError) function OnDataReturned(data) var odataResults = datad var siteTitle= odataResultsTitle $(results)html(Title + siteTitle) function onError(err) $(results)text(ERROR + JSONstringify(err))
d __metadata idF05C411B-943E-42A0-A5DF-205F5C75E673 urihttpintranetwingtipcom_apiWeb typeSPWeb Id0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2 TitleMy Site Title
wwwAndrewConnellcom
AndrewConnell
Updates and the Form Digest
Updates using REST require Form DigestSpecial value created using cryptographyUsed to protect against replay attackSharePoint pages include control that contains the Form
DigestWeb service clients must acquire Form
Digest separatelyForm Digest can be acquired through
httpsite_vti_binsitesasmx
wwwAndrewConnellcom
AndrewConnell
Creating Lists with Managed Code amp REST
Parse together URL to point to lists collectionAdd X-RequestDigest header with form
digest valueSet HTTP method to POSTCreate body content with new list info
wwwAndrewConnellcom
AndrewConnell
Creating Lists with JavaScript and REST
function onCreateList() var newList = __metadata typeSPList BaseTemplate105 TemplateFeatureId4AE88D99-DBBC-4B9E-95CC-CA3C320A2345 TitleNewListName var requestHeaders = ACCEPTapplicationjson X-RequestDigest$(__REQUESTDIGEST)val() $ajax( url _spPageContextInfowebAbsoluteUrl + _apiweblists type POST contentType applicationjson data JSONstringify(newList) headers requestHeaders success onSuccess error onError )
Create appropriate JavaScript object and convert to JSON format for request body
Get form digest value from control on page
Create request headers for HTTP Request
Send request to Web server using jQuery $ajax function
Convert request body data to string-based JSON object
wwwAndrewConnellcom
AndrewConnell
Querying and Updating Content Using REST
wwwAndrewConnellcom
AndrewConnell
Questions Want to Learn More
SharePoint Courses for Everyone SharePoint 2007 2010 amp 2013 Developers Administrators amp End Users
Get Training How You Like it Hands-On (classroom with hands-on
labs) Online (live webcast with take-away labs)
Private Classes Available for Large Groups
SharePoint Courses for Everyone SharePoint 2007 2010 amp 2013 Developers Administrators amp End Users
Individual Small Business amp Enterprise Plans Monthly or Annual Subscriptions Watch Online amp Offline
Subscribers Have Access to Entire Catalog
wwwCriticalPathTrainingcom
Hands-On amp Virtual Training
wwwPluralsightcom
On-Demand Training
meandrewconnellcom
- Building Apps for SharePoint 2013 Inside and Outside of the Fir
- Slide 2
- Agenda
- SharePoint 2013 Deployment Options
- Overview of the SharePoint App Model
- App Installation Scopes
- SharePoint App Architecture
- Creating SharePoint Hosted amp Cloud-Hosted Apps
- App Web
- Inspecting the AppWeb
- App Shapes
- App Shapes ndash What It Really Is
- Inspecting App Shapes
- Authentication in SharePoint 2013
- User vs App Authentication Flow
- SharePoint 2013 Authentication Flow
- Provider-Hosted Apps amp App Identity
- OAuth 20 Primer
- Windows Azure ACS
- What is a Server-to-Server (S2S) Trust
- Developing Apps that use S2S Trusts
- OAuth amp S2S Trusts
- What You Might Not Be Aware Of 1
- Creating Apps with Identities amp Permissions
- What You Might Not Be Aware Of 2
- The Sandbox Isnrsquot Dead
- App Model Parting Thoughts
- CSOM in SharePoint 2010
- Changes in SharePoint 2013
- What is covered in the new CSOM
- SharePoint 2013 Remote API Architecture
- What About ListDatasvc
- Changes to CSOM in SharePoint 2013
- CSOM using Managed Code
- CSOM using JavaScript
- Programming CSOM with C
- REST URLs in SharePoint 2013
- Mapping Objects to Resources
- Testing REST Calls Through the Browser
- Executing REST Queries Through The Browser
- Returning ATOM XML vs JSON
- REST Query from Managed Code
- REST Query Using JavaScript amp jQuery
- Updates and the Form Digest
- Creating Lists with Managed Code amp REST
- Creating Lists with JavaScript and REST
- Querying and Updating Content Using REST
- Questions Want to Learn More
-
wwwAndrewConnellcom
AndrewConnell
What You Might Not Be Aware Of 2
Office 365 Azure
bull ldquoPrivate Cloudrdquobull Azure Web Sitesbull SQL Azure DBsbull Access Control Service
Windows Azure
bull wwwazurecombull Cloud servicesbull Web Sitesbull Virtual Machinesbull Storage (blob queue table)bull Service Busbull SQL Azurebull Access Control Servicebull hellip
Office 365 Azure = Windows Azure
wwwAndrewConnellcom
AndrewConnell
The Sandbox Isnrsquot Dead
Where you build sandbox solutions try to replace them with SharePoint Apps
There are many scenarios where Apps canrsquot replace sandbox solutions
Some things are ONLY possible with sandboxed solutions in a hosted deployment
Remember they are deprecated not dead
wwwAndrewConnellcom
AndrewConnell
App Model Parting Thoughts
SharePoint ALM has always been hard NET ALM gt SharePoint ALM
More tools more mature more documentation amp support No longer limited to what SharePoint supports
Latest version of the NET Framework New ldquotoysrdquo (MVC Entity Framework etc) Not limited to any technology stack infrastructure
Working with service layer vs server side API More community tools amp libraries to choose from Can follow more ldquostandardsrdquo
Donrsquot have to scale SharePoint can now just scale the app
wwwAndrewConnellcom
AndrewConnell
CSOM in SharePoint 2010
CSOM made accessible through clientsvcDirect access to clientsvc not supportedCalls to clientsvc must go through
supported entry pointsSupported entry points
NETSilverlight JavaScript
wwwAndrewConnellcom
AndrewConnell
Changes in SharePoint 2013
clientsvc extended with REST capabilitiesclientsvc now supports direct access from
REST clientsclientsvc accepts HTTP GET PUT POST requestsImplemented in accordance with OData protocol
CSOM extended with new APIsNew APIs for SharePoint Server functionalityNew API for Windows Phone Applications
wwwAndrewConnellcom
AndrewConnell
What is covered in the new CSOM
New APIs with SharePoint Server functionality User Profiles
Search
Taxonomy
Feeds
Publishing
Sharing
Workflow
E-Discovery
IRM
Analytics
Business Data
wwwAndrewConnellcom
AndrewConnell
SharePoint 2013 Remote API Architecture
JavaScript Library
Silverlight Library
Net CLR Library
Custom Client Code
Client
Server
_api is new alias for _vti_binclientsvc
OData
Execute Query
wwwAndrewConnellcom
AndrewConnell
What About ListDatasvc
ListDatasvc added REST support for reading amp writing to SharePoint lists in SharePoint 2010
Still present in SharePoint 2013 but primarily only for backwards capability Existing code wonrsquot break
New development recommendation use new SharePoint 2013 RESTOData API
wwwAndrewConnellcom
AndrewConnell
Changes to CSOM in SharePoint 2013
SharePoint Foundation 2013No significant changes to CSOM beyond REST supportPrimary investment was adding REST to existing API
SharePoint Server 2013New APIs added with CSOM and REST support
wwwAndrewConnellcom
AndrewConnell
CSOM using Managed CodeClientContext cc = new ClientContext(httpclientsidewingtipcom)ccCredentials = CredentialCacheDefaultCredentialsWeb site = ccWebListCollection lists = siteLists load site infoccLoad(site s =gt sTitle)ccExecuteQuery()ConsoleWriteLine(Site Title + siteTitle) create listListCreationInformation newList = new ListCreationInformation()newListTitle = Customers CSOMnewListUrl = ListsCustomers_CSOMnewListQuickLaunchOption = QuickLaunchOptionsOnnewListTemplateType = (int)ListTemplateTypeContactssiteListsAdd(newList) refresh lists collectionccLoad(lists) make round trip to Web server to do all the workccExecuteQuery() foreach (List list in lists) ConsoleWriteLine(listTitle)
wwwAndrewConnellcom
AndrewConnell
CSOM using JavaScriptvar ctxvar webvar lists $(onPageLoad) function onPageLoad() ExecuteOrDelayUntilScriptLoaded(initCSOM spjs) function initCSOM() ctx = SPClientContextget_current() web = ctxget_web() ctxload(web) ctxload(webget_currentUser()) lists = webget_lists() ctxload(lists) ctxexecuteQueryAsync(onDisplaySiteInfo onError) function onDisplaySiteInfo() var siteTitle = webget_title() var siteId = webget_id()toString() var siteUrl = webget_url() var currentUser = webget_currentUser()get_loginName() do something with these values function onError(sender args) alert(JSONstringify(args))
wwwAndrewConnellcom
AndrewConnell
Programming CSOM with C
wwwAndrewConnellcom
AndrewConnell
REST URLs in SharePoint 2013
CSOM URLS can go through _api folderSimplifies URLs that need to be builtRemoves clientsvc file name from URL
You can replace this URLhttpwingtipserver_vti_binclientsvcweb
With this URLhttpwingtipserver_apiweb
wwwAndrewConnellcom
AndrewConnell
Mapping Objects to Resources
Example REST URLs targeting SharePoint sites
http[]_apiweblists
http[]_apiweblistsgetByTitle(lsquoContacts)
http[]_apiwebgetAvailableWebTemplates(lcid=1033)
wwwAndrewConnellcom
AndrewConnell
Testing REST Calls Through the Browser
wwwAndrewConnellcom
AndrewConnell
Executing REST Queries Through The Browser
wwwAndrewConnellcom
AndrewConnell
Returning ATOM XML vs JSON
Control data format response withACCEPT header
ATOM-PUB (XML) Verbose
Easier to read
ACCEPT = applicationatom+xml
JSON Condensed notation
Smaller payload
ACCEPT = applicationjsonodata=verbose
d __metadata idF05C411B-943E-42A0-A5DF-205F5C75E673 urihttpintranetwingtipcom_apiWebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2) etag0 typeSPList Id0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2 TitleDocuments
ltentry xmlbase=httpintranetwingtipcom_api xmlns=httpwwww3org2005Atom xmlnsd=httpschemasmicrosoftcomado200708dataservices xmlnsm=httpschemasmicrosoftcomado200708dataservicesmetadata metag=ampquot0ampquotgt ltidgthttpintranetwingtipcom_apiWebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2)ltidgt ltcategory term=SPList scheme=httpschemasmicrosoftcomado200708dataservicesscheme gt ltlink rel=edit href=WebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2) gt lttitle gt ltupdatedgt2012-10-05T205347Zltupdatedgt ltauthorgt ltname gt ltauthorgt ltcontent type=applicationxmlgt ltmpropertiesgt ltdTitlegtDocumentsltdTitlegt ltmpropertiesgt ltcontentgtltentrygt
wwwAndrewConnellcom
AndrewConnell
REST Query from Managed Code
Tips for making REST calls from managed codeUse HttpWebRequest amp HttpWebResponseQuery XML using XDocumentDescendantsOr use JSON amp JavascriptSeralizer JSONNET
build requestUri uri = new Uri(siteUrl + _apiweblistsgetByTitle(Documents)ampselect=Title)HttpWebRequest request = WebRequestCreate(uri) as HttpWebRequestrequestCredentials = CredentialCacheDefaultCredentialsrequestAccept = applicationatom+xml send requestHttpWebResponse response = requestGetResponse() as HttpWebResponse use LINQ to XML to get dataXDocument doc = XDocumentLoad(responseGetResponseStream())XNamespace nsDataService = httpschemasmicrosoftcomado200708dataservicesstring title = docDescendants(nsDataService + Title)First()Value
wwwAndrewConnellcom
AndrewConnell
REST Query Using JavaScript amp jQuery
$(onPageLoad) function onPageLoad() $(cmdGetSiteInfo)click(onGetSiteInfo) function onGetSiteInfo() var requestUri = _spPageContextInfowebAbsoluteUrl + _apiWeb$select=Title execute AJAX request jqxhr = $getJSON(requestUri null OnDataReturned) jqxhrerror(onError) function OnDataReturned(data) var odataResults = datad var siteTitle= odataResultsTitle $(results)html(Title + siteTitle) function onError(err) $(results)text(ERROR + JSONstringify(err))
d __metadata idF05C411B-943E-42A0-A5DF-205F5C75E673 urihttpintranetwingtipcom_apiWeb typeSPWeb Id0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2 TitleMy Site Title
wwwAndrewConnellcom
AndrewConnell
Updates and the Form Digest
Updates using REST require Form DigestSpecial value created using cryptographyUsed to protect against replay attackSharePoint pages include control that contains the Form
DigestWeb service clients must acquire Form
Digest separatelyForm Digest can be acquired through
httpsite_vti_binsitesasmx
wwwAndrewConnellcom
AndrewConnell
Creating Lists with Managed Code amp REST
Parse together URL to point to lists collectionAdd X-RequestDigest header with form
digest valueSet HTTP method to POSTCreate body content with new list info
wwwAndrewConnellcom
AndrewConnell
Creating Lists with JavaScript and REST
function onCreateList() var newList = __metadata typeSPList BaseTemplate105 TemplateFeatureId4AE88D99-DBBC-4B9E-95CC-CA3C320A2345 TitleNewListName var requestHeaders = ACCEPTapplicationjson X-RequestDigest$(__REQUESTDIGEST)val() $ajax( url _spPageContextInfowebAbsoluteUrl + _apiweblists type POST contentType applicationjson data JSONstringify(newList) headers requestHeaders success onSuccess error onError )
Create appropriate JavaScript object and convert to JSON format for request body
Get form digest value from control on page
Create request headers for HTTP Request
Send request to Web server using jQuery $ajax function
Convert request body data to string-based JSON object
wwwAndrewConnellcom
AndrewConnell
Querying and Updating Content Using REST
wwwAndrewConnellcom
AndrewConnell
Questions Want to Learn More
SharePoint Courses for Everyone SharePoint 2007 2010 amp 2013 Developers Administrators amp End Users
Get Training How You Like it Hands-On (classroom with hands-on
labs) Online (live webcast with take-away labs)
Private Classes Available for Large Groups
SharePoint Courses for Everyone SharePoint 2007 2010 amp 2013 Developers Administrators amp End Users
Individual Small Business amp Enterprise Plans Monthly or Annual Subscriptions Watch Online amp Offline
Subscribers Have Access to Entire Catalog
wwwCriticalPathTrainingcom
Hands-On amp Virtual Training
wwwPluralsightcom
On-Demand Training
meandrewconnellcom
- Building Apps for SharePoint 2013 Inside and Outside of the Fir
- Slide 2
- Agenda
- SharePoint 2013 Deployment Options
- Overview of the SharePoint App Model
- App Installation Scopes
- SharePoint App Architecture
- Creating SharePoint Hosted amp Cloud-Hosted Apps
- App Web
- Inspecting the AppWeb
- App Shapes
- App Shapes ndash What It Really Is
- Inspecting App Shapes
- Authentication in SharePoint 2013
- User vs App Authentication Flow
- SharePoint 2013 Authentication Flow
- Provider-Hosted Apps amp App Identity
- OAuth 20 Primer
- Windows Azure ACS
- What is a Server-to-Server (S2S) Trust
- Developing Apps that use S2S Trusts
- OAuth amp S2S Trusts
- What You Might Not Be Aware Of 1
- Creating Apps with Identities amp Permissions
- What You Might Not Be Aware Of 2
- The Sandbox Isnrsquot Dead
- App Model Parting Thoughts
- CSOM in SharePoint 2010
- Changes in SharePoint 2013
- What is covered in the new CSOM
- SharePoint 2013 Remote API Architecture
- What About ListDatasvc
- Changes to CSOM in SharePoint 2013
- CSOM using Managed Code
- CSOM using JavaScript
- Programming CSOM with C
- REST URLs in SharePoint 2013
- Mapping Objects to Resources
- Testing REST Calls Through the Browser
- Executing REST Queries Through The Browser
- Returning ATOM XML vs JSON
- REST Query from Managed Code
- REST Query Using JavaScript amp jQuery
- Updates and the Form Digest
- Creating Lists with Managed Code amp REST
- Creating Lists with JavaScript and REST
- Querying and Updating Content Using REST
- Questions Want to Learn More
-
wwwAndrewConnellcom
AndrewConnell
The Sandbox Isnrsquot Dead
Where you build sandbox solutions try to replace them with SharePoint Apps
There are many scenarios where Apps canrsquot replace sandbox solutions
Some things are ONLY possible with sandboxed solutions in a hosted deployment
Remember they are deprecated not dead
wwwAndrewConnellcom
AndrewConnell
App Model Parting Thoughts
SharePoint ALM has always been hard NET ALM gt SharePoint ALM
More tools more mature more documentation amp support No longer limited to what SharePoint supports
Latest version of the NET Framework New ldquotoysrdquo (MVC Entity Framework etc) Not limited to any technology stack infrastructure
Working with service layer vs server side API More community tools amp libraries to choose from Can follow more ldquostandardsrdquo
Donrsquot have to scale SharePoint can now just scale the app
wwwAndrewConnellcom
AndrewConnell
CSOM in SharePoint 2010
CSOM made accessible through clientsvcDirect access to clientsvc not supportedCalls to clientsvc must go through
supported entry pointsSupported entry points
NETSilverlight JavaScript
wwwAndrewConnellcom
AndrewConnell
Changes in SharePoint 2013
clientsvc extended with REST capabilitiesclientsvc now supports direct access from
REST clientsclientsvc accepts HTTP GET PUT POST requestsImplemented in accordance with OData protocol
CSOM extended with new APIsNew APIs for SharePoint Server functionalityNew API for Windows Phone Applications
wwwAndrewConnellcom
AndrewConnell
What is covered in the new CSOM
New APIs with SharePoint Server functionality User Profiles
Search
Taxonomy
Feeds
Publishing
Sharing
Workflow
E-Discovery
IRM
Analytics
Business Data
wwwAndrewConnellcom
AndrewConnell
SharePoint 2013 Remote API Architecture
JavaScript Library
Silverlight Library
Net CLR Library
Custom Client Code
Client
Server
_api is new alias for _vti_binclientsvc
OData
Execute Query
wwwAndrewConnellcom
AndrewConnell
What About ListDatasvc
ListDatasvc added REST support for reading amp writing to SharePoint lists in SharePoint 2010
Still present in SharePoint 2013 but primarily only for backwards capability Existing code wonrsquot break
New development recommendation use new SharePoint 2013 RESTOData API
wwwAndrewConnellcom
AndrewConnell
Changes to CSOM in SharePoint 2013
SharePoint Foundation 2013No significant changes to CSOM beyond REST supportPrimary investment was adding REST to existing API
SharePoint Server 2013New APIs added with CSOM and REST support
wwwAndrewConnellcom
AndrewConnell
CSOM using Managed CodeClientContext cc = new ClientContext(httpclientsidewingtipcom)ccCredentials = CredentialCacheDefaultCredentialsWeb site = ccWebListCollection lists = siteLists load site infoccLoad(site s =gt sTitle)ccExecuteQuery()ConsoleWriteLine(Site Title + siteTitle) create listListCreationInformation newList = new ListCreationInformation()newListTitle = Customers CSOMnewListUrl = ListsCustomers_CSOMnewListQuickLaunchOption = QuickLaunchOptionsOnnewListTemplateType = (int)ListTemplateTypeContactssiteListsAdd(newList) refresh lists collectionccLoad(lists) make round trip to Web server to do all the workccExecuteQuery() foreach (List list in lists) ConsoleWriteLine(listTitle)
wwwAndrewConnellcom
AndrewConnell
CSOM using JavaScriptvar ctxvar webvar lists $(onPageLoad) function onPageLoad() ExecuteOrDelayUntilScriptLoaded(initCSOM spjs) function initCSOM() ctx = SPClientContextget_current() web = ctxget_web() ctxload(web) ctxload(webget_currentUser()) lists = webget_lists() ctxload(lists) ctxexecuteQueryAsync(onDisplaySiteInfo onError) function onDisplaySiteInfo() var siteTitle = webget_title() var siteId = webget_id()toString() var siteUrl = webget_url() var currentUser = webget_currentUser()get_loginName() do something with these values function onError(sender args) alert(JSONstringify(args))
wwwAndrewConnellcom
AndrewConnell
Programming CSOM with C
wwwAndrewConnellcom
AndrewConnell
REST URLs in SharePoint 2013
CSOM URLS can go through _api folderSimplifies URLs that need to be builtRemoves clientsvc file name from URL
You can replace this URLhttpwingtipserver_vti_binclientsvcweb
With this URLhttpwingtipserver_apiweb
wwwAndrewConnellcom
AndrewConnell
Mapping Objects to Resources
Example REST URLs targeting SharePoint sites
http[]_apiweblists
http[]_apiweblistsgetByTitle(lsquoContacts)
http[]_apiwebgetAvailableWebTemplates(lcid=1033)
wwwAndrewConnellcom
AndrewConnell
Testing REST Calls Through the Browser
wwwAndrewConnellcom
AndrewConnell
Executing REST Queries Through The Browser
wwwAndrewConnellcom
AndrewConnell
Returning ATOM XML vs JSON
Control data format response withACCEPT header
ATOM-PUB (XML) Verbose
Easier to read
ACCEPT = applicationatom+xml
JSON Condensed notation
Smaller payload
ACCEPT = applicationjsonodata=verbose
d __metadata idF05C411B-943E-42A0-A5DF-205F5C75E673 urihttpintranetwingtipcom_apiWebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2) etag0 typeSPList Id0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2 TitleDocuments
ltentry xmlbase=httpintranetwingtipcom_api xmlns=httpwwww3org2005Atom xmlnsd=httpschemasmicrosoftcomado200708dataservices xmlnsm=httpschemasmicrosoftcomado200708dataservicesmetadata metag=ampquot0ampquotgt ltidgthttpintranetwingtipcom_apiWebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2)ltidgt ltcategory term=SPList scheme=httpschemasmicrosoftcomado200708dataservicesscheme gt ltlink rel=edit href=WebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2) gt lttitle gt ltupdatedgt2012-10-05T205347Zltupdatedgt ltauthorgt ltname gt ltauthorgt ltcontent type=applicationxmlgt ltmpropertiesgt ltdTitlegtDocumentsltdTitlegt ltmpropertiesgt ltcontentgtltentrygt
wwwAndrewConnellcom
AndrewConnell
REST Query from Managed Code
Tips for making REST calls from managed codeUse HttpWebRequest amp HttpWebResponseQuery XML using XDocumentDescendantsOr use JSON amp JavascriptSeralizer JSONNET
build requestUri uri = new Uri(siteUrl + _apiweblistsgetByTitle(Documents)ampselect=Title)HttpWebRequest request = WebRequestCreate(uri) as HttpWebRequestrequestCredentials = CredentialCacheDefaultCredentialsrequestAccept = applicationatom+xml send requestHttpWebResponse response = requestGetResponse() as HttpWebResponse use LINQ to XML to get dataXDocument doc = XDocumentLoad(responseGetResponseStream())XNamespace nsDataService = httpschemasmicrosoftcomado200708dataservicesstring title = docDescendants(nsDataService + Title)First()Value
wwwAndrewConnellcom
AndrewConnell
REST Query Using JavaScript amp jQuery
$(onPageLoad) function onPageLoad() $(cmdGetSiteInfo)click(onGetSiteInfo) function onGetSiteInfo() var requestUri = _spPageContextInfowebAbsoluteUrl + _apiWeb$select=Title execute AJAX request jqxhr = $getJSON(requestUri null OnDataReturned) jqxhrerror(onError) function OnDataReturned(data) var odataResults = datad var siteTitle= odataResultsTitle $(results)html(Title + siteTitle) function onError(err) $(results)text(ERROR + JSONstringify(err))
d __metadata idF05C411B-943E-42A0-A5DF-205F5C75E673 urihttpintranetwingtipcom_apiWeb typeSPWeb Id0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2 TitleMy Site Title
wwwAndrewConnellcom
AndrewConnell
Updates and the Form Digest
Updates using REST require Form DigestSpecial value created using cryptographyUsed to protect against replay attackSharePoint pages include control that contains the Form
DigestWeb service clients must acquire Form
Digest separatelyForm Digest can be acquired through
httpsite_vti_binsitesasmx
wwwAndrewConnellcom
AndrewConnell
Creating Lists with Managed Code amp REST
Parse together URL to point to lists collectionAdd X-RequestDigest header with form
digest valueSet HTTP method to POSTCreate body content with new list info
wwwAndrewConnellcom
AndrewConnell
Creating Lists with JavaScript and REST
function onCreateList() var newList = __metadata typeSPList BaseTemplate105 TemplateFeatureId4AE88D99-DBBC-4B9E-95CC-CA3C320A2345 TitleNewListName var requestHeaders = ACCEPTapplicationjson X-RequestDigest$(__REQUESTDIGEST)val() $ajax( url _spPageContextInfowebAbsoluteUrl + _apiweblists type POST contentType applicationjson data JSONstringify(newList) headers requestHeaders success onSuccess error onError )
Create appropriate JavaScript object and convert to JSON format for request body
Get form digest value from control on page
Create request headers for HTTP Request
Send request to Web server using jQuery $ajax function
Convert request body data to string-based JSON object
wwwAndrewConnellcom
AndrewConnell
Querying and Updating Content Using REST
wwwAndrewConnellcom
AndrewConnell
Questions Want to Learn More
SharePoint Courses for Everyone SharePoint 2007 2010 amp 2013 Developers Administrators amp End Users
Get Training How You Like it Hands-On (classroom with hands-on
labs) Online (live webcast with take-away labs)
Private Classes Available for Large Groups
SharePoint Courses for Everyone SharePoint 2007 2010 amp 2013 Developers Administrators amp End Users
Individual Small Business amp Enterprise Plans Monthly or Annual Subscriptions Watch Online amp Offline
Subscribers Have Access to Entire Catalog
wwwCriticalPathTrainingcom
Hands-On amp Virtual Training
wwwPluralsightcom
On-Demand Training
meandrewconnellcom
- Building Apps for SharePoint 2013 Inside and Outside of the Fir
- Slide 2
- Agenda
- SharePoint 2013 Deployment Options
- Overview of the SharePoint App Model
- App Installation Scopes
- SharePoint App Architecture
- Creating SharePoint Hosted amp Cloud-Hosted Apps
- App Web
- Inspecting the AppWeb
- App Shapes
- App Shapes ndash What It Really Is
- Inspecting App Shapes
- Authentication in SharePoint 2013
- User vs App Authentication Flow
- SharePoint 2013 Authentication Flow
- Provider-Hosted Apps amp App Identity
- OAuth 20 Primer
- Windows Azure ACS
- What is a Server-to-Server (S2S) Trust
- Developing Apps that use S2S Trusts
- OAuth amp S2S Trusts
- What You Might Not Be Aware Of 1
- Creating Apps with Identities amp Permissions
- What You Might Not Be Aware Of 2
- The Sandbox Isnrsquot Dead
- App Model Parting Thoughts
- CSOM in SharePoint 2010
- Changes in SharePoint 2013
- What is covered in the new CSOM
- SharePoint 2013 Remote API Architecture
- What About ListDatasvc
- Changes to CSOM in SharePoint 2013
- CSOM using Managed Code
- CSOM using JavaScript
- Programming CSOM with C
- REST URLs in SharePoint 2013
- Mapping Objects to Resources
- Testing REST Calls Through the Browser
- Executing REST Queries Through The Browser
- Returning ATOM XML vs JSON
- REST Query from Managed Code
- REST Query Using JavaScript amp jQuery
- Updates and the Form Digest
- Creating Lists with Managed Code amp REST
- Creating Lists with JavaScript and REST
- Querying and Updating Content Using REST
- Questions Want to Learn More
-
wwwAndrewConnellcom
AndrewConnell
App Model Parting Thoughts
SharePoint ALM has always been hard NET ALM gt SharePoint ALM
More tools more mature more documentation amp support No longer limited to what SharePoint supports
Latest version of the NET Framework New ldquotoysrdquo (MVC Entity Framework etc) Not limited to any technology stack infrastructure
Working with service layer vs server side API More community tools amp libraries to choose from Can follow more ldquostandardsrdquo
Donrsquot have to scale SharePoint can now just scale the app
wwwAndrewConnellcom
AndrewConnell
CSOM in SharePoint 2010
CSOM made accessible through clientsvcDirect access to clientsvc not supportedCalls to clientsvc must go through
supported entry pointsSupported entry points
NETSilverlight JavaScript
wwwAndrewConnellcom
AndrewConnell
Changes in SharePoint 2013
clientsvc extended with REST capabilitiesclientsvc now supports direct access from
REST clientsclientsvc accepts HTTP GET PUT POST requestsImplemented in accordance with OData protocol
CSOM extended with new APIsNew APIs for SharePoint Server functionalityNew API for Windows Phone Applications
wwwAndrewConnellcom
AndrewConnell
What is covered in the new CSOM
New APIs with SharePoint Server functionality User Profiles
Search
Taxonomy
Feeds
Publishing
Sharing
Workflow
E-Discovery
IRM
Analytics
Business Data
wwwAndrewConnellcom
AndrewConnell
SharePoint 2013 Remote API Architecture
JavaScript Library
Silverlight Library
Net CLR Library
Custom Client Code
Client
Server
_api is new alias for _vti_binclientsvc
OData
Execute Query
wwwAndrewConnellcom
AndrewConnell
What About ListDatasvc
ListDatasvc added REST support for reading amp writing to SharePoint lists in SharePoint 2010
Still present in SharePoint 2013 but primarily only for backwards capability Existing code wonrsquot break
New development recommendation use new SharePoint 2013 RESTOData API
wwwAndrewConnellcom
AndrewConnell
Changes to CSOM in SharePoint 2013
SharePoint Foundation 2013No significant changes to CSOM beyond REST supportPrimary investment was adding REST to existing API
SharePoint Server 2013New APIs added with CSOM and REST support
wwwAndrewConnellcom
AndrewConnell
CSOM using Managed CodeClientContext cc = new ClientContext(httpclientsidewingtipcom)ccCredentials = CredentialCacheDefaultCredentialsWeb site = ccWebListCollection lists = siteLists load site infoccLoad(site s =gt sTitle)ccExecuteQuery()ConsoleWriteLine(Site Title + siteTitle) create listListCreationInformation newList = new ListCreationInformation()newListTitle = Customers CSOMnewListUrl = ListsCustomers_CSOMnewListQuickLaunchOption = QuickLaunchOptionsOnnewListTemplateType = (int)ListTemplateTypeContactssiteListsAdd(newList) refresh lists collectionccLoad(lists) make round trip to Web server to do all the workccExecuteQuery() foreach (List list in lists) ConsoleWriteLine(listTitle)
wwwAndrewConnellcom
AndrewConnell
CSOM using JavaScriptvar ctxvar webvar lists $(onPageLoad) function onPageLoad() ExecuteOrDelayUntilScriptLoaded(initCSOM spjs) function initCSOM() ctx = SPClientContextget_current() web = ctxget_web() ctxload(web) ctxload(webget_currentUser()) lists = webget_lists() ctxload(lists) ctxexecuteQueryAsync(onDisplaySiteInfo onError) function onDisplaySiteInfo() var siteTitle = webget_title() var siteId = webget_id()toString() var siteUrl = webget_url() var currentUser = webget_currentUser()get_loginName() do something with these values function onError(sender args) alert(JSONstringify(args))
wwwAndrewConnellcom
AndrewConnell
Programming CSOM with C
wwwAndrewConnellcom
AndrewConnell
REST URLs in SharePoint 2013
CSOM URLS can go through _api folderSimplifies URLs that need to be builtRemoves clientsvc file name from URL
You can replace this URLhttpwingtipserver_vti_binclientsvcweb
With this URLhttpwingtipserver_apiweb
wwwAndrewConnellcom
AndrewConnell
Mapping Objects to Resources
Example REST URLs targeting SharePoint sites
http[]_apiweblists
http[]_apiweblistsgetByTitle(lsquoContacts)
http[]_apiwebgetAvailableWebTemplates(lcid=1033)
wwwAndrewConnellcom
AndrewConnell
Testing REST Calls Through the Browser
wwwAndrewConnellcom
AndrewConnell
Executing REST Queries Through The Browser
wwwAndrewConnellcom
AndrewConnell
Returning ATOM XML vs JSON
Control data format response withACCEPT header
ATOM-PUB (XML) Verbose
Easier to read
ACCEPT = applicationatom+xml
JSON Condensed notation
Smaller payload
ACCEPT = applicationjsonodata=verbose
d __metadata idF05C411B-943E-42A0-A5DF-205F5C75E673 urihttpintranetwingtipcom_apiWebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2) etag0 typeSPList Id0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2 TitleDocuments
ltentry xmlbase=httpintranetwingtipcom_api xmlns=httpwwww3org2005Atom xmlnsd=httpschemasmicrosoftcomado200708dataservices xmlnsm=httpschemasmicrosoftcomado200708dataservicesmetadata metag=ampquot0ampquotgt ltidgthttpintranetwingtipcom_apiWebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2)ltidgt ltcategory term=SPList scheme=httpschemasmicrosoftcomado200708dataservicesscheme gt ltlink rel=edit href=WebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2) gt lttitle gt ltupdatedgt2012-10-05T205347Zltupdatedgt ltauthorgt ltname gt ltauthorgt ltcontent type=applicationxmlgt ltmpropertiesgt ltdTitlegtDocumentsltdTitlegt ltmpropertiesgt ltcontentgtltentrygt
wwwAndrewConnellcom
AndrewConnell
REST Query from Managed Code
Tips for making REST calls from managed codeUse HttpWebRequest amp HttpWebResponseQuery XML using XDocumentDescendantsOr use JSON amp JavascriptSeralizer JSONNET
build requestUri uri = new Uri(siteUrl + _apiweblistsgetByTitle(Documents)ampselect=Title)HttpWebRequest request = WebRequestCreate(uri) as HttpWebRequestrequestCredentials = CredentialCacheDefaultCredentialsrequestAccept = applicationatom+xml send requestHttpWebResponse response = requestGetResponse() as HttpWebResponse use LINQ to XML to get dataXDocument doc = XDocumentLoad(responseGetResponseStream())XNamespace nsDataService = httpschemasmicrosoftcomado200708dataservicesstring title = docDescendants(nsDataService + Title)First()Value
wwwAndrewConnellcom
AndrewConnell
REST Query Using JavaScript amp jQuery
$(onPageLoad) function onPageLoad() $(cmdGetSiteInfo)click(onGetSiteInfo) function onGetSiteInfo() var requestUri = _spPageContextInfowebAbsoluteUrl + _apiWeb$select=Title execute AJAX request jqxhr = $getJSON(requestUri null OnDataReturned) jqxhrerror(onError) function OnDataReturned(data) var odataResults = datad var siteTitle= odataResultsTitle $(results)html(Title + siteTitle) function onError(err) $(results)text(ERROR + JSONstringify(err))
d __metadata idF05C411B-943E-42A0-A5DF-205F5C75E673 urihttpintranetwingtipcom_apiWeb typeSPWeb Id0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2 TitleMy Site Title
wwwAndrewConnellcom
AndrewConnell
Updates and the Form Digest
Updates using REST require Form DigestSpecial value created using cryptographyUsed to protect against replay attackSharePoint pages include control that contains the Form
DigestWeb service clients must acquire Form
Digest separatelyForm Digest can be acquired through
httpsite_vti_binsitesasmx
wwwAndrewConnellcom
AndrewConnell
Creating Lists with Managed Code amp REST
Parse together URL to point to lists collectionAdd X-RequestDigest header with form
digest valueSet HTTP method to POSTCreate body content with new list info
wwwAndrewConnellcom
AndrewConnell
Creating Lists with JavaScript and REST
function onCreateList() var newList = __metadata typeSPList BaseTemplate105 TemplateFeatureId4AE88D99-DBBC-4B9E-95CC-CA3C320A2345 TitleNewListName var requestHeaders = ACCEPTapplicationjson X-RequestDigest$(__REQUESTDIGEST)val() $ajax( url _spPageContextInfowebAbsoluteUrl + _apiweblists type POST contentType applicationjson data JSONstringify(newList) headers requestHeaders success onSuccess error onError )
Create appropriate JavaScript object and convert to JSON format for request body
Get form digest value from control on page
Create request headers for HTTP Request
Send request to Web server using jQuery $ajax function
Convert request body data to string-based JSON object
wwwAndrewConnellcom
AndrewConnell
Querying and Updating Content Using REST
wwwAndrewConnellcom
AndrewConnell
Questions Want to Learn More
SharePoint Courses for Everyone SharePoint 2007 2010 amp 2013 Developers Administrators amp End Users
Get Training How You Like it Hands-On (classroom with hands-on
labs) Online (live webcast with take-away labs)
Private Classes Available for Large Groups
SharePoint Courses for Everyone SharePoint 2007 2010 amp 2013 Developers Administrators amp End Users
Individual Small Business amp Enterprise Plans Monthly or Annual Subscriptions Watch Online amp Offline
Subscribers Have Access to Entire Catalog
wwwCriticalPathTrainingcom
Hands-On amp Virtual Training
wwwPluralsightcom
On-Demand Training
meandrewconnellcom
- Building Apps for SharePoint 2013 Inside and Outside of the Fir
- Slide 2
- Agenda
- SharePoint 2013 Deployment Options
- Overview of the SharePoint App Model
- App Installation Scopes
- SharePoint App Architecture
- Creating SharePoint Hosted amp Cloud-Hosted Apps
- App Web
- Inspecting the AppWeb
- App Shapes
- App Shapes ndash What It Really Is
- Inspecting App Shapes
- Authentication in SharePoint 2013
- User vs App Authentication Flow
- SharePoint 2013 Authentication Flow
- Provider-Hosted Apps amp App Identity
- OAuth 20 Primer
- Windows Azure ACS
- What is a Server-to-Server (S2S) Trust
- Developing Apps that use S2S Trusts
- OAuth amp S2S Trusts
- What You Might Not Be Aware Of 1
- Creating Apps with Identities amp Permissions
- What You Might Not Be Aware Of 2
- The Sandbox Isnrsquot Dead
- App Model Parting Thoughts
- CSOM in SharePoint 2010
- Changes in SharePoint 2013
- What is covered in the new CSOM
- SharePoint 2013 Remote API Architecture
- What About ListDatasvc
- Changes to CSOM in SharePoint 2013
- CSOM using Managed Code
- CSOM using JavaScript
- Programming CSOM with C
- REST URLs in SharePoint 2013
- Mapping Objects to Resources
- Testing REST Calls Through the Browser
- Executing REST Queries Through The Browser
- Returning ATOM XML vs JSON
- REST Query from Managed Code
- REST Query Using JavaScript amp jQuery
- Updates and the Form Digest
- Creating Lists with Managed Code amp REST
- Creating Lists with JavaScript and REST
- Querying and Updating Content Using REST
- Questions Want to Learn More
-
wwwAndrewConnellcom
AndrewConnell
CSOM in SharePoint 2010
CSOM made accessible through clientsvcDirect access to clientsvc not supportedCalls to clientsvc must go through
supported entry pointsSupported entry points
NETSilverlight JavaScript
wwwAndrewConnellcom
AndrewConnell
Changes in SharePoint 2013
clientsvc extended with REST capabilitiesclientsvc now supports direct access from
REST clientsclientsvc accepts HTTP GET PUT POST requestsImplemented in accordance with OData protocol
CSOM extended with new APIsNew APIs for SharePoint Server functionalityNew API for Windows Phone Applications
wwwAndrewConnellcom
AndrewConnell
What is covered in the new CSOM
New APIs with SharePoint Server functionality User Profiles
Search
Taxonomy
Feeds
Publishing
Sharing
Workflow
E-Discovery
IRM
Analytics
Business Data
wwwAndrewConnellcom
AndrewConnell
SharePoint 2013 Remote API Architecture
JavaScript Library
Silverlight Library
Net CLR Library
Custom Client Code
Client
Server
_api is new alias for _vti_binclientsvc
OData
Execute Query
wwwAndrewConnellcom
AndrewConnell
What About ListDatasvc
ListDatasvc added REST support for reading amp writing to SharePoint lists in SharePoint 2010
Still present in SharePoint 2013 but primarily only for backwards capability Existing code wonrsquot break
New development recommendation use new SharePoint 2013 RESTOData API
wwwAndrewConnellcom
AndrewConnell
Changes to CSOM in SharePoint 2013
SharePoint Foundation 2013No significant changes to CSOM beyond REST supportPrimary investment was adding REST to existing API
SharePoint Server 2013New APIs added with CSOM and REST support
wwwAndrewConnellcom
AndrewConnell
CSOM using Managed CodeClientContext cc = new ClientContext(httpclientsidewingtipcom)ccCredentials = CredentialCacheDefaultCredentialsWeb site = ccWebListCollection lists = siteLists load site infoccLoad(site s =gt sTitle)ccExecuteQuery()ConsoleWriteLine(Site Title + siteTitle) create listListCreationInformation newList = new ListCreationInformation()newListTitle = Customers CSOMnewListUrl = ListsCustomers_CSOMnewListQuickLaunchOption = QuickLaunchOptionsOnnewListTemplateType = (int)ListTemplateTypeContactssiteListsAdd(newList) refresh lists collectionccLoad(lists) make round trip to Web server to do all the workccExecuteQuery() foreach (List list in lists) ConsoleWriteLine(listTitle)
wwwAndrewConnellcom
AndrewConnell
CSOM using JavaScriptvar ctxvar webvar lists $(onPageLoad) function onPageLoad() ExecuteOrDelayUntilScriptLoaded(initCSOM spjs) function initCSOM() ctx = SPClientContextget_current() web = ctxget_web() ctxload(web) ctxload(webget_currentUser()) lists = webget_lists() ctxload(lists) ctxexecuteQueryAsync(onDisplaySiteInfo onError) function onDisplaySiteInfo() var siteTitle = webget_title() var siteId = webget_id()toString() var siteUrl = webget_url() var currentUser = webget_currentUser()get_loginName() do something with these values function onError(sender args) alert(JSONstringify(args))
wwwAndrewConnellcom
AndrewConnell
Programming CSOM with C
wwwAndrewConnellcom
AndrewConnell
REST URLs in SharePoint 2013
CSOM URLS can go through _api folderSimplifies URLs that need to be builtRemoves clientsvc file name from URL
You can replace this URLhttpwingtipserver_vti_binclientsvcweb
With this URLhttpwingtipserver_apiweb
wwwAndrewConnellcom
AndrewConnell
Mapping Objects to Resources
Example REST URLs targeting SharePoint sites
http[]_apiweblists
http[]_apiweblistsgetByTitle(lsquoContacts)
http[]_apiwebgetAvailableWebTemplates(lcid=1033)
wwwAndrewConnellcom
AndrewConnell
Testing REST Calls Through the Browser
wwwAndrewConnellcom
AndrewConnell
Executing REST Queries Through The Browser
wwwAndrewConnellcom
AndrewConnell
Returning ATOM XML vs JSON
Control data format response withACCEPT header
ATOM-PUB (XML) Verbose
Easier to read
ACCEPT = applicationatom+xml
JSON Condensed notation
Smaller payload
ACCEPT = applicationjsonodata=verbose
d __metadata idF05C411B-943E-42A0-A5DF-205F5C75E673 urihttpintranetwingtipcom_apiWebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2) etag0 typeSPList Id0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2 TitleDocuments
ltentry xmlbase=httpintranetwingtipcom_api xmlns=httpwwww3org2005Atom xmlnsd=httpschemasmicrosoftcomado200708dataservices xmlnsm=httpschemasmicrosoftcomado200708dataservicesmetadata metag=ampquot0ampquotgt ltidgthttpintranetwingtipcom_apiWebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2)ltidgt ltcategory term=SPList scheme=httpschemasmicrosoftcomado200708dataservicesscheme gt ltlink rel=edit href=WebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2) gt lttitle gt ltupdatedgt2012-10-05T205347Zltupdatedgt ltauthorgt ltname gt ltauthorgt ltcontent type=applicationxmlgt ltmpropertiesgt ltdTitlegtDocumentsltdTitlegt ltmpropertiesgt ltcontentgtltentrygt
wwwAndrewConnellcom
AndrewConnell
REST Query from Managed Code
Tips for making REST calls from managed codeUse HttpWebRequest amp HttpWebResponseQuery XML using XDocumentDescendantsOr use JSON amp JavascriptSeralizer JSONNET
build requestUri uri = new Uri(siteUrl + _apiweblistsgetByTitle(Documents)ampselect=Title)HttpWebRequest request = WebRequestCreate(uri) as HttpWebRequestrequestCredentials = CredentialCacheDefaultCredentialsrequestAccept = applicationatom+xml send requestHttpWebResponse response = requestGetResponse() as HttpWebResponse use LINQ to XML to get dataXDocument doc = XDocumentLoad(responseGetResponseStream())XNamespace nsDataService = httpschemasmicrosoftcomado200708dataservicesstring title = docDescendants(nsDataService + Title)First()Value
wwwAndrewConnellcom
AndrewConnell
REST Query Using JavaScript amp jQuery
$(onPageLoad) function onPageLoad() $(cmdGetSiteInfo)click(onGetSiteInfo) function onGetSiteInfo() var requestUri = _spPageContextInfowebAbsoluteUrl + _apiWeb$select=Title execute AJAX request jqxhr = $getJSON(requestUri null OnDataReturned) jqxhrerror(onError) function OnDataReturned(data) var odataResults = datad var siteTitle= odataResultsTitle $(results)html(Title + siteTitle) function onError(err) $(results)text(ERROR + JSONstringify(err))
d __metadata idF05C411B-943E-42A0-A5DF-205F5C75E673 urihttpintranetwingtipcom_apiWeb typeSPWeb Id0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2 TitleMy Site Title
wwwAndrewConnellcom
AndrewConnell
Updates and the Form Digest
Updates using REST require Form DigestSpecial value created using cryptographyUsed to protect against replay attackSharePoint pages include control that contains the Form
DigestWeb service clients must acquire Form
Digest separatelyForm Digest can be acquired through
httpsite_vti_binsitesasmx
wwwAndrewConnellcom
AndrewConnell
Creating Lists with Managed Code amp REST
Parse together URL to point to lists collectionAdd X-RequestDigest header with form
digest valueSet HTTP method to POSTCreate body content with new list info
wwwAndrewConnellcom
AndrewConnell
Creating Lists with JavaScript and REST
function onCreateList() var newList = __metadata typeSPList BaseTemplate105 TemplateFeatureId4AE88D99-DBBC-4B9E-95CC-CA3C320A2345 TitleNewListName var requestHeaders = ACCEPTapplicationjson X-RequestDigest$(__REQUESTDIGEST)val() $ajax( url _spPageContextInfowebAbsoluteUrl + _apiweblists type POST contentType applicationjson data JSONstringify(newList) headers requestHeaders success onSuccess error onError )
Create appropriate JavaScript object and convert to JSON format for request body
Get form digest value from control on page
Create request headers for HTTP Request
Send request to Web server using jQuery $ajax function
Convert request body data to string-based JSON object
wwwAndrewConnellcom
AndrewConnell
Querying and Updating Content Using REST
wwwAndrewConnellcom
AndrewConnell
Questions Want to Learn More
SharePoint Courses for Everyone SharePoint 2007 2010 amp 2013 Developers Administrators amp End Users
Get Training How You Like it Hands-On (classroom with hands-on
labs) Online (live webcast with take-away labs)
Private Classes Available for Large Groups
SharePoint Courses for Everyone SharePoint 2007 2010 amp 2013 Developers Administrators amp End Users
Individual Small Business amp Enterprise Plans Monthly or Annual Subscriptions Watch Online amp Offline
Subscribers Have Access to Entire Catalog
wwwCriticalPathTrainingcom
Hands-On amp Virtual Training
wwwPluralsightcom
On-Demand Training
meandrewconnellcom
- Building Apps for SharePoint 2013 Inside and Outside of the Fir
- Slide 2
- Agenda
- SharePoint 2013 Deployment Options
- Overview of the SharePoint App Model
- App Installation Scopes
- SharePoint App Architecture
- Creating SharePoint Hosted amp Cloud-Hosted Apps
- App Web
- Inspecting the AppWeb
- App Shapes
- App Shapes ndash What It Really Is
- Inspecting App Shapes
- Authentication in SharePoint 2013
- User vs App Authentication Flow
- SharePoint 2013 Authentication Flow
- Provider-Hosted Apps amp App Identity
- OAuth 20 Primer
- Windows Azure ACS
- What is a Server-to-Server (S2S) Trust
- Developing Apps that use S2S Trusts
- OAuth amp S2S Trusts
- What You Might Not Be Aware Of 1
- Creating Apps with Identities amp Permissions
- What You Might Not Be Aware Of 2
- The Sandbox Isnrsquot Dead
- App Model Parting Thoughts
- CSOM in SharePoint 2010
- Changes in SharePoint 2013
- What is covered in the new CSOM
- SharePoint 2013 Remote API Architecture
- What About ListDatasvc
- Changes to CSOM in SharePoint 2013
- CSOM using Managed Code
- CSOM using JavaScript
- Programming CSOM with C
- REST URLs in SharePoint 2013
- Mapping Objects to Resources
- Testing REST Calls Through the Browser
- Executing REST Queries Through The Browser
- Returning ATOM XML vs JSON
- REST Query from Managed Code
- REST Query Using JavaScript amp jQuery
- Updates and the Form Digest
- Creating Lists with Managed Code amp REST
- Creating Lists with JavaScript and REST
- Querying and Updating Content Using REST
- Questions Want to Learn More
-
wwwAndrewConnellcom
AndrewConnell
Changes in SharePoint 2013
clientsvc extended with REST capabilitiesclientsvc now supports direct access from
REST clientsclientsvc accepts HTTP GET PUT POST requestsImplemented in accordance with OData protocol
CSOM extended with new APIsNew APIs for SharePoint Server functionalityNew API for Windows Phone Applications
wwwAndrewConnellcom
AndrewConnell
What is covered in the new CSOM
New APIs with SharePoint Server functionality User Profiles
Search
Taxonomy
Feeds
Publishing
Sharing
Workflow
E-Discovery
IRM
Analytics
Business Data
wwwAndrewConnellcom
AndrewConnell
SharePoint 2013 Remote API Architecture
JavaScript Library
Silverlight Library
Net CLR Library
Custom Client Code
Client
Server
_api is new alias for _vti_binclientsvc
OData
Execute Query
wwwAndrewConnellcom
AndrewConnell
What About ListDatasvc
ListDatasvc added REST support for reading amp writing to SharePoint lists in SharePoint 2010
Still present in SharePoint 2013 but primarily only for backwards capability Existing code wonrsquot break
New development recommendation use new SharePoint 2013 RESTOData API
wwwAndrewConnellcom
AndrewConnell
Changes to CSOM in SharePoint 2013
SharePoint Foundation 2013No significant changes to CSOM beyond REST supportPrimary investment was adding REST to existing API
SharePoint Server 2013New APIs added with CSOM and REST support
wwwAndrewConnellcom
AndrewConnell
CSOM using Managed CodeClientContext cc = new ClientContext(httpclientsidewingtipcom)ccCredentials = CredentialCacheDefaultCredentialsWeb site = ccWebListCollection lists = siteLists load site infoccLoad(site s =gt sTitle)ccExecuteQuery()ConsoleWriteLine(Site Title + siteTitle) create listListCreationInformation newList = new ListCreationInformation()newListTitle = Customers CSOMnewListUrl = ListsCustomers_CSOMnewListQuickLaunchOption = QuickLaunchOptionsOnnewListTemplateType = (int)ListTemplateTypeContactssiteListsAdd(newList) refresh lists collectionccLoad(lists) make round trip to Web server to do all the workccExecuteQuery() foreach (List list in lists) ConsoleWriteLine(listTitle)
wwwAndrewConnellcom
AndrewConnell
CSOM using JavaScriptvar ctxvar webvar lists $(onPageLoad) function onPageLoad() ExecuteOrDelayUntilScriptLoaded(initCSOM spjs) function initCSOM() ctx = SPClientContextget_current() web = ctxget_web() ctxload(web) ctxload(webget_currentUser()) lists = webget_lists() ctxload(lists) ctxexecuteQueryAsync(onDisplaySiteInfo onError) function onDisplaySiteInfo() var siteTitle = webget_title() var siteId = webget_id()toString() var siteUrl = webget_url() var currentUser = webget_currentUser()get_loginName() do something with these values function onError(sender args) alert(JSONstringify(args))
wwwAndrewConnellcom
AndrewConnell
Programming CSOM with C
wwwAndrewConnellcom
AndrewConnell
REST URLs in SharePoint 2013
CSOM URLS can go through _api folderSimplifies URLs that need to be builtRemoves clientsvc file name from URL
You can replace this URLhttpwingtipserver_vti_binclientsvcweb
With this URLhttpwingtipserver_apiweb
wwwAndrewConnellcom
AndrewConnell
Mapping Objects to Resources
Example REST URLs targeting SharePoint sites
http[]_apiweblists
http[]_apiweblistsgetByTitle(lsquoContacts)
http[]_apiwebgetAvailableWebTemplates(lcid=1033)
wwwAndrewConnellcom
AndrewConnell
Testing REST Calls Through the Browser
wwwAndrewConnellcom
AndrewConnell
Executing REST Queries Through The Browser
wwwAndrewConnellcom
AndrewConnell
Returning ATOM XML vs JSON
Control data format response withACCEPT header
ATOM-PUB (XML) Verbose
Easier to read
ACCEPT = applicationatom+xml
JSON Condensed notation
Smaller payload
ACCEPT = applicationjsonodata=verbose
d __metadata idF05C411B-943E-42A0-A5DF-205F5C75E673 urihttpintranetwingtipcom_apiWebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2) etag0 typeSPList Id0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2 TitleDocuments
ltentry xmlbase=httpintranetwingtipcom_api xmlns=httpwwww3org2005Atom xmlnsd=httpschemasmicrosoftcomado200708dataservices xmlnsm=httpschemasmicrosoftcomado200708dataservicesmetadata metag=ampquot0ampquotgt ltidgthttpintranetwingtipcom_apiWebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2)ltidgt ltcategory term=SPList scheme=httpschemasmicrosoftcomado200708dataservicesscheme gt ltlink rel=edit href=WebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2) gt lttitle gt ltupdatedgt2012-10-05T205347Zltupdatedgt ltauthorgt ltname gt ltauthorgt ltcontent type=applicationxmlgt ltmpropertiesgt ltdTitlegtDocumentsltdTitlegt ltmpropertiesgt ltcontentgtltentrygt
wwwAndrewConnellcom
AndrewConnell
REST Query from Managed Code
Tips for making REST calls from managed codeUse HttpWebRequest amp HttpWebResponseQuery XML using XDocumentDescendantsOr use JSON amp JavascriptSeralizer JSONNET
build requestUri uri = new Uri(siteUrl + _apiweblistsgetByTitle(Documents)ampselect=Title)HttpWebRequest request = WebRequestCreate(uri) as HttpWebRequestrequestCredentials = CredentialCacheDefaultCredentialsrequestAccept = applicationatom+xml send requestHttpWebResponse response = requestGetResponse() as HttpWebResponse use LINQ to XML to get dataXDocument doc = XDocumentLoad(responseGetResponseStream())XNamespace nsDataService = httpschemasmicrosoftcomado200708dataservicesstring title = docDescendants(nsDataService + Title)First()Value
wwwAndrewConnellcom
AndrewConnell
REST Query Using JavaScript amp jQuery
$(onPageLoad) function onPageLoad() $(cmdGetSiteInfo)click(onGetSiteInfo) function onGetSiteInfo() var requestUri = _spPageContextInfowebAbsoluteUrl + _apiWeb$select=Title execute AJAX request jqxhr = $getJSON(requestUri null OnDataReturned) jqxhrerror(onError) function OnDataReturned(data) var odataResults = datad var siteTitle= odataResultsTitle $(results)html(Title + siteTitle) function onError(err) $(results)text(ERROR + JSONstringify(err))
d __metadata idF05C411B-943E-42A0-A5DF-205F5C75E673 urihttpintranetwingtipcom_apiWeb typeSPWeb Id0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2 TitleMy Site Title
wwwAndrewConnellcom
AndrewConnell
Updates and the Form Digest
Updates using REST require Form DigestSpecial value created using cryptographyUsed to protect against replay attackSharePoint pages include control that contains the Form
DigestWeb service clients must acquire Form
Digest separatelyForm Digest can be acquired through
httpsite_vti_binsitesasmx
wwwAndrewConnellcom
AndrewConnell
Creating Lists with Managed Code amp REST
Parse together URL to point to lists collectionAdd X-RequestDigest header with form
digest valueSet HTTP method to POSTCreate body content with new list info
wwwAndrewConnellcom
AndrewConnell
Creating Lists with JavaScript and REST
function onCreateList() var newList = __metadata typeSPList BaseTemplate105 TemplateFeatureId4AE88D99-DBBC-4B9E-95CC-CA3C320A2345 TitleNewListName var requestHeaders = ACCEPTapplicationjson X-RequestDigest$(__REQUESTDIGEST)val() $ajax( url _spPageContextInfowebAbsoluteUrl + _apiweblists type POST contentType applicationjson data JSONstringify(newList) headers requestHeaders success onSuccess error onError )
Create appropriate JavaScript object and convert to JSON format for request body
Get form digest value from control on page
Create request headers for HTTP Request
Send request to Web server using jQuery $ajax function
Convert request body data to string-based JSON object
wwwAndrewConnellcom
AndrewConnell
Querying and Updating Content Using REST
wwwAndrewConnellcom
AndrewConnell
Questions Want to Learn More
SharePoint Courses for Everyone SharePoint 2007 2010 amp 2013 Developers Administrators amp End Users
Get Training How You Like it Hands-On (classroom with hands-on
labs) Online (live webcast with take-away labs)
Private Classes Available for Large Groups
SharePoint Courses for Everyone SharePoint 2007 2010 amp 2013 Developers Administrators amp End Users
Individual Small Business amp Enterprise Plans Monthly or Annual Subscriptions Watch Online amp Offline
Subscribers Have Access to Entire Catalog
wwwCriticalPathTrainingcom
Hands-On amp Virtual Training
wwwPluralsightcom
On-Demand Training
meandrewconnellcom
- Building Apps for SharePoint 2013 Inside and Outside of the Fir
- Slide 2
- Agenda
- SharePoint 2013 Deployment Options
- Overview of the SharePoint App Model
- App Installation Scopes
- SharePoint App Architecture
- Creating SharePoint Hosted amp Cloud-Hosted Apps
- App Web
- Inspecting the AppWeb
- App Shapes
- App Shapes ndash What It Really Is
- Inspecting App Shapes
- Authentication in SharePoint 2013
- User vs App Authentication Flow
- SharePoint 2013 Authentication Flow
- Provider-Hosted Apps amp App Identity
- OAuth 20 Primer
- Windows Azure ACS
- What is a Server-to-Server (S2S) Trust
- Developing Apps that use S2S Trusts
- OAuth amp S2S Trusts
- What You Might Not Be Aware Of 1
- Creating Apps with Identities amp Permissions
- What You Might Not Be Aware Of 2
- The Sandbox Isnrsquot Dead
- App Model Parting Thoughts
- CSOM in SharePoint 2010
- Changes in SharePoint 2013
- What is covered in the new CSOM
- SharePoint 2013 Remote API Architecture
- What About ListDatasvc
- Changes to CSOM in SharePoint 2013
- CSOM using Managed Code
- CSOM using JavaScript
- Programming CSOM with C
- REST URLs in SharePoint 2013
- Mapping Objects to Resources
- Testing REST Calls Through the Browser
- Executing REST Queries Through The Browser
- Returning ATOM XML vs JSON
- REST Query from Managed Code
- REST Query Using JavaScript amp jQuery
- Updates and the Form Digest
- Creating Lists with Managed Code amp REST
- Creating Lists with JavaScript and REST
- Querying and Updating Content Using REST
- Questions Want to Learn More
-
wwwAndrewConnellcom
AndrewConnell
What is covered in the new CSOM
New APIs with SharePoint Server functionality User Profiles
Search
Taxonomy
Feeds
Publishing
Sharing
Workflow
E-Discovery
IRM
Analytics
Business Data
wwwAndrewConnellcom
AndrewConnell
SharePoint 2013 Remote API Architecture
JavaScript Library
Silverlight Library
Net CLR Library
Custom Client Code
Client
Server
_api is new alias for _vti_binclientsvc
OData
Execute Query
wwwAndrewConnellcom
AndrewConnell
What About ListDatasvc
ListDatasvc added REST support for reading amp writing to SharePoint lists in SharePoint 2010
Still present in SharePoint 2013 but primarily only for backwards capability Existing code wonrsquot break
New development recommendation use new SharePoint 2013 RESTOData API
wwwAndrewConnellcom
AndrewConnell
Changes to CSOM in SharePoint 2013
SharePoint Foundation 2013No significant changes to CSOM beyond REST supportPrimary investment was adding REST to existing API
SharePoint Server 2013New APIs added with CSOM and REST support
wwwAndrewConnellcom
AndrewConnell
CSOM using Managed CodeClientContext cc = new ClientContext(httpclientsidewingtipcom)ccCredentials = CredentialCacheDefaultCredentialsWeb site = ccWebListCollection lists = siteLists load site infoccLoad(site s =gt sTitle)ccExecuteQuery()ConsoleWriteLine(Site Title + siteTitle) create listListCreationInformation newList = new ListCreationInformation()newListTitle = Customers CSOMnewListUrl = ListsCustomers_CSOMnewListQuickLaunchOption = QuickLaunchOptionsOnnewListTemplateType = (int)ListTemplateTypeContactssiteListsAdd(newList) refresh lists collectionccLoad(lists) make round trip to Web server to do all the workccExecuteQuery() foreach (List list in lists) ConsoleWriteLine(listTitle)
wwwAndrewConnellcom
AndrewConnell
CSOM using JavaScriptvar ctxvar webvar lists $(onPageLoad) function onPageLoad() ExecuteOrDelayUntilScriptLoaded(initCSOM spjs) function initCSOM() ctx = SPClientContextget_current() web = ctxget_web() ctxload(web) ctxload(webget_currentUser()) lists = webget_lists() ctxload(lists) ctxexecuteQueryAsync(onDisplaySiteInfo onError) function onDisplaySiteInfo() var siteTitle = webget_title() var siteId = webget_id()toString() var siteUrl = webget_url() var currentUser = webget_currentUser()get_loginName() do something with these values function onError(sender args) alert(JSONstringify(args))
wwwAndrewConnellcom
AndrewConnell
Programming CSOM with C
wwwAndrewConnellcom
AndrewConnell
REST URLs in SharePoint 2013
CSOM URLS can go through _api folderSimplifies URLs that need to be builtRemoves clientsvc file name from URL
You can replace this URLhttpwingtipserver_vti_binclientsvcweb
With this URLhttpwingtipserver_apiweb
wwwAndrewConnellcom
AndrewConnell
Mapping Objects to Resources
Example REST URLs targeting SharePoint sites
http[]_apiweblists
http[]_apiweblistsgetByTitle(lsquoContacts)
http[]_apiwebgetAvailableWebTemplates(lcid=1033)
wwwAndrewConnellcom
AndrewConnell
Testing REST Calls Through the Browser
wwwAndrewConnellcom
AndrewConnell
Executing REST Queries Through The Browser
wwwAndrewConnellcom
AndrewConnell
Returning ATOM XML vs JSON
Control data format response withACCEPT header
ATOM-PUB (XML) Verbose
Easier to read
ACCEPT = applicationatom+xml
JSON Condensed notation
Smaller payload
ACCEPT = applicationjsonodata=verbose
d __metadata idF05C411B-943E-42A0-A5DF-205F5C75E673 urihttpintranetwingtipcom_apiWebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2) etag0 typeSPList Id0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2 TitleDocuments
ltentry xmlbase=httpintranetwingtipcom_api xmlns=httpwwww3org2005Atom xmlnsd=httpschemasmicrosoftcomado200708dataservices xmlnsm=httpschemasmicrosoftcomado200708dataservicesmetadata metag=ampquot0ampquotgt ltidgthttpintranetwingtipcom_apiWebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2)ltidgt ltcategory term=SPList scheme=httpschemasmicrosoftcomado200708dataservicesscheme gt ltlink rel=edit href=WebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2) gt lttitle gt ltupdatedgt2012-10-05T205347Zltupdatedgt ltauthorgt ltname gt ltauthorgt ltcontent type=applicationxmlgt ltmpropertiesgt ltdTitlegtDocumentsltdTitlegt ltmpropertiesgt ltcontentgtltentrygt
wwwAndrewConnellcom
AndrewConnell
REST Query from Managed Code
Tips for making REST calls from managed codeUse HttpWebRequest amp HttpWebResponseQuery XML using XDocumentDescendantsOr use JSON amp JavascriptSeralizer JSONNET
build requestUri uri = new Uri(siteUrl + _apiweblistsgetByTitle(Documents)ampselect=Title)HttpWebRequest request = WebRequestCreate(uri) as HttpWebRequestrequestCredentials = CredentialCacheDefaultCredentialsrequestAccept = applicationatom+xml send requestHttpWebResponse response = requestGetResponse() as HttpWebResponse use LINQ to XML to get dataXDocument doc = XDocumentLoad(responseGetResponseStream())XNamespace nsDataService = httpschemasmicrosoftcomado200708dataservicesstring title = docDescendants(nsDataService + Title)First()Value
wwwAndrewConnellcom
AndrewConnell
REST Query Using JavaScript amp jQuery
$(onPageLoad) function onPageLoad() $(cmdGetSiteInfo)click(onGetSiteInfo) function onGetSiteInfo() var requestUri = _spPageContextInfowebAbsoluteUrl + _apiWeb$select=Title execute AJAX request jqxhr = $getJSON(requestUri null OnDataReturned) jqxhrerror(onError) function OnDataReturned(data) var odataResults = datad var siteTitle= odataResultsTitle $(results)html(Title + siteTitle) function onError(err) $(results)text(ERROR + JSONstringify(err))
d __metadata idF05C411B-943E-42A0-A5DF-205F5C75E673 urihttpintranetwingtipcom_apiWeb typeSPWeb Id0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2 TitleMy Site Title
wwwAndrewConnellcom
AndrewConnell
Updates and the Form Digest
Updates using REST require Form DigestSpecial value created using cryptographyUsed to protect against replay attackSharePoint pages include control that contains the Form
DigestWeb service clients must acquire Form
Digest separatelyForm Digest can be acquired through
httpsite_vti_binsitesasmx
wwwAndrewConnellcom
AndrewConnell
Creating Lists with Managed Code amp REST
Parse together URL to point to lists collectionAdd X-RequestDigest header with form
digest valueSet HTTP method to POSTCreate body content with new list info
wwwAndrewConnellcom
AndrewConnell
Creating Lists with JavaScript and REST
function onCreateList() var newList = __metadata typeSPList BaseTemplate105 TemplateFeatureId4AE88D99-DBBC-4B9E-95CC-CA3C320A2345 TitleNewListName var requestHeaders = ACCEPTapplicationjson X-RequestDigest$(__REQUESTDIGEST)val() $ajax( url _spPageContextInfowebAbsoluteUrl + _apiweblists type POST contentType applicationjson data JSONstringify(newList) headers requestHeaders success onSuccess error onError )
Create appropriate JavaScript object and convert to JSON format for request body
Get form digest value from control on page
Create request headers for HTTP Request
Send request to Web server using jQuery $ajax function
Convert request body data to string-based JSON object
wwwAndrewConnellcom
AndrewConnell
Querying and Updating Content Using REST
wwwAndrewConnellcom
AndrewConnell
Questions Want to Learn More
SharePoint Courses for Everyone SharePoint 2007 2010 amp 2013 Developers Administrators amp End Users
Get Training How You Like it Hands-On (classroom with hands-on
labs) Online (live webcast with take-away labs)
Private Classes Available for Large Groups
SharePoint Courses for Everyone SharePoint 2007 2010 amp 2013 Developers Administrators amp End Users
Individual Small Business amp Enterprise Plans Monthly or Annual Subscriptions Watch Online amp Offline
Subscribers Have Access to Entire Catalog
wwwCriticalPathTrainingcom
Hands-On amp Virtual Training
wwwPluralsightcom
On-Demand Training
meandrewconnellcom
- Building Apps for SharePoint 2013 Inside and Outside of the Fir
- Slide 2
- Agenda
- SharePoint 2013 Deployment Options
- Overview of the SharePoint App Model
- App Installation Scopes
- SharePoint App Architecture
- Creating SharePoint Hosted amp Cloud-Hosted Apps
- App Web
- Inspecting the AppWeb
- App Shapes
- App Shapes ndash What It Really Is
- Inspecting App Shapes
- Authentication in SharePoint 2013
- User vs App Authentication Flow
- SharePoint 2013 Authentication Flow
- Provider-Hosted Apps amp App Identity
- OAuth 20 Primer
- Windows Azure ACS
- What is a Server-to-Server (S2S) Trust
- Developing Apps that use S2S Trusts
- OAuth amp S2S Trusts
- What You Might Not Be Aware Of 1
- Creating Apps with Identities amp Permissions
- What You Might Not Be Aware Of 2
- The Sandbox Isnrsquot Dead
- App Model Parting Thoughts
- CSOM in SharePoint 2010
- Changes in SharePoint 2013
- What is covered in the new CSOM
- SharePoint 2013 Remote API Architecture
- What About ListDatasvc
- Changes to CSOM in SharePoint 2013
- CSOM using Managed Code
- CSOM using JavaScript
- Programming CSOM with C
- REST URLs in SharePoint 2013
- Mapping Objects to Resources
- Testing REST Calls Through the Browser
- Executing REST Queries Through The Browser
- Returning ATOM XML vs JSON
- REST Query from Managed Code
- REST Query Using JavaScript amp jQuery
- Updates and the Form Digest
- Creating Lists with Managed Code amp REST
- Creating Lists with JavaScript and REST
- Querying and Updating Content Using REST
- Questions Want to Learn More
-
wwwAndrewConnellcom
AndrewConnell
SharePoint 2013 Remote API Architecture
JavaScript Library
Silverlight Library
Net CLR Library
Custom Client Code
Client
Server
_api is new alias for _vti_binclientsvc
OData
Execute Query
wwwAndrewConnellcom
AndrewConnell
What About ListDatasvc
ListDatasvc added REST support for reading amp writing to SharePoint lists in SharePoint 2010
Still present in SharePoint 2013 but primarily only for backwards capability Existing code wonrsquot break
New development recommendation use new SharePoint 2013 RESTOData API
wwwAndrewConnellcom
AndrewConnell
Changes to CSOM in SharePoint 2013
SharePoint Foundation 2013No significant changes to CSOM beyond REST supportPrimary investment was adding REST to existing API
SharePoint Server 2013New APIs added with CSOM and REST support
wwwAndrewConnellcom
AndrewConnell
CSOM using Managed CodeClientContext cc = new ClientContext(httpclientsidewingtipcom)ccCredentials = CredentialCacheDefaultCredentialsWeb site = ccWebListCollection lists = siteLists load site infoccLoad(site s =gt sTitle)ccExecuteQuery()ConsoleWriteLine(Site Title + siteTitle) create listListCreationInformation newList = new ListCreationInformation()newListTitle = Customers CSOMnewListUrl = ListsCustomers_CSOMnewListQuickLaunchOption = QuickLaunchOptionsOnnewListTemplateType = (int)ListTemplateTypeContactssiteListsAdd(newList) refresh lists collectionccLoad(lists) make round trip to Web server to do all the workccExecuteQuery() foreach (List list in lists) ConsoleWriteLine(listTitle)
wwwAndrewConnellcom
AndrewConnell
CSOM using JavaScriptvar ctxvar webvar lists $(onPageLoad) function onPageLoad() ExecuteOrDelayUntilScriptLoaded(initCSOM spjs) function initCSOM() ctx = SPClientContextget_current() web = ctxget_web() ctxload(web) ctxload(webget_currentUser()) lists = webget_lists() ctxload(lists) ctxexecuteQueryAsync(onDisplaySiteInfo onError) function onDisplaySiteInfo() var siteTitle = webget_title() var siteId = webget_id()toString() var siteUrl = webget_url() var currentUser = webget_currentUser()get_loginName() do something with these values function onError(sender args) alert(JSONstringify(args))
wwwAndrewConnellcom
AndrewConnell
Programming CSOM with C
wwwAndrewConnellcom
AndrewConnell
REST URLs in SharePoint 2013
CSOM URLS can go through _api folderSimplifies URLs that need to be builtRemoves clientsvc file name from URL
You can replace this URLhttpwingtipserver_vti_binclientsvcweb
With this URLhttpwingtipserver_apiweb
wwwAndrewConnellcom
AndrewConnell
Mapping Objects to Resources
Example REST URLs targeting SharePoint sites
http[]_apiweblists
http[]_apiweblistsgetByTitle(lsquoContacts)
http[]_apiwebgetAvailableWebTemplates(lcid=1033)
wwwAndrewConnellcom
AndrewConnell
Testing REST Calls Through the Browser
wwwAndrewConnellcom
AndrewConnell
Executing REST Queries Through The Browser
wwwAndrewConnellcom
AndrewConnell
Returning ATOM XML vs JSON
Control data format response withACCEPT header
ATOM-PUB (XML) Verbose
Easier to read
ACCEPT = applicationatom+xml
JSON Condensed notation
Smaller payload
ACCEPT = applicationjsonodata=verbose
d __metadata idF05C411B-943E-42A0-A5DF-205F5C75E673 urihttpintranetwingtipcom_apiWebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2) etag0 typeSPList Id0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2 TitleDocuments
ltentry xmlbase=httpintranetwingtipcom_api xmlns=httpwwww3org2005Atom xmlnsd=httpschemasmicrosoftcomado200708dataservices xmlnsm=httpschemasmicrosoftcomado200708dataservicesmetadata metag=ampquot0ampquotgt ltidgthttpintranetwingtipcom_apiWebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2)ltidgt ltcategory term=SPList scheme=httpschemasmicrosoftcomado200708dataservicesscheme gt ltlink rel=edit href=WebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2) gt lttitle gt ltupdatedgt2012-10-05T205347Zltupdatedgt ltauthorgt ltname gt ltauthorgt ltcontent type=applicationxmlgt ltmpropertiesgt ltdTitlegtDocumentsltdTitlegt ltmpropertiesgt ltcontentgtltentrygt
wwwAndrewConnellcom
AndrewConnell
REST Query from Managed Code
Tips for making REST calls from managed codeUse HttpWebRequest amp HttpWebResponseQuery XML using XDocumentDescendantsOr use JSON amp JavascriptSeralizer JSONNET
build requestUri uri = new Uri(siteUrl + _apiweblistsgetByTitle(Documents)ampselect=Title)HttpWebRequest request = WebRequestCreate(uri) as HttpWebRequestrequestCredentials = CredentialCacheDefaultCredentialsrequestAccept = applicationatom+xml send requestHttpWebResponse response = requestGetResponse() as HttpWebResponse use LINQ to XML to get dataXDocument doc = XDocumentLoad(responseGetResponseStream())XNamespace nsDataService = httpschemasmicrosoftcomado200708dataservicesstring title = docDescendants(nsDataService + Title)First()Value
wwwAndrewConnellcom
AndrewConnell
REST Query Using JavaScript amp jQuery
$(onPageLoad) function onPageLoad() $(cmdGetSiteInfo)click(onGetSiteInfo) function onGetSiteInfo() var requestUri = _spPageContextInfowebAbsoluteUrl + _apiWeb$select=Title execute AJAX request jqxhr = $getJSON(requestUri null OnDataReturned) jqxhrerror(onError) function OnDataReturned(data) var odataResults = datad var siteTitle= odataResultsTitle $(results)html(Title + siteTitle) function onError(err) $(results)text(ERROR + JSONstringify(err))
d __metadata idF05C411B-943E-42A0-A5DF-205F5C75E673 urihttpintranetwingtipcom_apiWeb typeSPWeb Id0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2 TitleMy Site Title
wwwAndrewConnellcom
AndrewConnell
Updates and the Form Digest
Updates using REST require Form DigestSpecial value created using cryptographyUsed to protect against replay attackSharePoint pages include control that contains the Form
DigestWeb service clients must acquire Form
Digest separatelyForm Digest can be acquired through
httpsite_vti_binsitesasmx
wwwAndrewConnellcom
AndrewConnell
Creating Lists with Managed Code amp REST
Parse together URL to point to lists collectionAdd X-RequestDigest header with form
digest valueSet HTTP method to POSTCreate body content with new list info
wwwAndrewConnellcom
AndrewConnell
Creating Lists with JavaScript and REST
function onCreateList() var newList = __metadata typeSPList BaseTemplate105 TemplateFeatureId4AE88D99-DBBC-4B9E-95CC-CA3C320A2345 TitleNewListName var requestHeaders = ACCEPTapplicationjson X-RequestDigest$(__REQUESTDIGEST)val() $ajax( url _spPageContextInfowebAbsoluteUrl + _apiweblists type POST contentType applicationjson data JSONstringify(newList) headers requestHeaders success onSuccess error onError )
Create appropriate JavaScript object and convert to JSON format for request body
Get form digest value from control on page
Create request headers for HTTP Request
Send request to Web server using jQuery $ajax function
Convert request body data to string-based JSON object
wwwAndrewConnellcom
AndrewConnell
Querying and Updating Content Using REST
wwwAndrewConnellcom
AndrewConnell
Questions Want to Learn More
SharePoint Courses for Everyone SharePoint 2007 2010 amp 2013 Developers Administrators amp End Users
Get Training How You Like it Hands-On (classroom with hands-on
labs) Online (live webcast with take-away labs)
Private Classes Available for Large Groups
SharePoint Courses for Everyone SharePoint 2007 2010 amp 2013 Developers Administrators amp End Users
Individual Small Business amp Enterprise Plans Monthly or Annual Subscriptions Watch Online amp Offline
Subscribers Have Access to Entire Catalog
wwwCriticalPathTrainingcom
Hands-On amp Virtual Training
wwwPluralsightcom
On-Demand Training
meandrewconnellcom
- Building Apps for SharePoint 2013 Inside and Outside of the Fir
- Slide 2
- Agenda
- SharePoint 2013 Deployment Options
- Overview of the SharePoint App Model
- App Installation Scopes
- SharePoint App Architecture
- Creating SharePoint Hosted amp Cloud-Hosted Apps
- App Web
- Inspecting the AppWeb
- App Shapes
- App Shapes ndash What It Really Is
- Inspecting App Shapes
- Authentication in SharePoint 2013
- User vs App Authentication Flow
- SharePoint 2013 Authentication Flow
- Provider-Hosted Apps amp App Identity
- OAuth 20 Primer
- Windows Azure ACS
- What is a Server-to-Server (S2S) Trust
- Developing Apps that use S2S Trusts
- OAuth amp S2S Trusts
- What You Might Not Be Aware Of 1
- Creating Apps with Identities amp Permissions
- What You Might Not Be Aware Of 2
- The Sandbox Isnrsquot Dead
- App Model Parting Thoughts
- CSOM in SharePoint 2010
- Changes in SharePoint 2013
- What is covered in the new CSOM
- SharePoint 2013 Remote API Architecture
- What About ListDatasvc
- Changes to CSOM in SharePoint 2013
- CSOM using Managed Code
- CSOM using JavaScript
- Programming CSOM with C
- REST URLs in SharePoint 2013
- Mapping Objects to Resources
- Testing REST Calls Through the Browser
- Executing REST Queries Through The Browser
- Returning ATOM XML vs JSON
- REST Query from Managed Code
- REST Query Using JavaScript amp jQuery
- Updates and the Form Digest
- Creating Lists with Managed Code amp REST
- Creating Lists with JavaScript and REST
- Querying and Updating Content Using REST
- Questions Want to Learn More
-
wwwAndrewConnellcom
AndrewConnell
What About ListDatasvc
ListDatasvc added REST support for reading amp writing to SharePoint lists in SharePoint 2010
Still present in SharePoint 2013 but primarily only for backwards capability Existing code wonrsquot break
New development recommendation use new SharePoint 2013 RESTOData API
wwwAndrewConnellcom
AndrewConnell
Changes to CSOM in SharePoint 2013
SharePoint Foundation 2013No significant changes to CSOM beyond REST supportPrimary investment was adding REST to existing API
SharePoint Server 2013New APIs added with CSOM and REST support
wwwAndrewConnellcom
AndrewConnell
CSOM using Managed CodeClientContext cc = new ClientContext(httpclientsidewingtipcom)ccCredentials = CredentialCacheDefaultCredentialsWeb site = ccWebListCollection lists = siteLists load site infoccLoad(site s =gt sTitle)ccExecuteQuery()ConsoleWriteLine(Site Title + siteTitle) create listListCreationInformation newList = new ListCreationInformation()newListTitle = Customers CSOMnewListUrl = ListsCustomers_CSOMnewListQuickLaunchOption = QuickLaunchOptionsOnnewListTemplateType = (int)ListTemplateTypeContactssiteListsAdd(newList) refresh lists collectionccLoad(lists) make round trip to Web server to do all the workccExecuteQuery() foreach (List list in lists) ConsoleWriteLine(listTitle)
wwwAndrewConnellcom
AndrewConnell
CSOM using JavaScriptvar ctxvar webvar lists $(onPageLoad) function onPageLoad() ExecuteOrDelayUntilScriptLoaded(initCSOM spjs) function initCSOM() ctx = SPClientContextget_current() web = ctxget_web() ctxload(web) ctxload(webget_currentUser()) lists = webget_lists() ctxload(lists) ctxexecuteQueryAsync(onDisplaySiteInfo onError) function onDisplaySiteInfo() var siteTitle = webget_title() var siteId = webget_id()toString() var siteUrl = webget_url() var currentUser = webget_currentUser()get_loginName() do something with these values function onError(sender args) alert(JSONstringify(args))
wwwAndrewConnellcom
AndrewConnell
Programming CSOM with C
wwwAndrewConnellcom
AndrewConnell
REST URLs in SharePoint 2013
CSOM URLS can go through _api folderSimplifies URLs that need to be builtRemoves clientsvc file name from URL
You can replace this URLhttpwingtipserver_vti_binclientsvcweb
With this URLhttpwingtipserver_apiweb
wwwAndrewConnellcom
AndrewConnell
Mapping Objects to Resources
Example REST URLs targeting SharePoint sites
http[]_apiweblists
http[]_apiweblistsgetByTitle(lsquoContacts)
http[]_apiwebgetAvailableWebTemplates(lcid=1033)
wwwAndrewConnellcom
AndrewConnell
Testing REST Calls Through the Browser
wwwAndrewConnellcom
AndrewConnell
Executing REST Queries Through The Browser
wwwAndrewConnellcom
AndrewConnell
Returning ATOM XML vs JSON
Control data format response withACCEPT header
ATOM-PUB (XML) Verbose
Easier to read
ACCEPT = applicationatom+xml
JSON Condensed notation
Smaller payload
ACCEPT = applicationjsonodata=verbose
d __metadata idF05C411B-943E-42A0-A5DF-205F5C75E673 urihttpintranetwingtipcom_apiWebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2) etag0 typeSPList Id0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2 TitleDocuments
ltentry xmlbase=httpintranetwingtipcom_api xmlns=httpwwww3org2005Atom xmlnsd=httpschemasmicrosoftcomado200708dataservices xmlnsm=httpschemasmicrosoftcomado200708dataservicesmetadata metag=ampquot0ampquotgt ltidgthttpintranetwingtipcom_apiWebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2)ltidgt ltcategory term=SPList scheme=httpschemasmicrosoftcomado200708dataservicesscheme gt ltlink rel=edit href=WebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2) gt lttitle gt ltupdatedgt2012-10-05T205347Zltupdatedgt ltauthorgt ltname gt ltauthorgt ltcontent type=applicationxmlgt ltmpropertiesgt ltdTitlegtDocumentsltdTitlegt ltmpropertiesgt ltcontentgtltentrygt
wwwAndrewConnellcom
AndrewConnell
REST Query from Managed Code
Tips for making REST calls from managed codeUse HttpWebRequest amp HttpWebResponseQuery XML using XDocumentDescendantsOr use JSON amp JavascriptSeralizer JSONNET
build requestUri uri = new Uri(siteUrl + _apiweblistsgetByTitle(Documents)ampselect=Title)HttpWebRequest request = WebRequestCreate(uri) as HttpWebRequestrequestCredentials = CredentialCacheDefaultCredentialsrequestAccept = applicationatom+xml send requestHttpWebResponse response = requestGetResponse() as HttpWebResponse use LINQ to XML to get dataXDocument doc = XDocumentLoad(responseGetResponseStream())XNamespace nsDataService = httpschemasmicrosoftcomado200708dataservicesstring title = docDescendants(nsDataService + Title)First()Value
wwwAndrewConnellcom
AndrewConnell
REST Query Using JavaScript amp jQuery
$(onPageLoad) function onPageLoad() $(cmdGetSiteInfo)click(onGetSiteInfo) function onGetSiteInfo() var requestUri = _spPageContextInfowebAbsoluteUrl + _apiWeb$select=Title execute AJAX request jqxhr = $getJSON(requestUri null OnDataReturned) jqxhrerror(onError) function OnDataReturned(data) var odataResults = datad var siteTitle= odataResultsTitle $(results)html(Title + siteTitle) function onError(err) $(results)text(ERROR + JSONstringify(err))
d __metadata idF05C411B-943E-42A0-A5DF-205F5C75E673 urihttpintranetwingtipcom_apiWeb typeSPWeb Id0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2 TitleMy Site Title
wwwAndrewConnellcom
AndrewConnell
Updates and the Form Digest
Updates using REST require Form DigestSpecial value created using cryptographyUsed to protect against replay attackSharePoint pages include control that contains the Form
DigestWeb service clients must acquire Form
Digest separatelyForm Digest can be acquired through
httpsite_vti_binsitesasmx
wwwAndrewConnellcom
AndrewConnell
Creating Lists with Managed Code amp REST
Parse together URL to point to lists collectionAdd X-RequestDigest header with form
digest valueSet HTTP method to POSTCreate body content with new list info
wwwAndrewConnellcom
AndrewConnell
Creating Lists with JavaScript and REST
function onCreateList() var newList = __metadata typeSPList BaseTemplate105 TemplateFeatureId4AE88D99-DBBC-4B9E-95CC-CA3C320A2345 TitleNewListName var requestHeaders = ACCEPTapplicationjson X-RequestDigest$(__REQUESTDIGEST)val() $ajax( url _spPageContextInfowebAbsoluteUrl + _apiweblists type POST contentType applicationjson data JSONstringify(newList) headers requestHeaders success onSuccess error onError )
Create appropriate JavaScript object and convert to JSON format for request body
Get form digest value from control on page
Create request headers for HTTP Request
Send request to Web server using jQuery $ajax function
Convert request body data to string-based JSON object
wwwAndrewConnellcom
AndrewConnell
Querying and Updating Content Using REST
wwwAndrewConnellcom
AndrewConnell
Questions Want to Learn More
SharePoint Courses for Everyone SharePoint 2007 2010 amp 2013 Developers Administrators amp End Users
Get Training How You Like it Hands-On (classroom with hands-on
labs) Online (live webcast with take-away labs)
Private Classes Available for Large Groups
SharePoint Courses for Everyone SharePoint 2007 2010 amp 2013 Developers Administrators amp End Users
Individual Small Business amp Enterprise Plans Monthly or Annual Subscriptions Watch Online amp Offline
Subscribers Have Access to Entire Catalog
wwwCriticalPathTrainingcom
Hands-On amp Virtual Training
wwwPluralsightcom
On-Demand Training
meandrewconnellcom
- Building Apps for SharePoint 2013 Inside and Outside of the Fir
- Slide 2
- Agenda
- SharePoint 2013 Deployment Options
- Overview of the SharePoint App Model
- App Installation Scopes
- SharePoint App Architecture
- Creating SharePoint Hosted amp Cloud-Hosted Apps
- App Web
- Inspecting the AppWeb
- App Shapes
- App Shapes ndash What It Really Is
- Inspecting App Shapes
- Authentication in SharePoint 2013
- User vs App Authentication Flow
- SharePoint 2013 Authentication Flow
- Provider-Hosted Apps amp App Identity
- OAuth 20 Primer
- Windows Azure ACS
- What is a Server-to-Server (S2S) Trust
- Developing Apps that use S2S Trusts
- OAuth amp S2S Trusts
- What You Might Not Be Aware Of 1
- Creating Apps with Identities amp Permissions
- What You Might Not Be Aware Of 2
- The Sandbox Isnrsquot Dead
- App Model Parting Thoughts
- CSOM in SharePoint 2010
- Changes in SharePoint 2013
- What is covered in the new CSOM
- SharePoint 2013 Remote API Architecture
- What About ListDatasvc
- Changes to CSOM in SharePoint 2013
- CSOM using Managed Code
- CSOM using JavaScript
- Programming CSOM with C
- REST URLs in SharePoint 2013
- Mapping Objects to Resources
- Testing REST Calls Through the Browser
- Executing REST Queries Through The Browser
- Returning ATOM XML vs JSON
- REST Query from Managed Code
- REST Query Using JavaScript amp jQuery
- Updates and the Form Digest
- Creating Lists with Managed Code amp REST
- Creating Lists with JavaScript and REST
- Querying and Updating Content Using REST
- Questions Want to Learn More
-
wwwAndrewConnellcom
AndrewConnell
Changes to CSOM in SharePoint 2013
SharePoint Foundation 2013No significant changes to CSOM beyond REST supportPrimary investment was adding REST to existing API
SharePoint Server 2013New APIs added with CSOM and REST support
wwwAndrewConnellcom
AndrewConnell
CSOM using Managed CodeClientContext cc = new ClientContext(httpclientsidewingtipcom)ccCredentials = CredentialCacheDefaultCredentialsWeb site = ccWebListCollection lists = siteLists load site infoccLoad(site s =gt sTitle)ccExecuteQuery()ConsoleWriteLine(Site Title + siteTitle) create listListCreationInformation newList = new ListCreationInformation()newListTitle = Customers CSOMnewListUrl = ListsCustomers_CSOMnewListQuickLaunchOption = QuickLaunchOptionsOnnewListTemplateType = (int)ListTemplateTypeContactssiteListsAdd(newList) refresh lists collectionccLoad(lists) make round trip to Web server to do all the workccExecuteQuery() foreach (List list in lists) ConsoleWriteLine(listTitle)
wwwAndrewConnellcom
AndrewConnell
CSOM using JavaScriptvar ctxvar webvar lists $(onPageLoad) function onPageLoad() ExecuteOrDelayUntilScriptLoaded(initCSOM spjs) function initCSOM() ctx = SPClientContextget_current() web = ctxget_web() ctxload(web) ctxload(webget_currentUser()) lists = webget_lists() ctxload(lists) ctxexecuteQueryAsync(onDisplaySiteInfo onError) function onDisplaySiteInfo() var siteTitle = webget_title() var siteId = webget_id()toString() var siteUrl = webget_url() var currentUser = webget_currentUser()get_loginName() do something with these values function onError(sender args) alert(JSONstringify(args))
wwwAndrewConnellcom
AndrewConnell
Programming CSOM with C
wwwAndrewConnellcom
AndrewConnell
REST URLs in SharePoint 2013
CSOM URLS can go through _api folderSimplifies URLs that need to be builtRemoves clientsvc file name from URL
You can replace this URLhttpwingtipserver_vti_binclientsvcweb
With this URLhttpwingtipserver_apiweb
wwwAndrewConnellcom
AndrewConnell
Mapping Objects to Resources
Example REST URLs targeting SharePoint sites
http[]_apiweblists
http[]_apiweblistsgetByTitle(lsquoContacts)
http[]_apiwebgetAvailableWebTemplates(lcid=1033)
wwwAndrewConnellcom
AndrewConnell
Testing REST Calls Through the Browser
wwwAndrewConnellcom
AndrewConnell
Executing REST Queries Through The Browser
wwwAndrewConnellcom
AndrewConnell
Returning ATOM XML vs JSON
Control data format response withACCEPT header
ATOM-PUB (XML) Verbose
Easier to read
ACCEPT = applicationatom+xml
JSON Condensed notation
Smaller payload
ACCEPT = applicationjsonodata=verbose
d __metadata idF05C411B-943E-42A0-A5DF-205F5C75E673 urihttpintranetwingtipcom_apiWebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2) etag0 typeSPList Id0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2 TitleDocuments
ltentry xmlbase=httpintranetwingtipcom_api xmlns=httpwwww3org2005Atom xmlnsd=httpschemasmicrosoftcomado200708dataservices xmlnsm=httpschemasmicrosoftcomado200708dataservicesmetadata metag=ampquot0ampquotgt ltidgthttpintranetwingtipcom_apiWebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2)ltidgt ltcategory term=SPList scheme=httpschemasmicrosoftcomado200708dataservicesscheme gt ltlink rel=edit href=WebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2) gt lttitle gt ltupdatedgt2012-10-05T205347Zltupdatedgt ltauthorgt ltname gt ltauthorgt ltcontent type=applicationxmlgt ltmpropertiesgt ltdTitlegtDocumentsltdTitlegt ltmpropertiesgt ltcontentgtltentrygt
wwwAndrewConnellcom
AndrewConnell
REST Query from Managed Code
Tips for making REST calls from managed codeUse HttpWebRequest amp HttpWebResponseQuery XML using XDocumentDescendantsOr use JSON amp JavascriptSeralizer JSONNET
build requestUri uri = new Uri(siteUrl + _apiweblistsgetByTitle(Documents)ampselect=Title)HttpWebRequest request = WebRequestCreate(uri) as HttpWebRequestrequestCredentials = CredentialCacheDefaultCredentialsrequestAccept = applicationatom+xml send requestHttpWebResponse response = requestGetResponse() as HttpWebResponse use LINQ to XML to get dataXDocument doc = XDocumentLoad(responseGetResponseStream())XNamespace nsDataService = httpschemasmicrosoftcomado200708dataservicesstring title = docDescendants(nsDataService + Title)First()Value
wwwAndrewConnellcom
AndrewConnell
REST Query Using JavaScript amp jQuery
$(onPageLoad) function onPageLoad() $(cmdGetSiteInfo)click(onGetSiteInfo) function onGetSiteInfo() var requestUri = _spPageContextInfowebAbsoluteUrl + _apiWeb$select=Title execute AJAX request jqxhr = $getJSON(requestUri null OnDataReturned) jqxhrerror(onError) function OnDataReturned(data) var odataResults = datad var siteTitle= odataResultsTitle $(results)html(Title + siteTitle) function onError(err) $(results)text(ERROR + JSONstringify(err))
d __metadata idF05C411B-943E-42A0-A5DF-205F5C75E673 urihttpintranetwingtipcom_apiWeb typeSPWeb Id0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2 TitleMy Site Title
wwwAndrewConnellcom
AndrewConnell
Updates and the Form Digest
Updates using REST require Form DigestSpecial value created using cryptographyUsed to protect against replay attackSharePoint pages include control that contains the Form
DigestWeb service clients must acquire Form
Digest separatelyForm Digest can be acquired through
httpsite_vti_binsitesasmx
wwwAndrewConnellcom
AndrewConnell
Creating Lists with Managed Code amp REST
Parse together URL to point to lists collectionAdd X-RequestDigest header with form
digest valueSet HTTP method to POSTCreate body content with new list info
wwwAndrewConnellcom
AndrewConnell
Creating Lists with JavaScript and REST
function onCreateList() var newList = __metadata typeSPList BaseTemplate105 TemplateFeatureId4AE88D99-DBBC-4B9E-95CC-CA3C320A2345 TitleNewListName var requestHeaders = ACCEPTapplicationjson X-RequestDigest$(__REQUESTDIGEST)val() $ajax( url _spPageContextInfowebAbsoluteUrl + _apiweblists type POST contentType applicationjson data JSONstringify(newList) headers requestHeaders success onSuccess error onError )
Create appropriate JavaScript object and convert to JSON format for request body
Get form digest value from control on page
Create request headers for HTTP Request
Send request to Web server using jQuery $ajax function
Convert request body data to string-based JSON object
wwwAndrewConnellcom
AndrewConnell
Querying and Updating Content Using REST
wwwAndrewConnellcom
AndrewConnell
Questions Want to Learn More
SharePoint Courses for Everyone SharePoint 2007 2010 amp 2013 Developers Administrators amp End Users
Get Training How You Like it Hands-On (classroom with hands-on
labs) Online (live webcast with take-away labs)
Private Classes Available for Large Groups
SharePoint Courses for Everyone SharePoint 2007 2010 amp 2013 Developers Administrators amp End Users
Individual Small Business amp Enterprise Plans Monthly or Annual Subscriptions Watch Online amp Offline
Subscribers Have Access to Entire Catalog
wwwCriticalPathTrainingcom
Hands-On amp Virtual Training
wwwPluralsightcom
On-Demand Training
meandrewconnellcom
- Building Apps for SharePoint 2013 Inside and Outside of the Fir
- Slide 2
- Agenda
- SharePoint 2013 Deployment Options
- Overview of the SharePoint App Model
- App Installation Scopes
- SharePoint App Architecture
- Creating SharePoint Hosted amp Cloud-Hosted Apps
- App Web
- Inspecting the AppWeb
- App Shapes
- App Shapes ndash What It Really Is
- Inspecting App Shapes
- Authentication in SharePoint 2013
- User vs App Authentication Flow
- SharePoint 2013 Authentication Flow
- Provider-Hosted Apps amp App Identity
- OAuth 20 Primer
- Windows Azure ACS
- What is a Server-to-Server (S2S) Trust
- Developing Apps that use S2S Trusts
- OAuth amp S2S Trusts
- What You Might Not Be Aware Of 1
- Creating Apps with Identities amp Permissions
- What You Might Not Be Aware Of 2
- The Sandbox Isnrsquot Dead
- App Model Parting Thoughts
- CSOM in SharePoint 2010
- Changes in SharePoint 2013
- What is covered in the new CSOM
- SharePoint 2013 Remote API Architecture
- What About ListDatasvc
- Changes to CSOM in SharePoint 2013
- CSOM using Managed Code
- CSOM using JavaScript
- Programming CSOM with C
- REST URLs in SharePoint 2013
- Mapping Objects to Resources
- Testing REST Calls Through the Browser
- Executing REST Queries Through The Browser
- Returning ATOM XML vs JSON
- REST Query from Managed Code
- REST Query Using JavaScript amp jQuery
- Updates and the Form Digest
- Creating Lists with Managed Code amp REST
- Creating Lists with JavaScript and REST
- Querying and Updating Content Using REST
- Questions Want to Learn More
-
wwwAndrewConnellcom
AndrewConnell
CSOM using Managed CodeClientContext cc = new ClientContext(httpclientsidewingtipcom)ccCredentials = CredentialCacheDefaultCredentialsWeb site = ccWebListCollection lists = siteLists load site infoccLoad(site s =gt sTitle)ccExecuteQuery()ConsoleWriteLine(Site Title + siteTitle) create listListCreationInformation newList = new ListCreationInformation()newListTitle = Customers CSOMnewListUrl = ListsCustomers_CSOMnewListQuickLaunchOption = QuickLaunchOptionsOnnewListTemplateType = (int)ListTemplateTypeContactssiteListsAdd(newList) refresh lists collectionccLoad(lists) make round trip to Web server to do all the workccExecuteQuery() foreach (List list in lists) ConsoleWriteLine(listTitle)
wwwAndrewConnellcom
AndrewConnell
CSOM using JavaScriptvar ctxvar webvar lists $(onPageLoad) function onPageLoad() ExecuteOrDelayUntilScriptLoaded(initCSOM spjs) function initCSOM() ctx = SPClientContextget_current() web = ctxget_web() ctxload(web) ctxload(webget_currentUser()) lists = webget_lists() ctxload(lists) ctxexecuteQueryAsync(onDisplaySiteInfo onError) function onDisplaySiteInfo() var siteTitle = webget_title() var siteId = webget_id()toString() var siteUrl = webget_url() var currentUser = webget_currentUser()get_loginName() do something with these values function onError(sender args) alert(JSONstringify(args))
wwwAndrewConnellcom
AndrewConnell
Programming CSOM with C
wwwAndrewConnellcom
AndrewConnell
REST URLs in SharePoint 2013
CSOM URLS can go through _api folderSimplifies URLs that need to be builtRemoves clientsvc file name from URL
You can replace this URLhttpwingtipserver_vti_binclientsvcweb
With this URLhttpwingtipserver_apiweb
wwwAndrewConnellcom
AndrewConnell
Mapping Objects to Resources
Example REST URLs targeting SharePoint sites
http[]_apiweblists
http[]_apiweblistsgetByTitle(lsquoContacts)
http[]_apiwebgetAvailableWebTemplates(lcid=1033)
wwwAndrewConnellcom
AndrewConnell
Testing REST Calls Through the Browser
wwwAndrewConnellcom
AndrewConnell
Executing REST Queries Through The Browser
wwwAndrewConnellcom
AndrewConnell
Returning ATOM XML vs JSON
Control data format response withACCEPT header
ATOM-PUB (XML) Verbose
Easier to read
ACCEPT = applicationatom+xml
JSON Condensed notation
Smaller payload
ACCEPT = applicationjsonodata=verbose
d __metadata idF05C411B-943E-42A0-A5DF-205F5C75E673 urihttpintranetwingtipcom_apiWebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2) etag0 typeSPList Id0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2 TitleDocuments
ltentry xmlbase=httpintranetwingtipcom_api xmlns=httpwwww3org2005Atom xmlnsd=httpschemasmicrosoftcomado200708dataservices xmlnsm=httpschemasmicrosoftcomado200708dataservicesmetadata metag=ampquot0ampquotgt ltidgthttpintranetwingtipcom_apiWebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2)ltidgt ltcategory term=SPList scheme=httpschemasmicrosoftcomado200708dataservicesscheme gt ltlink rel=edit href=WebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2) gt lttitle gt ltupdatedgt2012-10-05T205347Zltupdatedgt ltauthorgt ltname gt ltauthorgt ltcontent type=applicationxmlgt ltmpropertiesgt ltdTitlegtDocumentsltdTitlegt ltmpropertiesgt ltcontentgtltentrygt
wwwAndrewConnellcom
AndrewConnell
REST Query from Managed Code
Tips for making REST calls from managed codeUse HttpWebRequest amp HttpWebResponseQuery XML using XDocumentDescendantsOr use JSON amp JavascriptSeralizer JSONNET
build requestUri uri = new Uri(siteUrl + _apiweblistsgetByTitle(Documents)ampselect=Title)HttpWebRequest request = WebRequestCreate(uri) as HttpWebRequestrequestCredentials = CredentialCacheDefaultCredentialsrequestAccept = applicationatom+xml send requestHttpWebResponse response = requestGetResponse() as HttpWebResponse use LINQ to XML to get dataXDocument doc = XDocumentLoad(responseGetResponseStream())XNamespace nsDataService = httpschemasmicrosoftcomado200708dataservicesstring title = docDescendants(nsDataService + Title)First()Value
wwwAndrewConnellcom
AndrewConnell
REST Query Using JavaScript amp jQuery
$(onPageLoad) function onPageLoad() $(cmdGetSiteInfo)click(onGetSiteInfo) function onGetSiteInfo() var requestUri = _spPageContextInfowebAbsoluteUrl + _apiWeb$select=Title execute AJAX request jqxhr = $getJSON(requestUri null OnDataReturned) jqxhrerror(onError) function OnDataReturned(data) var odataResults = datad var siteTitle= odataResultsTitle $(results)html(Title + siteTitle) function onError(err) $(results)text(ERROR + JSONstringify(err))
d __metadata idF05C411B-943E-42A0-A5DF-205F5C75E673 urihttpintranetwingtipcom_apiWeb typeSPWeb Id0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2 TitleMy Site Title
wwwAndrewConnellcom
AndrewConnell
Updates and the Form Digest
Updates using REST require Form DigestSpecial value created using cryptographyUsed to protect against replay attackSharePoint pages include control that contains the Form
DigestWeb service clients must acquire Form
Digest separatelyForm Digest can be acquired through
httpsite_vti_binsitesasmx
wwwAndrewConnellcom
AndrewConnell
Creating Lists with Managed Code amp REST
Parse together URL to point to lists collectionAdd X-RequestDigest header with form
digest valueSet HTTP method to POSTCreate body content with new list info
wwwAndrewConnellcom
AndrewConnell
Creating Lists with JavaScript and REST
function onCreateList() var newList = __metadata typeSPList BaseTemplate105 TemplateFeatureId4AE88D99-DBBC-4B9E-95CC-CA3C320A2345 TitleNewListName var requestHeaders = ACCEPTapplicationjson X-RequestDigest$(__REQUESTDIGEST)val() $ajax( url _spPageContextInfowebAbsoluteUrl + _apiweblists type POST contentType applicationjson data JSONstringify(newList) headers requestHeaders success onSuccess error onError )
Create appropriate JavaScript object and convert to JSON format for request body
Get form digest value from control on page
Create request headers for HTTP Request
Send request to Web server using jQuery $ajax function
Convert request body data to string-based JSON object
wwwAndrewConnellcom
AndrewConnell
Querying and Updating Content Using REST
wwwAndrewConnellcom
AndrewConnell
Questions Want to Learn More
SharePoint Courses for Everyone SharePoint 2007 2010 amp 2013 Developers Administrators amp End Users
Get Training How You Like it Hands-On (classroom with hands-on
labs) Online (live webcast with take-away labs)
Private Classes Available for Large Groups
SharePoint Courses for Everyone SharePoint 2007 2010 amp 2013 Developers Administrators amp End Users
Individual Small Business amp Enterprise Plans Monthly or Annual Subscriptions Watch Online amp Offline
Subscribers Have Access to Entire Catalog
wwwCriticalPathTrainingcom
Hands-On amp Virtual Training
wwwPluralsightcom
On-Demand Training
meandrewconnellcom
- Building Apps for SharePoint 2013 Inside and Outside of the Fir
- Slide 2
- Agenda
- SharePoint 2013 Deployment Options
- Overview of the SharePoint App Model
- App Installation Scopes
- SharePoint App Architecture
- Creating SharePoint Hosted amp Cloud-Hosted Apps
- App Web
- Inspecting the AppWeb
- App Shapes
- App Shapes ndash What It Really Is
- Inspecting App Shapes
- Authentication in SharePoint 2013
- User vs App Authentication Flow
- SharePoint 2013 Authentication Flow
- Provider-Hosted Apps amp App Identity
- OAuth 20 Primer
- Windows Azure ACS
- What is a Server-to-Server (S2S) Trust
- Developing Apps that use S2S Trusts
- OAuth amp S2S Trusts
- What You Might Not Be Aware Of 1
- Creating Apps with Identities amp Permissions
- What You Might Not Be Aware Of 2
- The Sandbox Isnrsquot Dead
- App Model Parting Thoughts
- CSOM in SharePoint 2010
- Changes in SharePoint 2013
- What is covered in the new CSOM
- SharePoint 2013 Remote API Architecture
- What About ListDatasvc
- Changes to CSOM in SharePoint 2013
- CSOM using Managed Code
- CSOM using JavaScript
- Programming CSOM with C
- REST URLs in SharePoint 2013
- Mapping Objects to Resources
- Testing REST Calls Through the Browser
- Executing REST Queries Through The Browser
- Returning ATOM XML vs JSON
- REST Query from Managed Code
- REST Query Using JavaScript amp jQuery
- Updates and the Form Digest
- Creating Lists with Managed Code amp REST
- Creating Lists with JavaScript and REST
- Querying and Updating Content Using REST
- Questions Want to Learn More
-
wwwAndrewConnellcom
AndrewConnell
CSOM using JavaScriptvar ctxvar webvar lists $(onPageLoad) function onPageLoad() ExecuteOrDelayUntilScriptLoaded(initCSOM spjs) function initCSOM() ctx = SPClientContextget_current() web = ctxget_web() ctxload(web) ctxload(webget_currentUser()) lists = webget_lists() ctxload(lists) ctxexecuteQueryAsync(onDisplaySiteInfo onError) function onDisplaySiteInfo() var siteTitle = webget_title() var siteId = webget_id()toString() var siteUrl = webget_url() var currentUser = webget_currentUser()get_loginName() do something with these values function onError(sender args) alert(JSONstringify(args))
wwwAndrewConnellcom
AndrewConnell
Programming CSOM with C
wwwAndrewConnellcom
AndrewConnell
REST URLs in SharePoint 2013
CSOM URLS can go through _api folderSimplifies URLs that need to be builtRemoves clientsvc file name from URL
You can replace this URLhttpwingtipserver_vti_binclientsvcweb
With this URLhttpwingtipserver_apiweb
wwwAndrewConnellcom
AndrewConnell
Mapping Objects to Resources
Example REST URLs targeting SharePoint sites
http[]_apiweblists
http[]_apiweblistsgetByTitle(lsquoContacts)
http[]_apiwebgetAvailableWebTemplates(lcid=1033)
wwwAndrewConnellcom
AndrewConnell
Testing REST Calls Through the Browser
wwwAndrewConnellcom
AndrewConnell
Executing REST Queries Through The Browser
wwwAndrewConnellcom
AndrewConnell
Returning ATOM XML vs JSON
Control data format response withACCEPT header
ATOM-PUB (XML) Verbose
Easier to read
ACCEPT = applicationatom+xml
JSON Condensed notation
Smaller payload
ACCEPT = applicationjsonodata=verbose
d __metadata idF05C411B-943E-42A0-A5DF-205F5C75E673 urihttpintranetwingtipcom_apiWebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2) etag0 typeSPList Id0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2 TitleDocuments
ltentry xmlbase=httpintranetwingtipcom_api xmlns=httpwwww3org2005Atom xmlnsd=httpschemasmicrosoftcomado200708dataservices xmlnsm=httpschemasmicrosoftcomado200708dataservicesmetadata metag=ampquot0ampquotgt ltidgthttpintranetwingtipcom_apiWebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2)ltidgt ltcategory term=SPList scheme=httpschemasmicrosoftcomado200708dataservicesscheme gt ltlink rel=edit href=WebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2) gt lttitle gt ltupdatedgt2012-10-05T205347Zltupdatedgt ltauthorgt ltname gt ltauthorgt ltcontent type=applicationxmlgt ltmpropertiesgt ltdTitlegtDocumentsltdTitlegt ltmpropertiesgt ltcontentgtltentrygt
wwwAndrewConnellcom
AndrewConnell
REST Query from Managed Code
Tips for making REST calls from managed codeUse HttpWebRequest amp HttpWebResponseQuery XML using XDocumentDescendantsOr use JSON amp JavascriptSeralizer JSONNET
build requestUri uri = new Uri(siteUrl + _apiweblistsgetByTitle(Documents)ampselect=Title)HttpWebRequest request = WebRequestCreate(uri) as HttpWebRequestrequestCredentials = CredentialCacheDefaultCredentialsrequestAccept = applicationatom+xml send requestHttpWebResponse response = requestGetResponse() as HttpWebResponse use LINQ to XML to get dataXDocument doc = XDocumentLoad(responseGetResponseStream())XNamespace nsDataService = httpschemasmicrosoftcomado200708dataservicesstring title = docDescendants(nsDataService + Title)First()Value
wwwAndrewConnellcom
AndrewConnell
REST Query Using JavaScript amp jQuery
$(onPageLoad) function onPageLoad() $(cmdGetSiteInfo)click(onGetSiteInfo) function onGetSiteInfo() var requestUri = _spPageContextInfowebAbsoluteUrl + _apiWeb$select=Title execute AJAX request jqxhr = $getJSON(requestUri null OnDataReturned) jqxhrerror(onError) function OnDataReturned(data) var odataResults = datad var siteTitle= odataResultsTitle $(results)html(Title + siteTitle) function onError(err) $(results)text(ERROR + JSONstringify(err))
d __metadata idF05C411B-943E-42A0-A5DF-205F5C75E673 urihttpintranetwingtipcom_apiWeb typeSPWeb Id0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2 TitleMy Site Title
wwwAndrewConnellcom
AndrewConnell
Updates and the Form Digest
Updates using REST require Form DigestSpecial value created using cryptographyUsed to protect against replay attackSharePoint pages include control that contains the Form
DigestWeb service clients must acquire Form
Digest separatelyForm Digest can be acquired through
httpsite_vti_binsitesasmx
wwwAndrewConnellcom
AndrewConnell
Creating Lists with Managed Code amp REST
Parse together URL to point to lists collectionAdd X-RequestDigest header with form
digest valueSet HTTP method to POSTCreate body content with new list info
wwwAndrewConnellcom
AndrewConnell
Creating Lists with JavaScript and REST
function onCreateList() var newList = __metadata typeSPList BaseTemplate105 TemplateFeatureId4AE88D99-DBBC-4B9E-95CC-CA3C320A2345 TitleNewListName var requestHeaders = ACCEPTapplicationjson X-RequestDigest$(__REQUESTDIGEST)val() $ajax( url _spPageContextInfowebAbsoluteUrl + _apiweblists type POST contentType applicationjson data JSONstringify(newList) headers requestHeaders success onSuccess error onError )
Create appropriate JavaScript object and convert to JSON format for request body
Get form digest value from control on page
Create request headers for HTTP Request
Send request to Web server using jQuery $ajax function
Convert request body data to string-based JSON object
wwwAndrewConnellcom
AndrewConnell
Querying and Updating Content Using REST
wwwAndrewConnellcom
AndrewConnell
Questions Want to Learn More
SharePoint Courses for Everyone SharePoint 2007 2010 amp 2013 Developers Administrators amp End Users
Get Training How You Like it Hands-On (classroom with hands-on
labs) Online (live webcast with take-away labs)
Private Classes Available for Large Groups
SharePoint Courses for Everyone SharePoint 2007 2010 amp 2013 Developers Administrators amp End Users
Individual Small Business amp Enterprise Plans Monthly or Annual Subscriptions Watch Online amp Offline
Subscribers Have Access to Entire Catalog
wwwCriticalPathTrainingcom
Hands-On amp Virtual Training
wwwPluralsightcom
On-Demand Training
meandrewconnellcom
- Building Apps for SharePoint 2013 Inside and Outside of the Fir
- Slide 2
- Agenda
- SharePoint 2013 Deployment Options
- Overview of the SharePoint App Model
- App Installation Scopes
- SharePoint App Architecture
- Creating SharePoint Hosted amp Cloud-Hosted Apps
- App Web
- Inspecting the AppWeb
- App Shapes
- App Shapes ndash What It Really Is
- Inspecting App Shapes
- Authentication in SharePoint 2013
- User vs App Authentication Flow
- SharePoint 2013 Authentication Flow
- Provider-Hosted Apps amp App Identity
- OAuth 20 Primer
- Windows Azure ACS
- What is a Server-to-Server (S2S) Trust
- Developing Apps that use S2S Trusts
- OAuth amp S2S Trusts
- What You Might Not Be Aware Of 1
- Creating Apps with Identities amp Permissions
- What You Might Not Be Aware Of 2
- The Sandbox Isnrsquot Dead
- App Model Parting Thoughts
- CSOM in SharePoint 2010
- Changes in SharePoint 2013
- What is covered in the new CSOM
- SharePoint 2013 Remote API Architecture
- What About ListDatasvc
- Changes to CSOM in SharePoint 2013
- CSOM using Managed Code
- CSOM using JavaScript
- Programming CSOM with C
- REST URLs in SharePoint 2013
- Mapping Objects to Resources
- Testing REST Calls Through the Browser
- Executing REST Queries Through The Browser
- Returning ATOM XML vs JSON
- REST Query from Managed Code
- REST Query Using JavaScript amp jQuery
- Updates and the Form Digest
- Creating Lists with Managed Code amp REST
- Creating Lists with JavaScript and REST
- Querying and Updating Content Using REST
- Questions Want to Learn More
-
wwwAndrewConnellcom
AndrewConnell
Programming CSOM with C
wwwAndrewConnellcom
AndrewConnell
REST URLs in SharePoint 2013
CSOM URLS can go through _api folderSimplifies URLs that need to be builtRemoves clientsvc file name from URL
You can replace this URLhttpwingtipserver_vti_binclientsvcweb
With this URLhttpwingtipserver_apiweb
wwwAndrewConnellcom
AndrewConnell
Mapping Objects to Resources
Example REST URLs targeting SharePoint sites
http[]_apiweblists
http[]_apiweblistsgetByTitle(lsquoContacts)
http[]_apiwebgetAvailableWebTemplates(lcid=1033)
wwwAndrewConnellcom
AndrewConnell
Testing REST Calls Through the Browser
wwwAndrewConnellcom
AndrewConnell
Executing REST Queries Through The Browser
wwwAndrewConnellcom
AndrewConnell
Returning ATOM XML vs JSON
Control data format response withACCEPT header
ATOM-PUB (XML) Verbose
Easier to read
ACCEPT = applicationatom+xml
JSON Condensed notation
Smaller payload
ACCEPT = applicationjsonodata=verbose
d __metadata idF05C411B-943E-42A0-A5DF-205F5C75E673 urihttpintranetwingtipcom_apiWebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2) etag0 typeSPList Id0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2 TitleDocuments
ltentry xmlbase=httpintranetwingtipcom_api xmlns=httpwwww3org2005Atom xmlnsd=httpschemasmicrosoftcomado200708dataservices xmlnsm=httpschemasmicrosoftcomado200708dataservicesmetadata metag=ampquot0ampquotgt ltidgthttpintranetwingtipcom_apiWebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2)ltidgt ltcategory term=SPList scheme=httpschemasmicrosoftcomado200708dataservicesscheme gt ltlink rel=edit href=WebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2) gt lttitle gt ltupdatedgt2012-10-05T205347Zltupdatedgt ltauthorgt ltname gt ltauthorgt ltcontent type=applicationxmlgt ltmpropertiesgt ltdTitlegtDocumentsltdTitlegt ltmpropertiesgt ltcontentgtltentrygt
wwwAndrewConnellcom
AndrewConnell
REST Query from Managed Code
Tips for making REST calls from managed codeUse HttpWebRequest amp HttpWebResponseQuery XML using XDocumentDescendantsOr use JSON amp JavascriptSeralizer JSONNET
build requestUri uri = new Uri(siteUrl + _apiweblistsgetByTitle(Documents)ampselect=Title)HttpWebRequest request = WebRequestCreate(uri) as HttpWebRequestrequestCredentials = CredentialCacheDefaultCredentialsrequestAccept = applicationatom+xml send requestHttpWebResponse response = requestGetResponse() as HttpWebResponse use LINQ to XML to get dataXDocument doc = XDocumentLoad(responseGetResponseStream())XNamespace nsDataService = httpschemasmicrosoftcomado200708dataservicesstring title = docDescendants(nsDataService + Title)First()Value
wwwAndrewConnellcom
AndrewConnell
REST Query Using JavaScript amp jQuery
$(onPageLoad) function onPageLoad() $(cmdGetSiteInfo)click(onGetSiteInfo) function onGetSiteInfo() var requestUri = _spPageContextInfowebAbsoluteUrl + _apiWeb$select=Title execute AJAX request jqxhr = $getJSON(requestUri null OnDataReturned) jqxhrerror(onError) function OnDataReturned(data) var odataResults = datad var siteTitle= odataResultsTitle $(results)html(Title + siteTitle) function onError(err) $(results)text(ERROR + JSONstringify(err))
d __metadata idF05C411B-943E-42A0-A5DF-205F5C75E673 urihttpintranetwingtipcom_apiWeb typeSPWeb Id0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2 TitleMy Site Title
wwwAndrewConnellcom
AndrewConnell
Updates and the Form Digest
Updates using REST require Form DigestSpecial value created using cryptographyUsed to protect against replay attackSharePoint pages include control that contains the Form
DigestWeb service clients must acquire Form
Digest separatelyForm Digest can be acquired through
httpsite_vti_binsitesasmx
wwwAndrewConnellcom
AndrewConnell
Creating Lists with Managed Code amp REST
Parse together URL to point to lists collectionAdd X-RequestDigest header with form
digest valueSet HTTP method to POSTCreate body content with new list info
wwwAndrewConnellcom
AndrewConnell
Creating Lists with JavaScript and REST
function onCreateList() var newList = __metadata typeSPList BaseTemplate105 TemplateFeatureId4AE88D99-DBBC-4B9E-95CC-CA3C320A2345 TitleNewListName var requestHeaders = ACCEPTapplicationjson X-RequestDigest$(__REQUESTDIGEST)val() $ajax( url _spPageContextInfowebAbsoluteUrl + _apiweblists type POST contentType applicationjson data JSONstringify(newList) headers requestHeaders success onSuccess error onError )
Create appropriate JavaScript object and convert to JSON format for request body
Get form digest value from control on page
Create request headers for HTTP Request
Send request to Web server using jQuery $ajax function
Convert request body data to string-based JSON object
wwwAndrewConnellcom
AndrewConnell
Querying and Updating Content Using REST
wwwAndrewConnellcom
AndrewConnell
Questions Want to Learn More
SharePoint Courses for Everyone SharePoint 2007 2010 amp 2013 Developers Administrators amp End Users
Get Training How You Like it Hands-On (classroom with hands-on
labs) Online (live webcast with take-away labs)
Private Classes Available for Large Groups
SharePoint Courses for Everyone SharePoint 2007 2010 amp 2013 Developers Administrators amp End Users
Individual Small Business amp Enterprise Plans Monthly or Annual Subscriptions Watch Online amp Offline
Subscribers Have Access to Entire Catalog
wwwCriticalPathTrainingcom
Hands-On amp Virtual Training
wwwPluralsightcom
On-Demand Training
meandrewconnellcom
- Building Apps for SharePoint 2013 Inside and Outside of the Fir
- Slide 2
- Agenda
- SharePoint 2013 Deployment Options
- Overview of the SharePoint App Model
- App Installation Scopes
- SharePoint App Architecture
- Creating SharePoint Hosted amp Cloud-Hosted Apps
- App Web
- Inspecting the AppWeb
- App Shapes
- App Shapes ndash What It Really Is
- Inspecting App Shapes
- Authentication in SharePoint 2013
- User vs App Authentication Flow
- SharePoint 2013 Authentication Flow
- Provider-Hosted Apps amp App Identity
- OAuth 20 Primer
- Windows Azure ACS
- What is a Server-to-Server (S2S) Trust
- Developing Apps that use S2S Trusts
- OAuth amp S2S Trusts
- What You Might Not Be Aware Of 1
- Creating Apps with Identities amp Permissions
- What You Might Not Be Aware Of 2
- The Sandbox Isnrsquot Dead
- App Model Parting Thoughts
- CSOM in SharePoint 2010
- Changes in SharePoint 2013
- What is covered in the new CSOM
- SharePoint 2013 Remote API Architecture
- What About ListDatasvc
- Changes to CSOM in SharePoint 2013
- CSOM using Managed Code
- CSOM using JavaScript
- Programming CSOM with C
- REST URLs in SharePoint 2013
- Mapping Objects to Resources
- Testing REST Calls Through the Browser
- Executing REST Queries Through The Browser
- Returning ATOM XML vs JSON
- REST Query from Managed Code
- REST Query Using JavaScript amp jQuery
- Updates and the Form Digest
- Creating Lists with Managed Code amp REST
- Creating Lists with JavaScript and REST
- Querying and Updating Content Using REST
- Questions Want to Learn More
-
wwwAndrewConnellcom
AndrewConnell
REST URLs in SharePoint 2013
CSOM URLS can go through _api folderSimplifies URLs that need to be builtRemoves clientsvc file name from URL
You can replace this URLhttpwingtipserver_vti_binclientsvcweb
With this URLhttpwingtipserver_apiweb
wwwAndrewConnellcom
AndrewConnell
Mapping Objects to Resources
Example REST URLs targeting SharePoint sites
http[]_apiweblists
http[]_apiweblistsgetByTitle(lsquoContacts)
http[]_apiwebgetAvailableWebTemplates(lcid=1033)
wwwAndrewConnellcom
AndrewConnell
Testing REST Calls Through the Browser
wwwAndrewConnellcom
AndrewConnell
Executing REST Queries Through The Browser
wwwAndrewConnellcom
AndrewConnell
Returning ATOM XML vs JSON
Control data format response withACCEPT header
ATOM-PUB (XML) Verbose
Easier to read
ACCEPT = applicationatom+xml
JSON Condensed notation
Smaller payload
ACCEPT = applicationjsonodata=verbose
d __metadata idF05C411B-943E-42A0-A5DF-205F5C75E673 urihttpintranetwingtipcom_apiWebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2) etag0 typeSPList Id0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2 TitleDocuments
ltentry xmlbase=httpintranetwingtipcom_api xmlns=httpwwww3org2005Atom xmlnsd=httpschemasmicrosoftcomado200708dataservices xmlnsm=httpschemasmicrosoftcomado200708dataservicesmetadata metag=ampquot0ampquotgt ltidgthttpintranetwingtipcom_apiWebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2)ltidgt ltcategory term=SPList scheme=httpschemasmicrosoftcomado200708dataservicesscheme gt ltlink rel=edit href=WebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2) gt lttitle gt ltupdatedgt2012-10-05T205347Zltupdatedgt ltauthorgt ltname gt ltauthorgt ltcontent type=applicationxmlgt ltmpropertiesgt ltdTitlegtDocumentsltdTitlegt ltmpropertiesgt ltcontentgtltentrygt
wwwAndrewConnellcom
AndrewConnell
REST Query from Managed Code
Tips for making REST calls from managed codeUse HttpWebRequest amp HttpWebResponseQuery XML using XDocumentDescendantsOr use JSON amp JavascriptSeralizer JSONNET
build requestUri uri = new Uri(siteUrl + _apiweblistsgetByTitle(Documents)ampselect=Title)HttpWebRequest request = WebRequestCreate(uri) as HttpWebRequestrequestCredentials = CredentialCacheDefaultCredentialsrequestAccept = applicationatom+xml send requestHttpWebResponse response = requestGetResponse() as HttpWebResponse use LINQ to XML to get dataXDocument doc = XDocumentLoad(responseGetResponseStream())XNamespace nsDataService = httpschemasmicrosoftcomado200708dataservicesstring title = docDescendants(nsDataService + Title)First()Value
wwwAndrewConnellcom
AndrewConnell
REST Query Using JavaScript amp jQuery
$(onPageLoad) function onPageLoad() $(cmdGetSiteInfo)click(onGetSiteInfo) function onGetSiteInfo() var requestUri = _spPageContextInfowebAbsoluteUrl + _apiWeb$select=Title execute AJAX request jqxhr = $getJSON(requestUri null OnDataReturned) jqxhrerror(onError) function OnDataReturned(data) var odataResults = datad var siteTitle= odataResultsTitle $(results)html(Title + siteTitle) function onError(err) $(results)text(ERROR + JSONstringify(err))
d __metadata idF05C411B-943E-42A0-A5DF-205F5C75E673 urihttpintranetwingtipcom_apiWeb typeSPWeb Id0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2 TitleMy Site Title
wwwAndrewConnellcom
AndrewConnell
Updates and the Form Digest
Updates using REST require Form DigestSpecial value created using cryptographyUsed to protect against replay attackSharePoint pages include control that contains the Form
DigestWeb service clients must acquire Form
Digest separatelyForm Digest can be acquired through
httpsite_vti_binsitesasmx
wwwAndrewConnellcom
AndrewConnell
Creating Lists with Managed Code amp REST
Parse together URL to point to lists collectionAdd X-RequestDigest header with form
digest valueSet HTTP method to POSTCreate body content with new list info
wwwAndrewConnellcom
AndrewConnell
Creating Lists with JavaScript and REST
function onCreateList() var newList = __metadata typeSPList BaseTemplate105 TemplateFeatureId4AE88D99-DBBC-4B9E-95CC-CA3C320A2345 TitleNewListName var requestHeaders = ACCEPTapplicationjson X-RequestDigest$(__REQUESTDIGEST)val() $ajax( url _spPageContextInfowebAbsoluteUrl + _apiweblists type POST contentType applicationjson data JSONstringify(newList) headers requestHeaders success onSuccess error onError )
Create appropriate JavaScript object and convert to JSON format for request body
Get form digest value from control on page
Create request headers for HTTP Request
Send request to Web server using jQuery $ajax function
Convert request body data to string-based JSON object
wwwAndrewConnellcom
AndrewConnell
Querying and Updating Content Using REST
wwwAndrewConnellcom
AndrewConnell
Questions Want to Learn More
SharePoint Courses for Everyone SharePoint 2007 2010 amp 2013 Developers Administrators amp End Users
Get Training How You Like it Hands-On (classroom with hands-on
labs) Online (live webcast with take-away labs)
Private Classes Available for Large Groups
SharePoint Courses for Everyone SharePoint 2007 2010 amp 2013 Developers Administrators amp End Users
Individual Small Business amp Enterprise Plans Monthly or Annual Subscriptions Watch Online amp Offline
Subscribers Have Access to Entire Catalog
wwwCriticalPathTrainingcom
Hands-On amp Virtual Training
wwwPluralsightcom
On-Demand Training
meandrewconnellcom
- Building Apps for SharePoint 2013 Inside and Outside of the Fir
- Slide 2
- Agenda
- SharePoint 2013 Deployment Options
- Overview of the SharePoint App Model
- App Installation Scopes
- SharePoint App Architecture
- Creating SharePoint Hosted amp Cloud-Hosted Apps
- App Web
- Inspecting the AppWeb
- App Shapes
- App Shapes ndash What It Really Is
- Inspecting App Shapes
- Authentication in SharePoint 2013
- User vs App Authentication Flow
- SharePoint 2013 Authentication Flow
- Provider-Hosted Apps amp App Identity
- OAuth 20 Primer
- Windows Azure ACS
- What is a Server-to-Server (S2S) Trust
- Developing Apps that use S2S Trusts
- OAuth amp S2S Trusts
- What You Might Not Be Aware Of 1
- Creating Apps with Identities amp Permissions
- What You Might Not Be Aware Of 2
- The Sandbox Isnrsquot Dead
- App Model Parting Thoughts
- CSOM in SharePoint 2010
- Changes in SharePoint 2013
- What is covered in the new CSOM
- SharePoint 2013 Remote API Architecture
- What About ListDatasvc
- Changes to CSOM in SharePoint 2013
- CSOM using Managed Code
- CSOM using JavaScript
- Programming CSOM with C
- REST URLs in SharePoint 2013
- Mapping Objects to Resources
- Testing REST Calls Through the Browser
- Executing REST Queries Through The Browser
- Returning ATOM XML vs JSON
- REST Query from Managed Code
- REST Query Using JavaScript amp jQuery
- Updates and the Form Digest
- Creating Lists with Managed Code amp REST
- Creating Lists with JavaScript and REST
- Querying and Updating Content Using REST
- Questions Want to Learn More
-
wwwAndrewConnellcom
AndrewConnell
Mapping Objects to Resources
Example REST URLs targeting SharePoint sites
http[]_apiweblists
http[]_apiweblistsgetByTitle(lsquoContacts)
http[]_apiwebgetAvailableWebTemplates(lcid=1033)
wwwAndrewConnellcom
AndrewConnell
Testing REST Calls Through the Browser
wwwAndrewConnellcom
AndrewConnell
Executing REST Queries Through The Browser
wwwAndrewConnellcom
AndrewConnell
Returning ATOM XML vs JSON
Control data format response withACCEPT header
ATOM-PUB (XML) Verbose
Easier to read
ACCEPT = applicationatom+xml
JSON Condensed notation
Smaller payload
ACCEPT = applicationjsonodata=verbose
d __metadata idF05C411B-943E-42A0-A5DF-205F5C75E673 urihttpintranetwingtipcom_apiWebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2) etag0 typeSPList Id0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2 TitleDocuments
ltentry xmlbase=httpintranetwingtipcom_api xmlns=httpwwww3org2005Atom xmlnsd=httpschemasmicrosoftcomado200708dataservices xmlnsm=httpschemasmicrosoftcomado200708dataservicesmetadata metag=ampquot0ampquotgt ltidgthttpintranetwingtipcom_apiWebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2)ltidgt ltcategory term=SPList scheme=httpschemasmicrosoftcomado200708dataservicesscheme gt ltlink rel=edit href=WebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2) gt lttitle gt ltupdatedgt2012-10-05T205347Zltupdatedgt ltauthorgt ltname gt ltauthorgt ltcontent type=applicationxmlgt ltmpropertiesgt ltdTitlegtDocumentsltdTitlegt ltmpropertiesgt ltcontentgtltentrygt
wwwAndrewConnellcom
AndrewConnell
REST Query from Managed Code
Tips for making REST calls from managed codeUse HttpWebRequest amp HttpWebResponseQuery XML using XDocumentDescendantsOr use JSON amp JavascriptSeralizer JSONNET
build requestUri uri = new Uri(siteUrl + _apiweblistsgetByTitle(Documents)ampselect=Title)HttpWebRequest request = WebRequestCreate(uri) as HttpWebRequestrequestCredentials = CredentialCacheDefaultCredentialsrequestAccept = applicationatom+xml send requestHttpWebResponse response = requestGetResponse() as HttpWebResponse use LINQ to XML to get dataXDocument doc = XDocumentLoad(responseGetResponseStream())XNamespace nsDataService = httpschemasmicrosoftcomado200708dataservicesstring title = docDescendants(nsDataService + Title)First()Value
wwwAndrewConnellcom
AndrewConnell
REST Query Using JavaScript amp jQuery
$(onPageLoad) function onPageLoad() $(cmdGetSiteInfo)click(onGetSiteInfo) function onGetSiteInfo() var requestUri = _spPageContextInfowebAbsoluteUrl + _apiWeb$select=Title execute AJAX request jqxhr = $getJSON(requestUri null OnDataReturned) jqxhrerror(onError) function OnDataReturned(data) var odataResults = datad var siteTitle= odataResultsTitle $(results)html(Title + siteTitle) function onError(err) $(results)text(ERROR + JSONstringify(err))
d __metadata idF05C411B-943E-42A0-A5DF-205F5C75E673 urihttpintranetwingtipcom_apiWeb typeSPWeb Id0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2 TitleMy Site Title
wwwAndrewConnellcom
AndrewConnell
Updates and the Form Digest
Updates using REST require Form DigestSpecial value created using cryptographyUsed to protect against replay attackSharePoint pages include control that contains the Form
DigestWeb service clients must acquire Form
Digest separatelyForm Digest can be acquired through
httpsite_vti_binsitesasmx
wwwAndrewConnellcom
AndrewConnell
Creating Lists with Managed Code amp REST
Parse together URL to point to lists collectionAdd X-RequestDigest header with form
digest valueSet HTTP method to POSTCreate body content with new list info
wwwAndrewConnellcom
AndrewConnell
Creating Lists with JavaScript and REST
function onCreateList() var newList = __metadata typeSPList BaseTemplate105 TemplateFeatureId4AE88D99-DBBC-4B9E-95CC-CA3C320A2345 TitleNewListName var requestHeaders = ACCEPTapplicationjson X-RequestDigest$(__REQUESTDIGEST)val() $ajax( url _spPageContextInfowebAbsoluteUrl + _apiweblists type POST contentType applicationjson data JSONstringify(newList) headers requestHeaders success onSuccess error onError )
Create appropriate JavaScript object and convert to JSON format for request body
Get form digest value from control on page
Create request headers for HTTP Request
Send request to Web server using jQuery $ajax function
Convert request body data to string-based JSON object
wwwAndrewConnellcom
AndrewConnell
Querying and Updating Content Using REST
wwwAndrewConnellcom
AndrewConnell
Questions Want to Learn More
SharePoint Courses for Everyone SharePoint 2007 2010 amp 2013 Developers Administrators amp End Users
Get Training How You Like it Hands-On (classroom with hands-on
labs) Online (live webcast with take-away labs)
Private Classes Available for Large Groups
SharePoint Courses for Everyone SharePoint 2007 2010 amp 2013 Developers Administrators amp End Users
Individual Small Business amp Enterprise Plans Monthly or Annual Subscriptions Watch Online amp Offline
Subscribers Have Access to Entire Catalog
wwwCriticalPathTrainingcom
Hands-On amp Virtual Training
wwwPluralsightcom
On-Demand Training
meandrewconnellcom
- Building Apps for SharePoint 2013 Inside and Outside of the Fir
- Slide 2
- Agenda
- SharePoint 2013 Deployment Options
- Overview of the SharePoint App Model
- App Installation Scopes
- SharePoint App Architecture
- Creating SharePoint Hosted amp Cloud-Hosted Apps
- App Web
- Inspecting the AppWeb
- App Shapes
- App Shapes ndash What It Really Is
- Inspecting App Shapes
- Authentication in SharePoint 2013
- User vs App Authentication Flow
- SharePoint 2013 Authentication Flow
- Provider-Hosted Apps amp App Identity
- OAuth 20 Primer
- Windows Azure ACS
- What is a Server-to-Server (S2S) Trust
- Developing Apps that use S2S Trusts
- OAuth amp S2S Trusts
- What You Might Not Be Aware Of 1
- Creating Apps with Identities amp Permissions
- What You Might Not Be Aware Of 2
- The Sandbox Isnrsquot Dead
- App Model Parting Thoughts
- CSOM in SharePoint 2010
- Changes in SharePoint 2013
- What is covered in the new CSOM
- SharePoint 2013 Remote API Architecture
- What About ListDatasvc
- Changes to CSOM in SharePoint 2013
- CSOM using Managed Code
- CSOM using JavaScript
- Programming CSOM with C
- REST URLs in SharePoint 2013
- Mapping Objects to Resources
- Testing REST Calls Through the Browser
- Executing REST Queries Through The Browser
- Returning ATOM XML vs JSON
- REST Query from Managed Code
- REST Query Using JavaScript amp jQuery
- Updates and the Form Digest
- Creating Lists with Managed Code amp REST
- Creating Lists with JavaScript and REST
- Querying and Updating Content Using REST
- Questions Want to Learn More
-
wwwAndrewConnellcom
AndrewConnell
Testing REST Calls Through the Browser
wwwAndrewConnellcom
AndrewConnell
Executing REST Queries Through The Browser
wwwAndrewConnellcom
AndrewConnell
Returning ATOM XML vs JSON
Control data format response withACCEPT header
ATOM-PUB (XML) Verbose
Easier to read
ACCEPT = applicationatom+xml
JSON Condensed notation
Smaller payload
ACCEPT = applicationjsonodata=verbose
d __metadata idF05C411B-943E-42A0-A5DF-205F5C75E673 urihttpintranetwingtipcom_apiWebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2) etag0 typeSPList Id0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2 TitleDocuments
ltentry xmlbase=httpintranetwingtipcom_api xmlns=httpwwww3org2005Atom xmlnsd=httpschemasmicrosoftcomado200708dataservices xmlnsm=httpschemasmicrosoftcomado200708dataservicesmetadata metag=ampquot0ampquotgt ltidgthttpintranetwingtipcom_apiWebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2)ltidgt ltcategory term=SPList scheme=httpschemasmicrosoftcomado200708dataservicesscheme gt ltlink rel=edit href=WebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2) gt lttitle gt ltupdatedgt2012-10-05T205347Zltupdatedgt ltauthorgt ltname gt ltauthorgt ltcontent type=applicationxmlgt ltmpropertiesgt ltdTitlegtDocumentsltdTitlegt ltmpropertiesgt ltcontentgtltentrygt
wwwAndrewConnellcom
AndrewConnell
REST Query from Managed Code
Tips for making REST calls from managed codeUse HttpWebRequest amp HttpWebResponseQuery XML using XDocumentDescendantsOr use JSON amp JavascriptSeralizer JSONNET
build requestUri uri = new Uri(siteUrl + _apiweblistsgetByTitle(Documents)ampselect=Title)HttpWebRequest request = WebRequestCreate(uri) as HttpWebRequestrequestCredentials = CredentialCacheDefaultCredentialsrequestAccept = applicationatom+xml send requestHttpWebResponse response = requestGetResponse() as HttpWebResponse use LINQ to XML to get dataXDocument doc = XDocumentLoad(responseGetResponseStream())XNamespace nsDataService = httpschemasmicrosoftcomado200708dataservicesstring title = docDescendants(nsDataService + Title)First()Value
wwwAndrewConnellcom
AndrewConnell
REST Query Using JavaScript amp jQuery
$(onPageLoad) function onPageLoad() $(cmdGetSiteInfo)click(onGetSiteInfo) function onGetSiteInfo() var requestUri = _spPageContextInfowebAbsoluteUrl + _apiWeb$select=Title execute AJAX request jqxhr = $getJSON(requestUri null OnDataReturned) jqxhrerror(onError) function OnDataReturned(data) var odataResults = datad var siteTitle= odataResultsTitle $(results)html(Title + siteTitle) function onError(err) $(results)text(ERROR + JSONstringify(err))
d __metadata idF05C411B-943E-42A0-A5DF-205F5C75E673 urihttpintranetwingtipcom_apiWeb typeSPWeb Id0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2 TitleMy Site Title
wwwAndrewConnellcom
AndrewConnell
Updates and the Form Digest
Updates using REST require Form DigestSpecial value created using cryptographyUsed to protect against replay attackSharePoint pages include control that contains the Form
DigestWeb service clients must acquire Form
Digest separatelyForm Digest can be acquired through
httpsite_vti_binsitesasmx
wwwAndrewConnellcom
AndrewConnell
Creating Lists with Managed Code amp REST
Parse together URL to point to lists collectionAdd X-RequestDigest header with form
digest valueSet HTTP method to POSTCreate body content with new list info
wwwAndrewConnellcom
AndrewConnell
Creating Lists with JavaScript and REST
function onCreateList() var newList = __metadata typeSPList BaseTemplate105 TemplateFeatureId4AE88D99-DBBC-4B9E-95CC-CA3C320A2345 TitleNewListName var requestHeaders = ACCEPTapplicationjson X-RequestDigest$(__REQUESTDIGEST)val() $ajax( url _spPageContextInfowebAbsoluteUrl + _apiweblists type POST contentType applicationjson data JSONstringify(newList) headers requestHeaders success onSuccess error onError )
Create appropriate JavaScript object and convert to JSON format for request body
Get form digest value from control on page
Create request headers for HTTP Request
Send request to Web server using jQuery $ajax function
Convert request body data to string-based JSON object
wwwAndrewConnellcom
AndrewConnell
Querying and Updating Content Using REST
wwwAndrewConnellcom
AndrewConnell
Questions Want to Learn More
SharePoint Courses for Everyone SharePoint 2007 2010 amp 2013 Developers Administrators amp End Users
Get Training How You Like it Hands-On (classroom with hands-on
labs) Online (live webcast with take-away labs)
Private Classes Available for Large Groups
SharePoint Courses for Everyone SharePoint 2007 2010 amp 2013 Developers Administrators amp End Users
Individual Small Business amp Enterprise Plans Monthly or Annual Subscriptions Watch Online amp Offline
Subscribers Have Access to Entire Catalog
wwwCriticalPathTrainingcom
Hands-On amp Virtual Training
wwwPluralsightcom
On-Demand Training
meandrewconnellcom
- Building Apps for SharePoint 2013 Inside and Outside of the Fir
- Slide 2
- Agenda
- SharePoint 2013 Deployment Options
- Overview of the SharePoint App Model
- App Installation Scopes
- SharePoint App Architecture
- Creating SharePoint Hosted amp Cloud-Hosted Apps
- App Web
- Inspecting the AppWeb
- App Shapes
- App Shapes ndash What It Really Is
- Inspecting App Shapes
- Authentication in SharePoint 2013
- User vs App Authentication Flow
- SharePoint 2013 Authentication Flow
- Provider-Hosted Apps amp App Identity
- OAuth 20 Primer
- Windows Azure ACS
- What is a Server-to-Server (S2S) Trust
- Developing Apps that use S2S Trusts
- OAuth amp S2S Trusts
- What You Might Not Be Aware Of 1
- Creating Apps with Identities amp Permissions
- What You Might Not Be Aware Of 2
- The Sandbox Isnrsquot Dead
- App Model Parting Thoughts
- CSOM in SharePoint 2010
- Changes in SharePoint 2013
- What is covered in the new CSOM
- SharePoint 2013 Remote API Architecture
- What About ListDatasvc
- Changes to CSOM in SharePoint 2013
- CSOM using Managed Code
- CSOM using JavaScript
- Programming CSOM with C
- REST URLs in SharePoint 2013
- Mapping Objects to Resources
- Testing REST Calls Through the Browser
- Executing REST Queries Through The Browser
- Returning ATOM XML vs JSON
- REST Query from Managed Code
- REST Query Using JavaScript amp jQuery
- Updates and the Form Digest
- Creating Lists with Managed Code amp REST
- Creating Lists with JavaScript and REST
- Querying and Updating Content Using REST
- Questions Want to Learn More
-
wwwAndrewConnellcom
AndrewConnell
Executing REST Queries Through The Browser
wwwAndrewConnellcom
AndrewConnell
Returning ATOM XML vs JSON
Control data format response withACCEPT header
ATOM-PUB (XML) Verbose
Easier to read
ACCEPT = applicationatom+xml
JSON Condensed notation
Smaller payload
ACCEPT = applicationjsonodata=verbose
d __metadata idF05C411B-943E-42A0-A5DF-205F5C75E673 urihttpintranetwingtipcom_apiWebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2) etag0 typeSPList Id0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2 TitleDocuments
ltentry xmlbase=httpintranetwingtipcom_api xmlns=httpwwww3org2005Atom xmlnsd=httpschemasmicrosoftcomado200708dataservices xmlnsm=httpschemasmicrosoftcomado200708dataservicesmetadata metag=ampquot0ampquotgt ltidgthttpintranetwingtipcom_apiWebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2)ltidgt ltcategory term=SPList scheme=httpschemasmicrosoftcomado200708dataservicesscheme gt ltlink rel=edit href=WebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2) gt lttitle gt ltupdatedgt2012-10-05T205347Zltupdatedgt ltauthorgt ltname gt ltauthorgt ltcontent type=applicationxmlgt ltmpropertiesgt ltdTitlegtDocumentsltdTitlegt ltmpropertiesgt ltcontentgtltentrygt
wwwAndrewConnellcom
AndrewConnell
REST Query from Managed Code
Tips for making REST calls from managed codeUse HttpWebRequest amp HttpWebResponseQuery XML using XDocumentDescendantsOr use JSON amp JavascriptSeralizer JSONNET
build requestUri uri = new Uri(siteUrl + _apiweblistsgetByTitle(Documents)ampselect=Title)HttpWebRequest request = WebRequestCreate(uri) as HttpWebRequestrequestCredentials = CredentialCacheDefaultCredentialsrequestAccept = applicationatom+xml send requestHttpWebResponse response = requestGetResponse() as HttpWebResponse use LINQ to XML to get dataXDocument doc = XDocumentLoad(responseGetResponseStream())XNamespace nsDataService = httpschemasmicrosoftcomado200708dataservicesstring title = docDescendants(nsDataService + Title)First()Value
wwwAndrewConnellcom
AndrewConnell
REST Query Using JavaScript amp jQuery
$(onPageLoad) function onPageLoad() $(cmdGetSiteInfo)click(onGetSiteInfo) function onGetSiteInfo() var requestUri = _spPageContextInfowebAbsoluteUrl + _apiWeb$select=Title execute AJAX request jqxhr = $getJSON(requestUri null OnDataReturned) jqxhrerror(onError) function OnDataReturned(data) var odataResults = datad var siteTitle= odataResultsTitle $(results)html(Title + siteTitle) function onError(err) $(results)text(ERROR + JSONstringify(err))
d __metadata idF05C411B-943E-42A0-A5DF-205F5C75E673 urihttpintranetwingtipcom_apiWeb typeSPWeb Id0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2 TitleMy Site Title
wwwAndrewConnellcom
AndrewConnell
Updates and the Form Digest
Updates using REST require Form DigestSpecial value created using cryptographyUsed to protect against replay attackSharePoint pages include control that contains the Form
DigestWeb service clients must acquire Form
Digest separatelyForm Digest can be acquired through
httpsite_vti_binsitesasmx
wwwAndrewConnellcom
AndrewConnell
Creating Lists with Managed Code amp REST
Parse together URL to point to lists collectionAdd X-RequestDigest header with form
digest valueSet HTTP method to POSTCreate body content with new list info
wwwAndrewConnellcom
AndrewConnell
Creating Lists with JavaScript and REST
function onCreateList() var newList = __metadata typeSPList BaseTemplate105 TemplateFeatureId4AE88D99-DBBC-4B9E-95CC-CA3C320A2345 TitleNewListName var requestHeaders = ACCEPTapplicationjson X-RequestDigest$(__REQUESTDIGEST)val() $ajax( url _spPageContextInfowebAbsoluteUrl + _apiweblists type POST contentType applicationjson data JSONstringify(newList) headers requestHeaders success onSuccess error onError )
Create appropriate JavaScript object and convert to JSON format for request body
Get form digest value from control on page
Create request headers for HTTP Request
Send request to Web server using jQuery $ajax function
Convert request body data to string-based JSON object
wwwAndrewConnellcom
AndrewConnell
Querying and Updating Content Using REST
wwwAndrewConnellcom
AndrewConnell
Questions Want to Learn More
SharePoint Courses for Everyone SharePoint 2007 2010 amp 2013 Developers Administrators amp End Users
Get Training How You Like it Hands-On (classroom with hands-on
labs) Online (live webcast with take-away labs)
Private Classes Available for Large Groups
SharePoint Courses for Everyone SharePoint 2007 2010 amp 2013 Developers Administrators amp End Users
Individual Small Business amp Enterprise Plans Monthly or Annual Subscriptions Watch Online amp Offline
Subscribers Have Access to Entire Catalog
wwwCriticalPathTrainingcom
Hands-On amp Virtual Training
wwwPluralsightcom
On-Demand Training
meandrewconnellcom
- Building Apps for SharePoint 2013 Inside and Outside of the Fir
- Slide 2
- Agenda
- SharePoint 2013 Deployment Options
- Overview of the SharePoint App Model
- App Installation Scopes
- SharePoint App Architecture
- Creating SharePoint Hosted amp Cloud-Hosted Apps
- App Web
- Inspecting the AppWeb
- App Shapes
- App Shapes ndash What It Really Is
- Inspecting App Shapes
- Authentication in SharePoint 2013
- User vs App Authentication Flow
- SharePoint 2013 Authentication Flow
- Provider-Hosted Apps amp App Identity
- OAuth 20 Primer
- Windows Azure ACS
- What is a Server-to-Server (S2S) Trust
- Developing Apps that use S2S Trusts
- OAuth amp S2S Trusts
- What You Might Not Be Aware Of 1
- Creating Apps with Identities amp Permissions
- What You Might Not Be Aware Of 2
- The Sandbox Isnrsquot Dead
- App Model Parting Thoughts
- CSOM in SharePoint 2010
- Changes in SharePoint 2013
- What is covered in the new CSOM
- SharePoint 2013 Remote API Architecture
- What About ListDatasvc
- Changes to CSOM in SharePoint 2013
- CSOM using Managed Code
- CSOM using JavaScript
- Programming CSOM with C
- REST URLs in SharePoint 2013
- Mapping Objects to Resources
- Testing REST Calls Through the Browser
- Executing REST Queries Through The Browser
- Returning ATOM XML vs JSON
- REST Query from Managed Code
- REST Query Using JavaScript amp jQuery
- Updates and the Form Digest
- Creating Lists with Managed Code amp REST
- Creating Lists with JavaScript and REST
- Querying and Updating Content Using REST
- Questions Want to Learn More
-
wwwAndrewConnellcom
AndrewConnell
Returning ATOM XML vs JSON
Control data format response withACCEPT header
ATOM-PUB (XML) Verbose
Easier to read
ACCEPT = applicationatom+xml
JSON Condensed notation
Smaller payload
ACCEPT = applicationjsonodata=verbose
d __metadata idF05C411B-943E-42A0-A5DF-205F5C75E673 urihttpintranetwingtipcom_apiWebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2) etag0 typeSPList Id0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2 TitleDocuments
ltentry xmlbase=httpintranetwingtipcom_api xmlns=httpwwww3org2005Atom xmlnsd=httpschemasmicrosoftcomado200708dataservices xmlnsm=httpschemasmicrosoftcomado200708dataservicesmetadata metag=ampquot0ampquotgt ltidgthttpintranetwingtipcom_apiWebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2)ltidgt ltcategory term=SPList scheme=httpschemasmicrosoftcomado200708dataservicesscheme gt ltlink rel=edit href=WebLists(guid0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2) gt lttitle gt ltupdatedgt2012-10-05T205347Zltupdatedgt ltauthorgt ltname gt ltauthorgt ltcontent type=applicationxmlgt ltmpropertiesgt ltdTitlegtDocumentsltdTitlegt ltmpropertiesgt ltcontentgtltentrygt
wwwAndrewConnellcom
AndrewConnell
REST Query from Managed Code
Tips for making REST calls from managed codeUse HttpWebRequest amp HttpWebResponseQuery XML using XDocumentDescendantsOr use JSON amp JavascriptSeralizer JSONNET
build requestUri uri = new Uri(siteUrl + _apiweblistsgetByTitle(Documents)ampselect=Title)HttpWebRequest request = WebRequestCreate(uri) as HttpWebRequestrequestCredentials = CredentialCacheDefaultCredentialsrequestAccept = applicationatom+xml send requestHttpWebResponse response = requestGetResponse() as HttpWebResponse use LINQ to XML to get dataXDocument doc = XDocumentLoad(responseGetResponseStream())XNamespace nsDataService = httpschemasmicrosoftcomado200708dataservicesstring title = docDescendants(nsDataService + Title)First()Value
wwwAndrewConnellcom
AndrewConnell
REST Query Using JavaScript amp jQuery
$(onPageLoad) function onPageLoad() $(cmdGetSiteInfo)click(onGetSiteInfo) function onGetSiteInfo() var requestUri = _spPageContextInfowebAbsoluteUrl + _apiWeb$select=Title execute AJAX request jqxhr = $getJSON(requestUri null OnDataReturned) jqxhrerror(onError) function OnDataReturned(data) var odataResults = datad var siteTitle= odataResultsTitle $(results)html(Title + siteTitle) function onError(err) $(results)text(ERROR + JSONstringify(err))
d __metadata idF05C411B-943E-42A0-A5DF-205F5C75E673 urihttpintranetwingtipcom_apiWeb typeSPWeb Id0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2 TitleMy Site Title
wwwAndrewConnellcom
AndrewConnell
Updates and the Form Digest
Updates using REST require Form DigestSpecial value created using cryptographyUsed to protect against replay attackSharePoint pages include control that contains the Form
DigestWeb service clients must acquire Form
Digest separatelyForm Digest can be acquired through
httpsite_vti_binsitesasmx
wwwAndrewConnellcom
AndrewConnell
Creating Lists with Managed Code amp REST
Parse together URL to point to lists collectionAdd X-RequestDigest header with form
digest valueSet HTTP method to POSTCreate body content with new list info
wwwAndrewConnellcom
AndrewConnell
Creating Lists with JavaScript and REST
function onCreateList() var newList = __metadata typeSPList BaseTemplate105 TemplateFeatureId4AE88D99-DBBC-4B9E-95CC-CA3C320A2345 TitleNewListName var requestHeaders = ACCEPTapplicationjson X-RequestDigest$(__REQUESTDIGEST)val() $ajax( url _spPageContextInfowebAbsoluteUrl + _apiweblists type POST contentType applicationjson data JSONstringify(newList) headers requestHeaders success onSuccess error onError )
Create appropriate JavaScript object and convert to JSON format for request body
Get form digest value from control on page
Create request headers for HTTP Request
Send request to Web server using jQuery $ajax function
Convert request body data to string-based JSON object
wwwAndrewConnellcom
AndrewConnell
Querying and Updating Content Using REST
wwwAndrewConnellcom
AndrewConnell
Questions Want to Learn More
SharePoint Courses for Everyone SharePoint 2007 2010 amp 2013 Developers Administrators amp End Users
Get Training How You Like it Hands-On (classroom with hands-on
labs) Online (live webcast with take-away labs)
Private Classes Available for Large Groups
SharePoint Courses for Everyone SharePoint 2007 2010 amp 2013 Developers Administrators amp End Users
Individual Small Business amp Enterprise Plans Monthly or Annual Subscriptions Watch Online amp Offline
Subscribers Have Access to Entire Catalog
wwwCriticalPathTrainingcom
Hands-On amp Virtual Training
wwwPluralsightcom
On-Demand Training
meandrewconnellcom
- Building Apps for SharePoint 2013 Inside and Outside of the Fir
- Slide 2
- Agenda
- SharePoint 2013 Deployment Options
- Overview of the SharePoint App Model
- App Installation Scopes
- SharePoint App Architecture
- Creating SharePoint Hosted amp Cloud-Hosted Apps
- App Web
- Inspecting the AppWeb
- App Shapes
- App Shapes ndash What It Really Is
- Inspecting App Shapes
- Authentication in SharePoint 2013
- User vs App Authentication Flow
- SharePoint 2013 Authentication Flow
- Provider-Hosted Apps amp App Identity
- OAuth 20 Primer
- Windows Azure ACS
- What is a Server-to-Server (S2S) Trust
- Developing Apps that use S2S Trusts
- OAuth amp S2S Trusts
- What You Might Not Be Aware Of 1
- Creating Apps with Identities amp Permissions
- What You Might Not Be Aware Of 2
- The Sandbox Isnrsquot Dead
- App Model Parting Thoughts
- CSOM in SharePoint 2010
- Changes in SharePoint 2013
- What is covered in the new CSOM
- SharePoint 2013 Remote API Architecture
- What About ListDatasvc
- Changes to CSOM in SharePoint 2013
- CSOM using Managed Code
- CSOM using JavaScript
- Programming CSOM with C
- REST URLs in SharePoint 2013
- Mapping Objects to Resources
- Testing REST Calls Through the Browser
- Executing REST Queries Through The Browser
- Returning ATOM XML vs JSON
- REST Query from Managed Code
- REST Query Using JavaScript amp jQuery
- Updates and the Form Digest
- Creating Lists with Managed Code amp REST
- Creating Lists with JavaScript and REST
- Querying and Updating Content Using REST
- Questions Want to Learn More
-
wwwAndrewConnellcom
AndrewConnell
REST Query from Managed Code
Tips for making REST calls from managed codeUse HttpWebRequest amp HttpWebResponseQuery XML using XDocumentDescendantsOr use JSON amp JavascriptSeralizer JSONNET
build requestUri uri = new Uri(siteUrl + _apiweblistsgetByTitle(Documents)ampselect=Title)HttpWebRequest request = WebRequestCreate(uri) as HttpWebRequestrequestCredentials = CredentialCacheDefaultCredentialsrequestAccept = applicationatom+xml send requestHttpWebResponse response = requestGetResponse() as HttpWebResponse use LINQ to XML to get dataXDocument doc = XDocumentLoad(responseGetResponseStream())XNamespace nsDataService = httpschemasmicrosoftcomado200708dataservicesstring title = docDescendants(nsDataService + Title)First()Value
wwwAndrewConnellcom
AndrewConnell
REST Query Using JavaScript amp jQuery
$(onPageLoad) function onPageLoad() $(cmdGetSiteInfo)click(onGetSiteInfo) function onGetSiteInfo() var requestUri = _spPageContextInfowebAbsoluteUrl + _apiWeb$select=Title execute AJAX request jqxhr = $getJSON(requestUri null OnDataReturned) jqxhrerror(onError) function OnDataReturned(data) var odataResults = datad var siteTitle= odataResultsTitle $(results)html(Title + siteTitle) function onError(err) $(results)text(ERROR + JSONstringify(err))
d __metadata idF05C411B-943E-42A0-A5DF-205F5C75E673 urihttpintranetwingtipcom_apiWeb typeSPWeb Id0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2 TitleMy Site Title
wwwAndrewConnellcom
AndrewConnell
Updates and the Form Digest
Updates using REST require Form DigestSpecial value created using cryptographyUsed to protect against replay attackSharePoint pages include control that contains the Form
DigestWeb service clients must acquire Form
Digest separatelyForm Digest can be acquired through
httpsite_vti_binsitesasmx
wwwAndrewConnellcom
AndrewConnell
Creating Lists with Managed Code amp REST
Parse together URL to point to lists collectionAdd X-RequestDigest header with form
digest valueSet HTTP method to POSTCreate body content with new list info
wwwAndrewConnellcom
AndrewConnell
Creating Lists with JavaScript and REST
function onCreateList() var newList = __metadata typeSPList BaseTemplate105 TemplateFeatureId4AE88D99-DBBC-4B9E-95CC-CA3C320A2345 TitleNewListName var requestHeaders = ACCEPTapplicationjson X-RequestDigest$(__REQUESTDIGEST)val() $ajax( url _spPageContextInfowebAbsoluteUrl + _apiweblists type POST contentType applicationjson data JSONstringify(newList) headers requestHeaders success onSuccess error onError )
Create appropriate JavaScript object and convert to JSON format for request body
Get form digest value from control on page
Create request headers for HTTP Request
Send request to Web server using jQuery $ajax function
Convert request body data to string-based JSON object
wwwAndrewConnellcom
AndrewConnell
Querying and Updating Content Using REST
wwwAndrewConnellcom
AndrewConnell
Questions Want to Learn More
SharePoint Courses for Everyone SharePoint 2007 2010 amp 2013 Developers Administrators amp End Users
Get Training How You Like it Hands-On (classroom with hands-on
labs) Online (live webcast with take-away labs)
Private Classes Available for Large Groups
SharePoint Courses for Everyone SharePoint 2007 2010 amp 2013 Developers Administrators amp End Users
Individual Small Business amp Enterprise Plans Monthly or Annual Subscriptions Watch Online amp Offline
Subscribers Have Access to Entire Catalog
wwwCriticalPathTrainingcom
Hands-On amp Virtual Training
wwwPluralsightcom
On-Demand Training
meandrewconnellcom
- Building Apps for SharePoint 2013 Inside and Outside of the Fir
- Slide 2
- Agenda
- SharePoint 2013 Deployment Options
- Overview of the SharePoint App Model
- App Installation Scopes
- SharePoint App Architecture
- Creating SharePoint Hosted amp Cloud-Hosted Apps
- App Web
- Inspecting the AppWeb
- App Shapes
- App Shapes ndash What It Really Is
- Inspecting App Shapes
- Authentication in SharePoint 2013
- User vs App Authentication Flow
- SharePoint 2013 Authentication Flow
- Provider-Hosted Apps amp App Identity
- OAuth 20 Primer
- Windows Azure ACS
- What is a Server-to-Server (S2S) Trust
- Developing Apps that use S2S Trusts
- OAuth amp S2S Trusts
- What You Might Not Be Aware Of 1
- Creating Apps with Identities amp Permissions
- What You Might Not Be Aware Of 2
- The Sandbox Isnrsquot Dead
- App Model Parting Thoughts
- CSOM in SharePoint 2010
- Changes in SharePoint 2013
- What is covered in the new CSOM
- SharePoint 2013 Remote API Architecture
- What About ListDatasvc
- Changes to CSOM in SharePoint 2013
- CSOM using Managed Code
- CSOM using JavaScript
- Programming CSOM with C
- REST URLs in SharePoint 2013
- Mapping Objects to Resources
- Testing REST Calls Through the Browser
- Executing REST Queries Through The Browser
- Returning ATOM XML vs JSON
- REST Query from Managed Code
- REST Query Using JavaScript amp jQuery
- Updates and the Form Digest
- Creating Lists with Managed Code amp REST
- Creating Lists with JavaScript and REST
- Querying and Updating Content Using REST
- Questions Want to Learn More
-
wwwAndrewConnellcom
AndrewConnell
REST Query Using JavaScript amp jQuery
$(onPageLoad) function onPageLoad() $(cmdGetSiteInfo)click(onGetSiteInfo) function onGetSiteInfo() var requestUri = _spPageContextInfowebAbsoluteUrl + _apiWeb$select=Title execute AJAX request jqxhr = $getJSON(requestUri null OnDataReturned) jqxhrerror(onError) function OnDataReturned(data) var odataResults = datad var siteTitle= odataResultsTitle $(results)html(Title + siteTitle) function onError(err) $(results)text(ERROR + JSONstringify(err))
d __metadata idF05C411B-943E-42A0-A5DF-205F5C75E673 urihttpintranetwingtipcom_apiWeb typeSPWeb Id0c165f0c-fc82-44e6-ae8c-3d0405d2cbb2 TitleMy Site Title
wwwAndrewConnellcom
AndrewConnell
Updates and the Form Digest
Updates using REST require Form DigestSpecial value created using cryptographyUsed to protect against replay attackSharePoint pages include control that contains the Form
DigestWeb service clients must acquire Form
Digest separatelyForm Digest can be acquired through
httpsite_vti_binsitesasmx
wwwAndrewConnellcom
AndrewConnell
Creating Lists with Managed Code amp REST
Parse together URL to point to lists collectionAdd X-RequestDigest header with form
digest valueSet HTTP method to POSTCreate body content with new list info
wwwAndrewConnellcom
AndrewConnell
Creating Lists with JavaScript and REST
function onCreateList() var newList = __metadata typeSPList BaseTemplate105 TemplateFeatureId4AE88D99-DBBC-4B9E-95CC-CA3C320A2345 TitleNewListName var requestHeaders = ACCEPTapplicationjson X-RequestDigest$(__REQUESTDIGEST)val() $ajax( url _spPageContextInfowebAbsoluteUrl + _apiweblists type POST contentType applicationjson data JSONstringify(newList) headers requestHeaders success onSuccess error onError )
Create appropriate JavaScript object and convert to JSON format for request body
Get form digest value from control on page
Create request headers for HTTP Request
Send request to Web server using jQuery $ajax function
Convert request body data to string-based JSON object
wwwAndrewConnellcom
AndrewConnell
Querying and Updating Content Using REST
wwwAndrewConnellcom
AndrewConnell
Questions Want to Learn More
SharePoint Courses for Everyone SharePoint 2007 2010 amp 2013 Developers Administrators amp End Users
Get Training How You Like it Hands-On (classroom with hands-on
labs) Online (live webcast with take-away labs)
Private Classes Available for Large Groups
SharePoint Courses for Everyone SharePoint 2007 2010 amp 2013 Developers Administrators amp End Users
Individual Small Business amp Enterprise Plans Monthly or Annual Subscriptions Watch Online amp Offline
Subscribers Have Access to Entire Catalog
wwwCriticalPathTrainingcom
Hands-On amp Virtual Training
wwwPluralsightcom
On-Demand Training
meandrewconnellcom
- Building Apps for SharePoint 2013 Inside and Outside of the Fir
- Slide 2
- Agenda
- SharePoint 2013 Deployment Options
- Overview of the SharePoint App Model
- App Installation Scopes
- SharePoint App Architecture
- Creating SharePoint Hosted amp Cloud-Hosted Apps
- App Web
- Inspecting the AppWeb
- App Shapes
- App Shapes ndash What It Really Is
- Inspecting App Shapes
- Authentication in SharePoint 2013
- User vs App Authentication Flow
- SharePoint 2013 Authentication Flow
- Provider-Hosted Apps amp App Identity
- OAuth 20 Primer
- Windows Azure ACS
- What is a Server-to-Server (S2S) Trust
- Developing Apps that use S2S Trusts
- OAuth amp S2S Trusts
- What You Might Not Be Aware Of 1
- Creating Apps with Identities amp Permissions
- What You Might Not Be Aware Of 2
- The Sandbox Isnrsquot Dead
- App Model Parting Thoughts
- CSOM in SharePoint 2010
- Changes in SharePoint 2013
- What is covered in the new CSOM
- SharePoint 2013 Remote API Architecture
- What About ListDatasvc
- Changes to CSOM in SharePoint 2013
- CSOM using Managed Code
- CSOM using JavaScript
- Programming CSOM with C
- REST URLs in SharePoint 2013
- Mapping Objects to Resources
- Testing REST Calls Through the Browser
- Executing REST Queries Through The Browser
- Returning ATOM XML vs JSON
- REST Query from Managed Code
- REST Query Using JavaScript amp jQuery
- Updates and the Form Digest
- Creating Lists with Managed Code amp REST
- Creating Lists with JavaScript and REST
- Querying and Updating Content Using REST
- Questions Want to Learn More
-
wwwAndrewConnellcom
AndrewConnell
Updates and the Form Digest
Updates using REST require Form DigestSpecial value created using cryptographyUsed to protect against replay attackSharePoint pages include control that contains the Form
DigestWeb service clients must acquire Form
Digest separatelyForm Digest can be acquired through
httpsite_vti_binsitesasmx
wwwAndrewConnellcom
AndrewConnell
Creating Lists with Managed Code amp REST
Parse together URL to point to lists collectionAdd X-RequestDigest header with form
digest valueSet HTTP method to POSTCreate body content with new list info
wwwAndrewConnellcom
AndrewConnell
Creating Lists with JavaScript and REST
function onCreateList() var newList = __metadata typeSPList BaseTemplate105 TemplateFeatureId4AE88D99-DBBC-4B9E-95CC-CA3C320A2345 TitleNewListName var requestHeaders = ACCEPTapplicationjson X-RequestDigest$(__REQUESTDIGEST)val() $ajax( url _spPageContextInfowebAbsoluteUrl + _apiweblists type POST contentType applicationjson data JSONstringify(newList) headers requestHeaders success onSuccess error onError )
Create appropriate JavaScript object and convert to JSON format for request body
Get form digest value from control on page
Create request headers for HTTP Request
Send request to Web server using jQuery $ajax function
Convert request body data to string-based JSON object
wwwAndrewConnellcom
AndrewConnell
Querying and Updating Content Using REST
wwwAndrewConnellcom
AndrewConnell
Questions Want to Learn More
SharePoint Courses for Everyone SharePoint 2007 2010 amp 2013 Developers Administrators amp End Users
Get Training How You Like it Hands-On (classroom with hands-on
labs) Online (live webcast with take-away labs)
Private Classes Available for Large Groups
SharePoint Courses for Everyone SharePoint 2007 2010 amp 2013 Developers Administrators amp End Users
Individual Small Business amp Enterprise Plans Monthly or Annual Subscriptions Watch Online amp Offline
Subscribers Have Access to Entire Catalog
wwwCriticalPathTrainingcom
Hands-On amp Virtual Training
wwwPluralsightcom
On-Demand Training
meandrewconnellcom
- Building Apps for SharePoint 2013 Inside and Outside of the Fir
- Slide 2
- Agenda
- SharePoint 2013 Deployment Options
- Overview of the SharePoint App Model
- App Installation Scopes
- SharePoint App Architecture
- Creating SharePoint Hosted amp Cloud-Hosted Apps
- App Web
- Inspecting the AppWeb
- App Shapes
- App Shapes ndash What It Really Is
- Inspecting App Shapes
- Authentication in SharePoint 2013
- User vs App Authentication Flow
- SharePoint 2013 Authentication Flow
- Provider-Hosted Apps amp App Identity
- OAuth 20 Primer
- Windows Azure ACS
- What is a Server-to-Server (S2S) Trust
- Developing Apps that use S2S Trusts
- OAuth amp S2S Trusts
- What You Might Not Be Aware Of 1
- Creating Apps with Identities amp Permissions
- What You Might Not Be Aware Of 2
- The Sandbox Isnrsquot Dead
- App Model Parting Thoughts
- CSOM in SharePoint 2010
- Changes in SharePoint 2013
- What is covered in the new CSOM
- SharePoint 2013 Remote API Architecture
- What About ListDatasvc
- Changes to CSOM in SharePoint 2013
- CSOM using Managed Code
- CSOM using JavaScript
- Programming CSOM with C
- REST URLs in SharePoint 2013
- Mapping Objects to Resources
- Testing REST Calls Through the Browser
- Executing REST Queries Through The Browser
- Returning ATOM XML vs JSON
- REST Query from Managed Code
- REST Query Using JavaScript amp jQuery
- Updates and the Form Digest
- Creating Lists with Managed Code amp REST
- Creating Lists with JavaScript and REST
- Querying and Updating Content Using REST
- Questions Want to Learn More
-
wwwAndrewConnellcom
AndrewConnell
Creating Lists with Managed Code amp REST
Parse together URL to point to lists collectionAdd X-RequestDigest header with form
digest valueSet HTTP method to POSTCreate body content with new list info
wwwAndrewConnellcom
AndrewConnell
Creating Lists with JavaScript and REST
function onCreateList() var newList = __metadata typeSPList BaseTemplate105 TemplateFeatureId4AE88D99-DBBC-4B9E-95CC-CA3C320A2345 TitleNewListName var requestHeaders = ACCEPTapplicationjson X-RequestDigest$(__REQUESTDIGEST)val() $ajax( url _spPageContextInfowebAbsoluteUrl + _apiweblists type POST contentType applicationjson data JSONstringify(newList) headers requestHeaders success onSuccess error onError )
Create appropriate JavaScript object and convert to JSON format for request body
Get form digest value from control on page
Create request headers for HTTP Request
Send request to Web server using jQuery $ajax function
Convert request body data to string-based JSON object
wwwAndrewConnellcom
AndrewConnell
Querying and Updating Content Using REST
wwwAndrewConnellcom
AndrewConnell
Questions Want to Learn More
SharePoint Courses for Everyone SharePoint 2007 2010 amp 2013 Developers Administrators amp End Users
Get Training How You Like it Hands-On (classroom with hands-on
labs) Online (live webcast with take-away labs)
Private Classes Available for Large Groups
SharePoint Courses for Everyone SharePoint 2007 2010 amp 2013 Developers Administrators amp End Users
Individual Small Business amp Enterprise Plans Monthly or Annual Subscriptions Watch Online amp Offline
Subscribers Have Access to Entire Catalog
wwwCriticalPathTrainingcom
Hands-On amp Virtual Training
wwwPluralsightcom
On-Demand Training
meandrewconnellcom
- Building Apps for SharePoint 2013 Inside and Outside of the Fir
- Slide 2
- Agenda
- SharePoint 2013 Deployment Options
- Overview of the SharePoint App Model
- App Installation Scopes
- SharePoint App Architecture
- Creating SharePoint Hosted amp Cloud-Hosted Apps
- App Web
- Inspecting the AppWeb
- App Shapes
- App Shapes ndash What It Really Is
- Inspecting App Shapes
- Authentication in SharePoint 2013
- User vs App Authentication Flow
- SharePoint 2013 Authentication Flow
- Provider-Hosted Apps amp App Identity
- OAuth 20 Primer
- Windows Azure ACS
- What is a Server-to-Server (S2S) Trust
- Developing Apps that use S2S Trusts
- OAuth amp S2S Trusts
- What You Might Not Be Aware Of 1
- Creating Apps with Identities amp Permissions
- What You Might Not Be Aware Of 2
- The Sandbox Isnrsquot Dead
- App Model Parting Thoughts
- CSOM in SharePoint 2010
- Changes in SharePoint 2013
- What is covered in the new CSOM
- SharePoint 2013 Remote API Architecture
- What About ListDatasvc
- Changes to CSOM in SharePoint 2013
- CSOM using Managed Code
- CSOM using JavaScript
- Programming CSOM with C
- REST URLs in SharePoint 2013
- Mapping Objects to Resources
- Testing REST Calls Through the Browser
- Executing REST Queries Through The Browser
- Returning ATOM XML vs JSON
- REST Query from Managed Code
- REST Query Using JavaScript amp jQuery
- Updates and the Form Digest
- Creating Lists with Managed Code amp REST
- Creating Lists with JavaScript and REST
- Querying and Updating Content Using REST
- Questions Want to Learn More
-
wwwAndrewConnellcom
AndrewConnell
Creating Lists with JavaScript and REST
function onCreateList() var newList = __metadata typeSPList BaseTemplate105 TemplateFeatureId4AE88D99-DBBC-4B9E-95CC-CA3C320A2345 TitleNewListName var requestHeaders = ACCEPTapplicationjson X-RequestDigest$(__REQUESTDIGEST)val() $ajax( url _spPageContextInfowebAbsoluteUrl + _apiweblists type POST contentType applicationjson data JSONstringify(newList) headers requestHeaders success onSuccess error onError )
Create appropriate JavaScript object and convert to JSON format for request body
Get form digest value from control on page
Create request headers for HTTP Request
Send request to Web server using jQuery $ajax function
Convert request body data to string-based JSON object
wwwAndrewConnellcom
AndrewConnell
Querying and Updating Content Using REST
wwwAndrewConnellcom
AndrewConnell
Questions Want to Learn More
SharePoint Courses for Everyone SharePoint 2007 2010 amp 2013 Developers Administrators amp End Users
Get Training How You Like it Hands-On (classroom with hands-on
labs) Online (live webcast with take-away labs)
Private Classes Available for Large Groups
SharePoint Courses for Everyone SharePoint 2007 2010 amp 2013 Developers Administrators amp End Users
Individual Small Business amp Enterprise Plans Monthly or Annual Subscriptions Watch Online amp Offline
Subscribers Have Access to Entire Catalog
wwwCriticalPathTrainingcom
Hands-On amp Virtual Training
wwwPluralsightcom
On-Demand Training
meandrewconnellcom
- Building Apps for SharePoint 2013 Inside and Outside of the Fir
- Slide 2
- Agenda
- SharePoint 2013 Deployment Options
- Overview of the SharePoint App Model
- App Installation Scopes
- SharePoint App Architecture
- Creating SharePoint Hosted amp Cloud-Hosted Apps
- App Web
- Inspecting the AppWeb
- App Shapes
- App Shapes ndash What It Really Is
- Inspecting App Shapes
- Authentication in SharePoint 2013
- User vs App Authentication Flow
- SharePoint 2013 Authentication Flow
- Provider-Hosted Apps amp App Identity
- OAuth 20 Primer
- Windows Azure ACS
- What is a Server-to-Server (S2S) Trust
- Developing Apps that use S2S Trusts
- OAuth amp S2S Trusts
- What You Might Not Be Aware Of 1
- Creating Apps with Identities amp Permissions
- What You Might Not Be Aware Of 2
- The Sandbox Isnrsquot Dead
- App Model Parting Thoughts
- CSOM in SharePoint 2010
- Changes in SharePoint 2013
- What is covered in the new CSOM
- SharePoint 2013 Remote API Architecture
- What About ListDatasvc
- Changes to CSOM in SharePoint 2013
- CSOM using Managed Code
- CSOM using JavaScript
- Programming CSOM with C
- REST URLs in SharePoint 2013
- Mapping Objects to Resources
- Testing REST Calls Through the Browser
- Executing REST Queries Through The Browser
- Returning ATOM XML vs JSON
- REST Query from Managed Code
- REST Query Using JavaScript amp jQuery
- Updates and the Form Digest
- Creating Lists with Managed Code amp REST
- Creating Lists with JavaScript and REST
- Querying and Updating Content Using REST
- Questions Want to Learn More
-
wwwAndrewConnellcom
AndrewConnell
Querying and Updating Content Using REST
wwwAndrewConnellcom
AndrewConnell
Questions Want to Learn More
SharePoint Courses for Everyone SharePoint 2007 2010 amp 2013 Developers Administrators amp End Users
Get Training How You Like it Hands-On (classroom with hands-on
labs) Online (live webcast with take-away labs)
Private Classes Available for Large Groups
SharePoint Courses for Everyone SharePoint 2007 2010 amp 2013 Developers Administrators amp End Users
Individual Small Business amp Enterprise Plans Monthly or Annual Subscriptions Watch Online amp Offline
Subscribers Have Access to Entire Catalog
wwwCriticalPathTrainingcom
Hands-On amp Virtual Training
wwwPluralsightcom
On-Demand Training
meandrewconnellcom
- Building Apps for SharePoint 2013 Inside and Outside of the Fir
- Slide 2
- Agenda
- SharePoint 2013 Deployment Options
- Overview of the SharePoint App Model
- App Installation Scopes
- SharePoint App Architecture
- Creating SharePoint Hosted amp Cloud-Hosted Apps
- App Web
- Inspecting the AppWeb
- App Shapes
- App Shapes ndash What It Really Is
- Inspecting App Shapes
- Authentication in SharePoint 2013
- User vs App Authentication Flow
- SharePoint 2013 Authentication Flow
- Provider-Hosted Apps amp App Identity
- OAuth 20 Primer
- Windows Azure ACS
- What is a Server-to-Server (S2S) Trust
- Developing Apps that use S2S Trusts
- OAuth amp S2S Trusts
- What You Might Not Be Aware Of 1
- Creating Apps with Identities amp Permissions
- What You Might Not Be Aware Of 2
- The Sandbox Isnrsquot Dead
- App Model Parting Thoughts
- CSOM in SharePoint 2010
- Changes in SharePoint 2013
- What is covered in the new CSOM
- SharePoint 2013 Remote API Architecture
- What About ListDatasvc
- Changes to CSOM in SharePoint 2013
- CSOM using Managed Code
- CSOM using JavaScript
- Programming CSOM with C
- REST URLs in SharePoint 2013
- Mapping Objects to Resources
- Testing REST Calls Through the Browser
- Executing REST Queries Through The Browser
- Returning ATOM XML vs JSON
- REST Query from Managed Code
- REST Query Using JavaScript amp jQuery
- Updates and the Form Digest
- Creating Lists with Managed Code amp REST
- Creating Lists with JavaScript and REST
- Querying and Updating Content Using REST
- Questions Want to Learn More
-
wwwAndrewConnellcom
AndrewConnell
Questions Want to Learn More
SharePoint Courses for Everyone SharePoint 2007 2010 amp 2013 Developers Administrators amp End Users
Get Training How You Like it Hands-On (classroom with hands-on
labs) Online (live webcast with take-away labs)
Private Classes Available for Large Groups
SharePoint Courses for Everyone SharePoint 2007 2010 amp 2013 Developers Administrators amp End Users
Individual Small Business amp Enterprise Plans Monthly or Annual Subscriptions Watch Online amp Offline
Subscribers Have Access to Entire Catalog
wwwCriticalPathTrainingcom
Hands-On amp Virtual Training
wwwPluralsightcom
On-Demand Training
meandrewconnellcom
- Building Apps for SharePoint 2013 Inside and Outside of the Fir
- Slide 2
- Agenda
- SharePoint 2013 Deployment Options
- Overview of the SharePoint App Model
- App Installation Scopes
- SharePoint App Architecture
- Creating SharePoint Hosted amp Cloud-Hosted Apps
- App Web
- Inspecting the AppWeb
- App Shapes
- App Shapes ndash What It Really Is
- Inspecting App Shapes
- Authentication in SharePoint 2013
- User vs App Authentication Flow
- SharePoint 2013 Authentication Flow
- Provider-Hosted Apps amp App Identity
- OAuth 20 Primer
- Windows Azure ACS
- What is a Server-to-Server (S2S) Trust
- Developing Apps that use S2S Trusts
- OAuth amp S2S Trusts
- What You Might Not Be Aware Of 1
- Creating Apps with Identities amp Permissions
- What You Might Not Be Aware Of 2
- The Sandbox Isnrsquot Dead
- App Model Parting Thoughts
- CSOM in SharePoint 2010
- Changes in SharePoint 2013
- What is covered in the new CSOM
- SharePoint 2013 Remote API Architecture
- What About ListDatasvc
- Changes to CSOM in SharePoint 2013
- CSOM using Managed Code
- CSOM using JavaScript
- Programming CSOM with C
- REST URLs in SharePoint 2013
- Mapping Objects to Resources
- Testing REST Calls Through the Browser
- Executing REST Queries Through The Browser
- Returning ATOM XML vs JSON
- REST Query from Managed Code
- REST Query Using JavaScript amp jQuery
- Updates and the Form Digest
- Creating Lists with Managed Code amp REST
- Creating Lists with JavaScript and REST
- Querying and Updating Content Using REST
- Questions Want to Learn More
-