Download - SharePoint 2013 “Apps”

Transcript
Page 1: SharePoint 2013 “Apps”

SharePoint 2013 “Apps”

Brian FraserFraser Technical Solutions, LLC

[email protected]

Page 2: SharePoint 2013 “Apps”
Page 3: SharePoint 2013 “Apps”

Problems with Traditional SharePoint Development• Farm Solutions• Code is considered fully trusted• Code runs as current user by default• Code can call SPSecurity.RunWithElevatedPrivileges to run as System account• Misbehaving code can impact the entire farm

• Sandboxed Solutions• Limited functionality• Code runs as current user only• Cannot elevate permissions• Not as secure as people think

Page 4: SharePoint 2013 “Apps”

Design goals• Must support Office 365• Code cannot run in SharePoint process• SharePoint API accessible only through clearly defined web services• An “app” has its own distinct identity• An “app” can be granted permissions independent of users• Easier publishing and discovery via App Catalog

Page 5: SharePoint 2013 “Apps”

Tenancy• Implicitly handled for you in Office 365• Allows grouping of site collections per customer (tenant)• On premise installations typically have a single default tenancy

Page 6: SharePoint 2013 “Apps”

Pre Requisites (On premise installation)• Claims Authentication• App Management service• Subscription Settings Service• App Domain (*.contosoapps.com)• SSL with wildcard certificate• http://technet.microsoft.com/en-us/library/fp161236.aspx

Page 7: SharePoint 2013 “Apps”

App Installation• Must be deployed to an app catalog• App catalog is a special site collection. 1 per web application• Apps can be deployed at site scope or tenancy scope• App Web represents Isolated storage for an app instance• Host Web is the parent of the app web• App implicitly has full control over its app web• App must request any other permissions during installation

Page 8: SharePoint 2013 “Apps”

App Hosting Models• SharePoint Hosted• Cloud Hosted• Auto Hosted (Azure + O365 only)• Provider Hosted

Page 9: SharePoint 2013 “Apps”

SharePoint Hosted Apps• Contained entirely in app web• Client side code only. No server side code.• Typically JavaScript but can use any client side technology such as

flash, Silverlight, etc.• Does not support “app only” authentication• No need to program with access tokens for authentication. Uses

SharePoint internal authentication.

Page 10: SharePoint 2013 “Apps”

Provider Hosted App• Server side code using virtually any technology is allowed i.e. Web

Forms, MVC, LAMP, PHP, etc.• Requires separate remote web for all application code.• Remote web must exist prior to deployment in SharePoint• Application developer responsible for load balancing, multi tenancy

support, etc.• Must use external authentication (S2S or OAUTH)

Page 11: SharePoint 2013 “Apps”

Auto Hosted Apps• Supported in Office 365 only• Based on private windows azure infrastructure associated with O365

tenancy• Multi-tenancy and load balancing handled by infrastructure• Azure web sites and databases provisioned automatically during app

installation• OAuth authentication required

Page 12: SharePoint 2013 “Apps”

Getting Started – SharePoint hosted app• Office 365 Developer site • http://msdn.microsoft.com/en-us/library/office/fp179924.aspx

• “Napa” Office 365 Development Tools• Demo

• Visual Studio• Demo

Page 13: SharePoint 2013 “Apps”

What’s in a URL?• http://app-007bd0249c5cba.devapps.com/sites/dev1/

Contacts_SharePointHosted/Pages/Default.aspx?SPHostUrl=http%3A%2F%2Fsp2013dev%2Fsites%2Fdev1&SPLanguage=en%2DUS&SPClientTag=0&SPProductNumber=15%2E0%2E4481%2E1005&SPAppWebUrl=http%3A%2F%2Fapp%2D007bd0249c5cba%2Edevapps%2Ecom%2Fsites%2Fdev1%2FContacts%5FSharePointHosted• “app” is the app prefix. Based on tenancy. Configurable for on-prem only.• “007bd0249c5cba” is the APPUID• “devapps.com” is the app hosting domain• “sites/dev1” domain relative URL of host web• Query String “Standard Tokens”

Page 14: SharePoint 2013 “Apps”

Provider Hosted (S2S)• S2S “High Trust”• Requires X.509 Certificate• Remote web encrypts token request with private key• SharePoint Secure Token issuer validates request with public key and issues

authentication token• Remote web uses token in subsequent CSOM or REST calls• TokenHelper for working with tokens. Works natively with windows

authentication. Extensible for FBA and other authentication methods.• Register app principal with appregnew.aspx or register-SPAppPrincipal• “High Trust” because SharePoint trusts the remote web to authenticate user

Page 15: SharePoint 2013 “Apps”

Provider hosted demo

Page 16: SharePoint 2013 “Apps”

Provider Hosted OAUTH• Requires Azure Control Services (ACS)• Required for O365 auto hosted apps• SharePoint obtains context token from ACS and POSTS to remote web

on app launch• Client app extracts refresh token from context token and passes to

ACS to obtain OAUTH token• Client makes CSOM/REST calls to SharePoint with OAUTH token• Can be used On-Prem in place of S2S

Page 17: SharePoint 2013 “Apps”

Autohosted Demo