access share point-2013-data-with-provider-hosted-apps
TRANSCRIPT
Access SharePoint 2013 data with Provider-hosted
appson-premise
Agenda
• Introduction to apps• SharePoint app authentication• Create our first out-of-the-box app (d)• Configure an on-premise
environment (d)• Build our app on-premise (d)
• Introduction to apps• SharePoint app authentication• Create our first out-of-the-box app (d)• Configure an on-premise environment (d)• Build our app on-premise (d)
What are apps?
• Apps are self-contained pieces of functionality that extend the capabilities of the SharePoint platform.
• Also called the “Cloud App Model”• Representation– Immersive Full Page– Part– UI Custom action
Type of AppsSharePoin
tWeb
On-premise
SharePoint
SharePoint
WebAzure
Parent Web
(Host)
App Web
Provider-Hosted AppUse your own server hosting architecture
Autohosted AppWindows Azure + SQL Azure provisioned inivisibly as apps are installed
Cloud-based AppsThe app runs in a separate hostOr as a service
SharePoint-Hosted AppCreation of isolated sub web on a parent webContains only web elementsExamples are lists, out-of-the box Web PartsNo server code allowed, only client JavaScript for logic and UX
Provider-hosted Apps
• A provider-hosted app is a SharePoint app which business logic runs in a hosted location in the cloud or on-premise.
• Consists of:– An app for SharePoint– A separate web application or service
running at a host
Advantages
– Custom business logic moves up into the cloud or down to a client machine
– No danger of installing custom SharePoint extensions
– Easier in future upgrades– Extend SharePoint Online websites as
on-premise SharePoint websites.– Easy for users at purchase and
installation
Apps or else…
• Introduction to apps
• SharePoint app authentication• Create our first out-of-the-box app (d)• Configure an on-premise environment (d)• Build our app on-premise (d)
STS (ACS)
OAuthAuthorization and authentication
Browser
Page
SharePoint Server
Contoso.com
1
2
3
4
5
6
7
8
9
10
App permissions
• The app requests permissions from the user during installation– Defined in the manifest.xml– User must grant all requests or nothing
App permissionsLevel Scope URI Rights
Site collection
http://sharepoint/content/sitecollection Read, Write, Manage and FullControlWebsite http://sharepoint/content/
sitecollection/web
List http://sharepoint/content/sitecollection/web/list
Tenancy http://sharepoint/content/tenant• The permission request for that “right” and to the “level” where the app is installed
• For other SharePoint features request scopes are available – e.g. http://sharepoint/bc/connection
• Introduction to apps• SharePoint app authentication
• Create our first out-of-the-box app (d)
• Configure an on-premise environment (d)• Build our app on-premise (d)
What you need
• Tooling– Visual Studio 2012–Microsoft Office Developer Tools for
Visual Studio 2012
• Visual Studio (F5) will create a temporarily website for the app web
Demo - Create our first out-of-the-box app
• Creation of Provider-hosted app out-of-the-box connected with SharePoint Online– Authentication works with OAuth without any
actions taken– Access token present
• Connected the app with on-premise SharePoint– No access token present– Not a trust defined with the SharePoint
environment
• Introduction to apps• SharePoint app authentication• Create our first out-of-the-box app (d)
• Configure an on-premise environment (d)
• Build our app on-premise (d)
Registering Apps
• A remote app must have an app identity when interacting with SharePoint 2013 using OAuth.
• Registering– Visual Studio 2012 (temporarily)– Through Seller dashboard– Using appregnew.aspx– Office 365 PowerShell cmdlet– Autohosting
App Identity
Client Id
Display Name
App domain
Server-to-server authentication(high trust)
• High trust app is a provider-hosted app for use on-premises
• High trust is not the same as full trust• It allows servers that support server-to-server
authentication to access and request resources from another server on behalf of an user identity.– The app is responsible for creating the user portion of
the access token
• Server-to-server security token service (STS) provides access tokens for server-to-server
• You will need to configure SSL– Or overrule with AllowOAuthOverHttp = $true
Server-to-server authentication(high trust)
• Create a trust between a server-to-server principal– New-SPTrustedSecurityTokenIssuer– Parameters;-Certificate, -RegisteredIssuerName*
• Register an app principal for on-premise– Register-SPAppPrincipal– Parameters; -Site, -NameIdentifier*
* [appId]@[authentication realm]
Demo - Configure an on-premise environment
• Configured service applications– Application Management Service Application
• App Domain• App site subscription name
– Subscription Settings Service Application– User Profile Service Application
• Disable the app principle access token check• Create certificates• Generate a client id• Create a trusted security token service • Updating the project
– Configuration of web.config– Manifest.xml– Permissions– Replace code in call for client context
• Introduction to apps• SharePoint app authentication• Create our first out-of-the-box app (d)• Configure an on-premise environment (d)
• Build our app on-premise (d)
CSOM
• CSOM = SharePoint Client Object Model
• Several forms– .NET Framework redistributable
assemblies– JavaScript library– REST/ODATA endpoints–Windows Phone assemblies– Silverlight redistributable assemblies
Access SharePoint data
• Data Access done through server-side code using CSOM
• ClientContext used– ClientContext.Web– ClientContext.Web.Lists
• Creation objects– ListCreationInformation
Demo 3
• Added Html for the controls• Defined several methods for the
application tasks– GetAllLists()– CreateList()– DeleteList()
• Changed the permission request level for Scope=Web to “FullControl”
Questions?