Access SharePoint 2013 data with Provider-hosted

appson-premise

Agenda

• Introduction to apps• SharePoint app authentication• Create our first out-of-the-box app (d)• Configure an on-premise

environment (d)• Build our app on-premise (d)

• Introduction to apps• SharePoint app authentication• Create our first out-of-the-box app (d)• Configure an on-premise environment (d)• Build our app on-premise (d)

What are apps?

• Apps are self-contained pieces of functionality that extend the capabilities of the SharePoint platform.

• Also called the “Cloud App Model”• Representation– Immersive Full Page– Part– UI Custom action

Type of AppsSharePoin

tWeb

On-premise

SharePoint

SharePoint

WebAzure

Parent Web

(Host)

App Web

Provider-Hosted AppUse your own server hosting architecture

Autohosted AppWindows Azure + SQL Azure provisioned inivisibly as apps are installed

Cloud-based AppsThe app runs in a separate hostOr as a service

SharePoint-Hosted AppCreation of isolated sub web on a parent webContains only web elementsExamples are lists, out-of-the box Web PartsNo server code allowed, only client JavaScript for logic and UX

Provider-hosted Apps

• A provider-hosted app is a SharePoint app which business logic runs in a hosted location in the cloud or on-premise.

• Consists of:– An app for SharePoint– A separate web application or service

running at a host

Advantages

– Custom business logic moves up into the cloud or down to a client machine

– No danger of installing custom SharePoint extensions

– Easier in future upgrades– Extend SharePoint Online websites as

on-premise SharePoint websites.– Easy for users at purchase and

installation

Apps or else…

• Introduction to apps

• SharePoint app authentication• Create our first out-of-the-box app (d)• Configure an on-premise environment (d)• Build our app on-premise (d)

STS (ACS)

OAuthAuthorization and authentication

Browser

Page

SharePoint Server

Contoso.com

1

2

3

4

5

6

7

8

9

10

App permissions

• The app requests permissions from the user during installation– Defined in the manifest.xml– User must grant all requests or nothing

App permissionsLevel Scope URI Rights

Site collection

http://sharepoint/content/sitecollection Read, Write, Manage and FullControlWebsite http://sharepoint/content/

sitecollection/web

List http://sharepoint/content/sitecollection/web/list

Tenancy http://sharepoint/content/tenant• The permission request for that “right” and to the “level” where the app is installed

• For other SharePoint features request scopes are available – e.g. http://sharepoint/bc/connection

• Introduction to apps• SharePoint app authentication

• Create our first out-of-the-box app (d)

• Configure an on-premise environment (d)• Build our app on-premise (d)

What you need

• Tooling– Visual Studio 2012–Microsoft Office Developer Tools for

Visual Studio 2012

• Visual Studio (F5) will create a temporarily website for the app web

Demo - Create our first out-of-the-box app

• Creation of Provider-hosted app out-of-the-box connected with SharePoint Online– Authentication works with OAuth without any

actions taken– Access token present

• Connected the app with on-premise SharePoint– No access token present– Not a trust defined with the SharePoint

environment

• Introduction to apps• SharePoint app authentication• Create our first out-of-the-box app (d)

• Configure an on-premise environment (d)

• Build our app on-premise (d)

Registering Apps

• A remote app must have an app identity when interacting with SharePoint 2013 using OAuth.

• Registering– Visual Studio 2012 (temporarily)– Through Seller dashboard– Using appregnew.aspx– Office 365 PowerShell cmdlet– Autohosting

App Identity

Client Id

Display Name

App domain

Server-to-server authentication(high trust)

• High trust app is a provider-hosted app for use on-premises

• High trust is not the same as full trust• It allows servers that support server-to-server

authentication to access and request resources from another server on behalf of an user identity.– The app is responsible for creating the user portion of

the access token

• Server-to-server security token service (STS) provides access tokens for server-to-server

• You will need to configure SSL– Or overrule with AllowOAuthOverHttp = $true

Server-to-server authentication(high trust)

• Create a trust between a server-to-server principal– New-SPTrustedSecurityTokenIssuer– Parameters;-Certificate, -RegisteredIssuerName*

• Register an app principal for on-premise– Register-SPAppPrincipal– Parameters; -Site, -NameIdentifier*

* [appId]@[authentication realm]

Demo - Configure an on-premise environment

• Configured service applications– Application Management Service Application

• App Domain• App site subscription name

– Subscription Settings Service Application– User Profile Service Application

• Disable the app principle access token check• Create certificates• Generate a client id• Create a trusted security token service • Updating the project

– Configuration of web.config– Manifest.xml– Permissions– Replace code in call for client context

• Introduction to apps• SharePoint app authentication• Create our first out-of-the-box app (d)• Configure an on-premise environment (d)

• Build our app on-premise (d)

CSOM

• CSOM = SharePoint Client Object Model

• Several forms– .NET Framework redistributable

assemblies– JavaScript library– REST/ODATA endpoints–Windows Phone assemblies– Silverlight redistributable assemblies

Access SharePoint data

• Data Access done through server-side code using CSOM

• ClientContext used– ClientContext.Web– ClientContext.Web.Lists

• Creation objects– ListCreationInformation

Demo 3

• Added Html for the controls• Defined several methods for the

application tasks– GetAllLists()– CreateList()– DeleteList()

• Changed the permission request level for Scope=Web to “FullControl”

Questions?