sharepoint 2013 apps and the app model

PHILADELPHIA CODE CAMP 2013.2

SHAREPOINT 2013 APPS

Use Power Query To Draft A Fantasy Football Team

http://blogs.msdn.com/b/powerbi/archive/2013/10/24/use-power-query-to-draft-a-fantasy-football-team.aspx

BUSINESS HEARTS MICROSOFT

AGENDAClouds

Apps and Clouds

Security – for apps, clouds

Apps are People too (with wallets)

Apps Old > New

Lots O Demos

WHAT IS SHAREPOINT IN RELATION TO THE CLOUD

Page 5

IAAS VS PAAS VS SAAS

Page 6

5-3-2 CLOUD

Page 7

WHAT DOES THIS HAVE TO DO WITH APPS?

Page 8

WHAT DOES THIS HAVE TO DO WITH APPS?

Apps in the cloud

Making apps more robust by using their own resourcesMaking systems more robust by hosting apps outside of the system

Tying to the cloud, but you don’t have to

Services working together

How and why do you have to make this work?

Page 9

APPS HAVE TO LIVE SOMEWHERE

Why Not the Cloud?

TYPES OF HOSTING OPTIONS

Page 11

TYPES OF HOSTING

Page 12

DEVELOPING / HOSTING SECURITY AND AUTH Auto-hosted

Auto hosted apps run as a web role in Windows Azure and use the Windows Azure Access Control Service (ACS) to obtain the access token.

Provider-hosted Provider-hosted apps run on their own servers on the Internet or your intranet, are registered with Windows Azure, and use ACS to obtain the access token*.

SharePoint-hosted SharePoint hosted apps run in an appweb, can have client side code but not server side code. Developer must use certificates or create their own trust

Page 13

HIGH TRUST VS LOW TRUST

High-trust apps High-trust apps run on stand-alone servers on your intranet and use a signing certificate to digitally sign the access tokens that the app generates. Typically server to server.

Low-Trust apps Low trust apps can run anywhere and run on an Oauth code flow to delegate limited rights to apps to act as users. SharePoint and client application must trust and communicate with an authentication provider such as azure active directory.

Page 14

SP 2013 AUTHClaims, Claims, Claims• Classic is no more, or on its way out• Distributed Cache

Server to Server• Exchange, Lync• BYOI

App Authentication (App Model / App Catalog / CSOM)• Create apps that use Oauth or other identity provider• App Permission Policies (User/App, App Only, User Only)

Page 15

LOW TRUST APPS IN SHAREPOINT 2013

Page 16

BCS HYBRID AND OAUTH – THE DANCE (EXAMPLE)

Page 17

PSYCHOLOGY AND THE SHAREPOINT 2013 APP MODEL

APPS ARE PEOPLE TOO

Apps have permission like users

App principle is like a user identify – a security principle

Apps are granted perms Differ than users All or nothing / No hierarchy

Apps have default perms App can run app web App can include permissions Install grants / denies permission

Page 19

IDENTITY

Page 20

ACCESS TOKENS

• What’s a token?

Access tokens are issued by the OAuth security token service (STS). An example of OAuth STS is Windows Azure Access Control Service (ACS) OAuth endpoints.

Other tokens WS-Federation STS and the Security Assertion Markup Language (SAML) passive sign-in STS are

primarily intended to issue sign-in tokens Other

Page 21

OAUTH

OAuth is an open standard for authorization

OAuth is not OpenID (authentication/digital ID)

Valet Key

Access Token

Scopes

Page 22

TOKENS

•How to manage the lifetime of the parameters passed from SharePoint, such as SPHostUrl or refresh token? •How to write an app that can run under different authentication modes without a code change? •How to handle app URL bookmarking? •When to renew [an] access token?

The new SharePointContext helper is designed to solve these problems. It is built on TokenHelper, attempting to provide a simplified and unified context model for apps to communicate with SharePoint.

PLAN FOR APP AUTHENTICATION

App authentication is the validation of an external app for SharePoint's identity and the authorization of both the app and an associated user when the app requests access to a secured SharePoint resource

Verify that the requesting app is trusted.

Verify that the type of access that the app is requesting is authorized.

Necessary :

To authorize requests by an app for SharePoint to access SharePoint resources on behalf of a user.

To authenticate apps in the Office Store, an app catalog, or a developer tenant.

Page 24

SHAREPOINT 2013 APPS

Sharepoint

APPS

JS/5/CSOM

Oauth

REST

SANDBOX SOLUTIONS

“SharePoint sandboxed solutions are deprecated in SharePoint 2013 in favor of developing apps for SharePoint: link”.

SANDBOX SOLUTIONS

SANDBOX SOLUTIONS ARE NOT DEAD

EXTENSIONS AND APIS

IF YOU WANT TO DO THIS ...... USE THESE APIS

ASP.NET web application (CRUD) BCS with Firewall JavaScript client object model

ASP.NET web application (CRUD) BCS without Firewall.NET Framework client object model, Silverlight client object model, or REST/OData endpoints

LAMP CRUD BCS REST/OData endpoints

Windows Phone CRUD Mobile client object model

Windows Phone PushMobile client object model and the server object model

iOS or Android CRUD REST/OData endpoints

.NET app CRUD .NET Framework client object model

Silverlight CRUD Silverlight client object model

HTML/JavaScript CRUD JavaScript client object model

Office spp JavaScript client object model

custom Windows PowerShell Server object modelCreate a timer job REST with Azure/ Server object model

COMPARING REST/ODATA PROGRAMMING WITH CLIENT OBJECT MODEL PROGRAMMING

Feature.NET Framework or Silverlight object models

JavaScript object modelREST/OData endpoints called from a Windows platform or JavaScript

Object-oriented programming Yes Yes No

Batch processing Yes Yes NoAPIs for conditional processing and exception handling

Yes No No

Availability of LINQ syntax Yes No No

Combining list data from different SharePoint web applications

Yes No Yes

Familiarity to experienced REST/OData developers

No No Yes

Similarity to non-Windows programming or JavaScript programming

No Yes Yes

Strong typing for list item fields

No (except with LINQ) NoYes, from Windows platformNo, from JavaScript

Leveraging jQuery, Knockout, and other JavaScript libraries

No YesNo, from Windows platformYes, from JavaScript

CLIENT APPLICATIONS AND APIS IN SHAREPOINT

SPA

SP-AZ = SPAZZIES

ULTIMATE DEVELOPER FANTASY FOOTBALL APP Durandal.js - SPA

Knockout.js

Breesze.js

ESPN API

JSON

Twitter Bootsrap

MVVM

DEMO: HOW TO CREATE A SPAZ IN 10 MINUTES Autohosted

Azure

Oauth

Steve Fox, MSDN

http://blogs.msdn.com/b/steve_fox/archive/2013/02/18/building-your-first-provider-hosted-app-for-sharepoint-using-windows-azure-part-1.aspx

http://msdn.microsoft.com/en-us/library/fp179887.aspx

AZURE HOSTED

Azure

Oauth

Autohosted

CRUD REST

Auto / Provider Hosted

REST

JSON

ATOM

ODATA

SQL AZURE AND SHAREPOINT SQL Azure

Autohosted

CSOM

APP: TWITTER IN AZURE AND SHAREPOINT SharePoint Hosted

Azure Hosted

Twitter API

Oauth

VIDEO PLAYLIST

JSOM (JS and JQuery) / CSOM

HTML Video API

SharePoint Hosted

REFERENCES David Aiken & Dan Wesley SharePoint 2013 on Windows Azure Infrastructure_v1 http://www.microsoft.com/en-us/download/details.aspx?id=38428

Robert G Carter, Duke Uniersity OIT http://people.duke.edu/~rob/kerberos/authvauth.html

Yung Chou http://blogs.technet.com/b/yungchou/

Connecting a PaaS Application to an IaaS application with a Virtual Network – Yung Chou, MS Tech Evangelist

http://blogs.technet.com/b/yungchou/archive/2011/03/03/chou-s-theories-of-cloud-computing-the-5-3-2-principle.aspx

Andrew Connell http://www.pluralsight.com/training/Authors/Details/andrew-connell

SharePoint 2013 Developer Ramp Up

Creating a SharePoint Server 2013 Environment for Development and Testing

Josh Gavant http://blogs.msdn.com/b/besidethepoint/archive/2012/12/13/10376205.aspx

Frank LaVigne http://franksworld.com/blog/

Introduction to Windows Azure Access Control Services Virtual Lab

Keith Mayer http://blogs.technet.com/b/keithmayer/

Introduction to Windows Azure Virtual Machines – Keith Mayer, MS Developer Evangelist

http://blogs.technet.com/b/keithmayer/archive/2013/01/07/step-by-step-build-a-free-sharepoint-2013-lab-in-the-cloud-with-windows-azure-31-days-of-servers-in-the-cloud-part-7-of-31.aspx

Page 42

REFERENCES

MSDN, Technet, Microsoft, Wikipedia

http://www.techjailbreak.com/microsoft-has-launched-application-store-office-store/

http://blogs.msdn.com/b/uksharepoint/archive/2013/03/25/sharepoint-2013-development-apps-versus-solutions.aspx

http://download.microsoft.com/download/6/4/4/644BA525-96CB-4739-B08F-18949A9BDADC/spc-2013-bcs-hybrid-model.pdf

http://technet.microsoft.com/en-us/library/jj219806.aspx

http://msdn.microsoft.com/en-us/library/fp179887.aspx

http://msdn.microsoft.com/en-us/library/fp142384.aspx

http://msdn.microsoft.com/en-us/library/fp142382.aspx

Page 43