Download - Intro apps
Intro Apps
Andy Van Steenbergen
News
RoadMap Intro about APPS Intro SharePoint hosted Apps Intro SharePoint provider hosted Apps Intro SharePoint autohosted apps
new speakers - Contact [email protected]
2 new board members
4 new sessions planned
About me
Andy Van SteenbergenSenior SharePoint consultant @ OrdinaSP Competence Center LeadLesgever @ CVO Antwerpen
@Meligo#SharingIsCaring
Blog.meligo.be
BIWUGBoard Member
MicrosoftExtendedExpertTeamMember
Voting SystemApps, what is the difference... a story > Speaker: Andy Van Steenbergen
The Consumerization of the Intranet… > Speaker: Peter van Hees
Trends impacting the way we workDevices
1 billionsmartphones, 4 years ahead of predictions
Cloud
50%of enterprise customers are “on the road” to cloud
People
For the first time in modern history, workplace demographics now span3 generations
Requirements
Devices
MobileA solution designed with a mobile first mindset.
Cloud
HybridA solution with a physical on premise component combined with a cloud service.
People
An intuitive service that doesn’t require extensive training or adoption.Easy
Voting steps
Turn the screen of you mobile phone on.
2
Face the screen towards the presenter.
3
Take your mobile phone out of your pockets.
1* The unstructured results will be posted tonight on
Twitter.
BaseLine: Are you ready?
Turn the screen of you mobile phone on.
2
Face the screen towards the Presenter.
3
Take your mobile phone out of your pockets.
1
Agenda
Intro App Shapes
Wrap-upApp models
Agenda
Intro App Shapes
Wrap-upApp models
Let’s start
Past, present, future
Developers had too much privileges (full trust)
Remember what happens when you start leaking SPWebs?
The cat’s been in the sandbox!
The sandbox was a struggle to work with and maintain
So why the need for Apps in SharePoint?
Sites
Vie
ws
Columns
Libra
riesPages
List
sWeb Parts
WorkflowsM
ast
er
Pag
es
SolutionsFe
atu
res
Conte
nt Ty
pes
Docu
ments
So why the need for Apps in SharePoint?
Sites
Vie
ws
Columns
Apps
Libra
riesPages
List
sWeb Parts
WorkflowsM
ast
er
Pag
es
SolutionsFe
atu
res
Conte
nt Ty
pes
Docu
ments
Evolution of SharePoint customizations
Full trust solutions
Prone to stabilization issuesChallenging to upgradeUnfeasible on hosted platform
Sandboxed solutions
Too strict for developersHard to maintain and scaleConfusing for site owners
(Cloud) App model
Cloud/client code onlyHost/language independentFull life cycle and reuse ‘story’
Full trust vs High Trust
Full trust = GACHigh trust = Provider hosted app (S2S)
Agenda
Intro App Shapes
Wrap-upApp models
Agenda
Intro App Shapes
Wrap-upApp models
Question: App Shapes (screen or no-screen)
Turn the screen of you mobile phone on.
2
Face the screen towards the Presenter.
3
Take your mobile phone out of your pockets.
1
Immersive page is one shape. Are the other 2: webpart and custom action?
App Shapes for SharePoint
App UI components
App UI components
Immersive full page
App UI components
App UI components
Immersive full page App part
App UI components
App UI components
Immersive full page App part UI custom actions
ServerClient
Bro
wse
r Hos
t
Common App Architecture
Web Server H
ostClient-side Logic
HTML / CSS / Javascript
Office JS SharePoint JS (CSOM)
SharePoint&
Exchange
Oth
er D
evic
es&
Clie
nts
Server-side LogicAny language
Office
Web
App
s
Win
RT
Mac
Mob
ile
Win
32
APP
3rd P
arty
Ser
vice
s
Provider-hosted
Oth
erE.
g. L
AM
P
IIS /
ASP
.Net
Win
dow
sAzu
re
CSOM REST
On-premises
IE
Chr
ome
Fire
Fox
Safa
ri
Tier 1 Tier 2
OtherECMAScript 5
Development ToolsVisual Studio 2012, Napa or any standard Web development tool
Online
SharePoint
SQL
Workflow
Autohosted
SQL
Web Sites
Clie
nt A
PIs Server
APIs
The isolated domain
http://app-bdf2016ea7dacb.contosoapps.com/sites/Biwug/Poll
Host web
http://intranet.contoso.com/sites/Biwug
App webPoll App
/Poll
App prefix (tenant)
App ID
App domain
Host web
App name
http://app-bdf2016ea7dacb.contosoapps.com/sites/Biwug/Poll
Taking the plunge
Infrastructure configuration
Determine App domain• http://app-bdf2016ea7dacb.contosoapps.com/sites/SPC/
Scheduler
Configure domain names in DNS• http://app-bdf2016ea7dacb.contosoapps.com/sites/SPC/
Scheduler• *.contosoapps.com (wildcard is preferred)
Create a new wildcard SSL certificate (access token is transmitted in plaintext)
SharePoint farm configuration
• Subscription Settings• App Management
Service applications
• App URLs (App prefix and App domain)
• App Catalog• Store Settings• App Denied endpoints
SharePoint App settings
Additional Considerations (on prem)
Apps do not support Kerberos (ntml instead)
Special requirements for SAML authentication
Apps do not support multiple zones
A routing Web application may be needed
Routing Web application
No host header
https://app-bdf2016ea7dacb.contosoapps.com/sites/Biwug/Poll
*.contosoapps.com= 192.168.1.2
https://intranet.contoso.com
https://my.contoso.com
App Management Service Application
NLB192.168.1.2
DNS Farm
The New Cloud App Model
Build a new class of apps that extend and personalize the way we create and consume information right from within Office and SharePoint
The new cloud app model
New AppsA new class of apps enabling newscenarios and new user experiences
Flexible LifecycleDeploy and maintain your apps publicallyon the new Office Store, or internally withFlexibility and control
Familiar ToolsetsEmbracing Web standards to provide developers choice and flexibility
App Hosting
App Web (from WSP)
HostwebSharePoint-Hosted
AppReuse web elements (lists, out-
of-box web parts)Client side technologies and
declarative workflows
Provider-hosted App
“Bring your own server hosting infrastructure”
SharePoint
Web
Get remote events from SharePoint Use CSOM/REST + OAuth
Cloud-hosted apps
Your Hosted
Site
Autohosted AppWindows Azure + SQL
Azure provisioned automatically as apps
are installed
Azure SharePoint Web
Agenda
Intro App Shapes
Wrap-upApp models
Agenda
Intro App Shapes
Wrap-upApp models
Apps for SharePointApps for SharePoint are self-contained pieces of functionality that extend the capabilities of a SharePoint website. Apps integrate the best of the web and SharePoint; they are targeted and easy-to-use, and do a great job at solving a user need.
SharePoint Office Store
SharePoint App Catalog
Web Browser
Anatomy of a SharePoint Hosted app
Manifest
Code
JS CSS
HTML ASPX
Reasons to use SharePoint hosted apps
INHERENT MULTI-TENANCY
& ISOLATION
NO ADDITIONALCOST
NO NEED FOR ADDITIONAL
INFRASTRUCTURE
AUTHENTICATION IS AUTOMATIC
SYMMETRIC IN OFFICE 365AND ON-PREM
SharePoint component isolation1 app installation = 1 “app web”
App webs are isolated in their own domain:
Leverages web browser same-origin policy for script isolation
Host web
App web
https://contoso.sharepoint.com/site/
https://contoso-appUID.sharepoint.com/site/app/
Available app web components
Data
• Lists• Libraries
• WebProxy• App scoped BDC models• App scoped ECTs
UX
• Declarative Pages• CSS files• Custom Actions• OOB Web Parts
Logic
• JavaScript• Workflows• Custom Actions
Cloud Hosted Apps for SharePoint (Provider)
App Hosting
App Web (from WSP)
HostwebSharePoint-Hosted
AppReuse web elements (lists, out-
of-box web parts)Client side technologies and
declarative workflows
Provider-hosted App
“Bring your own server hosting infrastructure”
SharePoint
Web
Get remote events from SharePoint Use CSOM/REST + OAuth
Cloud-hosted apps
Your Hosted
Site
Autohosted AppWindows Azure + SQL
Azure provisioned automatically as apps
are installed
Azure SharePoint Web
SharePoint Office Store
SharePoint App Catalog
Web Browser
Anatomy of a Provider Hosted app
Web Server: Azure, IIS, LAMP, etc…Manifest
App Hosting
App Web (from WSP)
HostwebSharePoint-Hosted
AppReuse web elements (lists, out-
of-box web parts)Client side technologies and
declarative workflows
Provider-hosted App
“Bring your own server hosting infrastructure”
SharePoint
Web
Get remote events from SharePoint Use CSOM/REST + OAuth
Cloud-hosted apps
Your Hosted
Site
Autohosted AppWindows Azure + SQL
Azure provisioned automatically as apps
are installed
Azure SharePoint Web
Azure Web Site managed by SharePoint
SharePoint Office Store
SharePoint App Catalog
Web Browser
Anatomy of an Autohosted app
App Web Pages
SharePoint Pages
Manifest
Artifacts
App Lifecycle (autohosted)
App Developer Tenant Admin
Site Owner
Site Owner
Site Owner
Site OwnerApp
Catalog
SharePoint Store
(Office Marketplace)
Tenant A
Tenant B
.app .app
.app
Web Site SQL DB
Workflow
Web Site SQL DB
Workflow
Web Site SQL DB
Workflow
Web Site SQL DB
Workflow
App Lifecycle (Provider)
Publishing
From Developer to End User
Dev center
submission
Office Store
Integrated
Office Store
DirectVendor/
IT projects
SharePointApp
Catalog
TRIAL/ PURCHASE
TRIAL/PURCHASE
Office and SharePoint
Developer
End users
IT admin
SharePoint Office Store
SharePoint App Catalog
Web Browser
Recap: Anatomy of an app for SharePoint
App Content
Manifest
Code
SharePoint Hosted
SharePoint Hosted Package
SharePoint Office Store
SharePoint App Catalog
Web Browser
Recap: Anatomy of an app for SharePoint
Web Server: Azure, IIS, LAMP, etc…
App Web Pages
SharePoint Pages
Manifest
Artifacts
Provider Hosted
Provider-Hosted Package
Azure Web Site managed by SharePoint
SharePoint Office Store
SharePoint App Catalog
Web Browser
Recap: Anatomy of an app for SharePoint
App Web Pages
SharePoint Pages
Auto-Hosted
Manifest
Artifacts
Auto Hosted Package
Security
Can I trust this App?
Granting SharePoint App Permissions
Permissions are granted when an App for SharePoint is installed on a SharePoint server.
App permission
name
SharePoint permission name
Read Reader
Write Contributor
Manage Designer
FullControl Full Control All or nothin
g
App permissions
App permission request scopes
• Tenancy• SPSite• SPWeb• SPList• BCS• Search• Workflow• Taxonomy
App permission rights
• Read• Write• Manage• Full control
App authorization
policies• User and app
policy• App-only policy• User-only policy
App Authorization Policy flow
Full security list• SharePoint (full control)
• Site collection• Website• List• tenancy
• Other SP Features• BCS (read)• Search (QueryAsUserIgnoreAppPrinciple)• Taxonomy (R/W)
• Project (full control)• Project server (manage)• Projects (R/W)• Project (R/W)• EnterpriseResources (R/W)• Statusing (submitstatus)• Reporting (R)• Workflow (elevate)
• Other SP Features – Social (full control)• Tenant• Core• MicroFeed
Question<AppPermissionRequestScope="http://sharepoint/content/sitecollection/web/list"Right="Manage"/>
Question: App Shapes (screen or no-screen)
Turn the screen of you mobile phone on.
2
Face the screen towards the Presenter.
3
Take your mobile phone out of your pockets.
1
By default the app permission is set to all lists within the web, can you define more specific a list? Yes / No
Answer<AppPermissionRequestScope="http://sharepoint/content/sitecollection/web/list"Right="Manage" ><!-- add filter property to permission request --><Property Name="BaseTemplateId" Value="101" /></AppPermissionRequest>
Configure Apps authentication trust
Autohosted Apps
ACS
Provider-hosted Apps
ACS
S2S Trust
OAuth enables users to approve an application to act on their behalf without sharing their user name and password.
Understanding where Oauth fits• Oauth is primarily used for external app
authentication in the Office 365 environment.• Server2Server authentication is used for external
app authentication in on-premises farms.
OAuth for cloud-hosted Apps
Client
STS (ACS)
SharePoint Farm RemoteApp Site
1 - Request
2 – Request context token
3 – Signed context token
4 – Page + IFRAME
5 – Request page + include context token
10 – IFRAME contents
9 – SharePoint data
8 – Request + access token
7 – Access token
6 – Access token request
OAuth Flow
SharePoint Server
Hosting Server
Web Browser
ACS Server
SharePoint Server
Hosting ServerWeb Browser
ACS Server
1) User browses to a SharePoint page with an app from a Cloud hosted app on it
https://mySPSite.sharepo
SharePoint Server
Hosting ServerWeb Browser
1
ACS Server
ACS Server
2) SharePoint asks ACS to create and sign a token which contains context information and an auth code
https://mySPSite.sharepo
SharePoint Server
Hosting ServerWeb Browser
1
2
ACS Server
3) ACS returns the signed context token
https://mySPSite.sharepo
SharePoint Server
Hosting ServerWeb Browser
1
32
4) SharePoint renders the page including an IFRAME, which will POST the context token to the Cloud hosted app
Developer Site
POST https://hosting server/…SPAppToken=tbAgAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.e…
https://mySPSite.sharepo
ACS Server
SharePoint Server
Hosting ServerWeb Browser
1
2
4
3
5) The IFRAME causes the browser to request a page from the Cloud hosted app including the context token
ACS Server
SharePoint Server
Hosting ServerWeb Browser
1
2
4
3
5
Developer Sitehttps://mySPSite.sharepo
6) Cloud hosted app validates the signature on the context token, extracts the auth code, and uses its credentials to request an access token from ACS
ACS Server
SharePoint Server
Hosting ServerWeb Browser
1
2
4
3
6
5
Developer Sitehttps://mySPSite.sharepo
7) ACS returns an access token
ACS Server
SharePoint Server
Hosting ServerWeb Browser
1
2
4
3
6
7
5
Developer Sitehttps://mySPSite.sharepo
7) ACS returns an access token
8) Cloud-hosted app makes a web service request to SharePoint, passing the access token
ACS Server
SharePoint Server
Hosting ServerWeb Browser
1
2
4
3
6
7
5
8
Developer Sitehttps://mySPSite.sharepo
9) SharePoint returns information to the Cloud hosted app
ACS Server
SharePoint Server
Hosting ServerWeb Browser
1
2
4
3
6
7
5
8
9
Developer Sitehttps://mySPSite.sharepo
10) The Cloud hosted app renders the IFRAME contents
ACS Server
SharePoint Server
Hosting ServerWeb Browser
1
2
4
3
6
7
5
8
9
Sales Metrics Dashboard
Print Report
Email Report
Refresh
10
Developer Sitehttps://mySPSite.sharepo
App lifecycle management
App lifecycle managementInstalling an App
Manage licensing
Backup and restore
Upgrading an App
Uninstalling an App
App lifecycle managementInstalling an App
Manage licensing
Backup and restore
Upgrading an App
Uninstalling an App
Timer Jobs:• App Installation Service (1 min)
Cmdlets:• Import-SPAppPackage• Install-SPApp
App lifecycle managementInstalling an App
Manage licensing
Backup and restore
Upgrading an App
Uninstalling an App
*Licensing not required for app dev*Timer Jobs:• License Renewal
Powershell:• $appProxy = Get-
SPServiceApplicationProxy “AppManagementProxyId”
$appProxy.GetDeploymentID()
Cmdlets:• Set-
SPAppManagementDeploymentID
App lifecycle managementInstalling an App
Manage licensing
Backup and restore
Upgrading an App
Uninstalling an App
Cmdlets:• Backup-SPSite• Restore-SPSite
• Export-SPAppPackage• Import-SPAppPackage• Install-SPApp
App lifecycle managementInstalling an App
Manage licensing
Backup and restore
Upgrading an App
Uninstalling an App
Timer Jobs:• App State Update• Internal App State Update
Cmdlets:• Get-SPAppStateUpdateInterval• Get-SPAppStateSyncLastRunTime• Set-SPAppStateUpdateInterval• Get-
SPInternalAppStateUpdateInterval• Get-
SPInternalAppStateSyncLastRunTime
• Set-SPInternalAppStateUpdateInterval
• Update-SPAppInstance
App lifecycle managementInstalling an App
Manage licensing
Backup and restore
Upgrading an App
Uninstalling an App
Cmdlets:• Uninstall-SPAppInstance
Monitoring and logging
Monitoring and logging
• App usage/Error details• Timer Jobs
Monitoring in Central Admin
• App usage/Error detailsMonitoring in Site
Collections
• App Management, App Monitoring, Azure Access Control, App Marketplace, Marketplace Web Service
Logging Categories
Development toolsHow many are there?
Napa and Visual Studio• Napa is complementary to Visual Studio
• Get started in Napa, continue in Visual Studio
• Made it very easy to move to Visual Studio when you want to. For example:• Debugger• Support for composing apps for Office & SharePoint• Support additional deployment topologies (i.e. server code)• ALM tools (SCC, Work Items, Profiler, etc.)• Additional SharePoint items (BCS, Workflow, etc.)
Napa is an app for SharePointWindows Azure
SharePoint Developer Site
JS CSS
HTML ASPX
Office Store
Install the Napa app
Side load SharePointApp1
SharePointApp1
App for SharePoint
DocumentApp for Office
JSOM & REST (example)JavaScript object modelvar ctx = new SP.ClientContext("http://contoso-appUID.spo.com/site/app");ctx.load(ctx.get_web().get_title());ctx.executeQueryAsync();
REST/ODatahttp://contoso-appUID.spo.com/site/app/_api/web/Title
_api/web/lists_api/web/lists/getByTitle('Documents')
_api/social.feed/my/news_api/SP.UserProfiles.PeopleManager/getMyProperties()_api/search/query?Querytext='Marketing'
Agenda
Intro App Shapes
Wrap-upApp models
Agenda
Intro App Shapes
Wrap-upApp models
In SharePoint 2013… Improvement++
?
Take Away• Javascript / Jquery , CSOM & REST are getting
important• Clientside (high trust) vs Serverside (full trust)• Recommended read: SP 2013 App development• Scott hillier & ted pattison
References• SPC Slide decks: • Understanding and Maintaining SharePoint Apps for IT Pros
• Chris Whitehead & Sam Hassani
• SharePoint hosted apps• Yina Arenas
• Building Autohosted Apps for SharePoint 2013• Richard diZerega Nathan Miller