Tips You Need to Know for Creating Apps for SharePoint 2013Jeremy ThakeChief ArchitectAvePoint Inc.

SES-B401

SpeakerAuthor

AvePoint Labs

Chief ArchitectText/Icon/Pic

@jthake jeremy.thake@avepoint.comwww.jeremythake.com

Jeremy Thake

MICROSOFT CONFIDENTIAL – INTERNAL ONLY

Compliment the other SharePoint App Sessions this weekUnderstand real world SharePoint App scenariosLearn from my experience on releasing 3 apps to store

Session Objectives And Takeaways

Vision: Modernizing the Office PlatformOur Vision: Modernizing the platformToday’s Market Today’s Trends Our Principles

The result: a new cloud app model

Architecture of Apps

© 2011 AvePoint, Inc. All rights reserved. No part of this may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc.

© 2011 AvePoint, Inc. All rights reserved. No part of this may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc.

SharePoint

SharePoint Azure Web & Worker RolesWeb application

Windows Server

Site CollectionRoot Site

App 1SP

Hosted

App 2Azure

Hosted

App 3Provider Hosted

App 2Web

App 2SQL

App 3SQL

Sub Site

App 3Provider Hosted

App 3Web

App 3Window

s Service

App 4Provider Hosted

AzureApp 4SQL

App 4Web

App 4Worker

SharePoint

SharePoint 2007

Sandbox

SharePoint 2010

SharePoint

Azure, IIS, LAMP, etc…

_api

SharePoint 2013

App Model: Past, Present and Future

Customization packaging and deployment options

Full-Trust

• Full trust solutions

• Customizations to file system of servers

• Classic model from 2007

Sandbox

• Declarative elements

• Partially trusted code service still included for limited server side support

• Resource monitored

SP Apps

• New Apps model

• Deployed from corporate catalog or office market place

• Manage permission and licenses specifically

• Preferred option

Online vs. On-premises

Full-Trust

• Server-side OM• Client-side OM• No marketplace• On-premises

only• No OAuth• UI integration

Sandbox

• Limited Server-Side OM

• Client-side OM• No marketplace• On-premises

and Online• No OAuth• UI integration

SP Apps

• Client-side OM only

• Marketplace• On-premises

and Online• OAuth• Restricted UI

integration

Case Study:AvePoint Apps

AvePoint Meetings

MICROSOFT CONFIDENTIAL – INTERNAL ONLY

What is the problem?Hard to track meetingsNo structured way of capturing informationHistorically hard to see decisions made and actions assigned

OneNote trackingCan only assign Outlook Tasks for myselfFocused more on personal note taking

Meetings workspace deprecatedNo migration story from SharePoint 2010Didn’t solve problems anyway

MICROSOFT CONFIDENTIAL – INTERNAL ONLY

Meetings for SharePoint 2013Planning meetingsMeeting invitations support reoccurringAttendees can create agenda items to discuss and upload relevant materials

In-meetingAll attendees can be in the app recording notes, assigning actions and recording decisionsView previous meetings to find decisions and notes

Track progressSee all the actions and their progressAutomatically gives you My Tasks and sync up to Exchange

MICROSOFT CONFIDENTIAL – INTERNAL ONLY

The Basics

Unlimited UsersSupport to have unlimited users accessing the app in real-time

Unlimited App instancesAdd the AvePoint Meetings App to any SharePoint Site

Unlimited MeetingsHave as many meetings within your App as you like

One-off & Re-occurring meetingsSupport for both one-off meetings and re-occurring meetingsMeeting timeline to see past tracked meetings

Track structured informationSupport to track notes, actions and decisions

Architecture

Azure Web role

Azure SQL role

SharePoint 2013

App Package

Data Here

MICROSOFT CONFIDENTIAL – INTERNAL ONLY

ArchitectureProvider HostedOur own Windows Azure Web service tenantTo protect IP and also developers prefer over JavaScript

Meetings DataMeetings data is stored in the Parent Site in SharePoint Lists

Online and On-premisesWant one app to work both online and on-premises

LicensingFree and registration after 2 months for lead generation

SignalRUsed SignalR for auto update on users browsers

#1: Security Model approaches

MICROSOFT CONFIDENTIAL – INTERNAL ONLY

• SPSite—site collection• SPWeb—website• SPList—list• Tenancy—the tenancy scope is at

http://<sharepointserver>/<content>/<tenant>/• performing search queries, accessing taxonomy data,

user profiles, etc.

App Scopes

MICROSOFT CONFIDENTIAL – INTERNAL ONLY

• Rights:• Read-Only• Write• Manage• Full Control (not supported in Store!)

• Not customizable!• If an app is granted permission to a scope• the permission applies to all children of the scope

App Rights

MICROSOFT CONFIDENTIAL – INTERNAL ONLY

• App rights are set when:• An app is installed by an SPWeb administrator• An app is explicitly granted permission by a tenant administrator or SPWeb

administrator• An end user gives consent• An app is removed

• Once provisioned, the rights for an app cannot change – they can only be revoked in whole• This ensures the app will not have to account for missing rights, i.e. become broken

after installation

Setting App Rights

DEMO: VS2012 security

#2: The SharePoint cross-domain library can cross firewalls too

Cross-Domain Library

SharePoint

Firewall

App Server

DEMO: Cross-Domain Library

Accessing Host Webvar appWebContext = new SP.ClientContext(appweburl);     var factory = new SP.ProxyWebRequestExecutorFactory(appweburl);     appWebContext.set_webRequestExecutorFactory(factory);     var hostWebContext = new SP.AppContextSite(appWebContext, hostweburl);     var web = hostWebContext.get_web();     var list = web.get_lists().getByTitle("Documents");     myDocuments = list.getItems('');     appWebContext.load(myDocuments, 'Include(Title, FileRef)');     appWebContext.executeQueryAsync(docsSuccessHandler, xDomainErrorHandler);

#3: Bring Office documents into your SharePoint apps with WACs

Using WACs in apps for SharePoint

#4: Act as the App

DEMO: Act as the App

Act as Appvar contextToken = SPTokenCacheHelper.CurrentSessionContext.ContextToken;             var appOnlyToken = TokenHelper.GetAppOnlyAccessToken(                  contextToken.TargetPrincipalName,                  SPTokenCacheHelper.CurrentSessionContext.SPHostUrl.Authority,                  contextToken.Realm).AccessToken;             

using (ClientContext clientContext =                  TokenHelper.GetClientContextWithAccessToken(SPTokenCacheHelper.CurrentSessionContext.SPHostUrl.OriginalString,                  appOnlyToken))             {                  List list = clientContext.Web.Lists.GetByTitle("Movies");                  ListItemCreationInformation newMovie = new ListItemCreationInformation();                  Microsoft.SharePoint.Client.ListItem item = list.AddItem(newMovie);                  item["Title"] = TextBox1.Text;                  item.Update();                  clientContext.Load(item);                  clientContext.ExecuteQuery();                 

TraceCaster.Cast(string.Format("Added a new Movie: {0}", TextBox1.Text));}

#5: SignalR showing debugging info

DEMO: SignalR

#6: Chrome Control Navigation

App UX design guidelines

DEMO: Chrome

#7: Versioning

Versioning

© 2011 AvePoint, Inc. All rights reserved. No part of this may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc.

© 2011 AvePoint, Inc. All rights reserved. No part of this may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc.

© 2011 AvePoint, Inc. All rights reserved. No part of this may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc.

SharePoint

SharePoint Azure Web & Worker RolesWeb application

Site CollectionRoot Site

App 1V1.0

App 2V1.0

App 3V1.0

App 2WebV1.0

App 2SQLV1.0

Sub Site

App 3V1.0

App 2WebV1.1

App 2SQLV1.1

App 2WebV2.0

App 2SQLV2.0

App 3V1.1

App 2V2.0 Windows Server

App 3SQL v1

App 3Web v1

App 3Window

s Service

v1

Windows ServerApp 3SQLV1.1

App 3WebV1.1

App 3Window

s Service

V1.1

Marketpla

ce

SP App upgrade process

New Version Available

1.0.0.01.0.1.0

Parent Site

Child Site A

Child Site B

Child Site C

Meetings App

V1.0.0.0

Parent Site

Child Site A

Child Site B

Child Site C

Meetings App

V1.0.0.0

Meetings App

V1.0.0.0

Meetings App

V2.0.0.0

Meetings App

V2.0.0.0

Manifest.xml<Feature xmlns="http://schemas.microsoft.com/sharepoint/" Version="1.0.0.3">

<UpgradeActions> <VersionRange EndVersion="1.0.0.1">

<ApplyElementManifests> <ElementManifest Location="Pages\Elements.xml" /> <ElementManifest Location="Scripts\Elements.xml" /> <ElementManifest Location="Content\Elements.xml" /> <ElementManifest Location="Images\Elements.xml" /> <ElementManifest Location="List1Instance\Elements.xml" /> <ElementManifest Location="List1\Elements.xml" /> </ApplyElementManifests>

</VersionRange> <VersionRange BeginVersion="1.0.0.2" >

<ApplyElementManifests> <ElementManifest Location="List1Instance\Elements.xml" /> <ElementManifest Location="List1\Elements.xml" />

</ApplyElementManifests> </VersionRange>

</UpgradeActions> </Feature>

#8: Deep linking into App (Permalink)

Permalink[SharePoint Host url]/_layouts/15/appredirect.aspx?client_id=[client id of your app]&redirect_uri=[url in your app where you want to take the user]

DEMO: Permalink

#9: Handling OAuth tokens

SharePoint

Windows ServerApp 3

Windows

Service

App 3SQL

App 3Web

OAuth Token ExampleSharePoint Azure Web & Worker

RolesWeb application

Site CollectionRoot Site

App 1 App 2 App 3

App 2Web

App 2SQL

Site CollectionRoot Site

App 3

Q&AJeremy Thakewww.NothingButSharePoint.comwww.jeremythake.comwww.AvePoint.com

jeremy.thake@avepoint.com@jthakewww.linkedin.com/in/jeremythake

• Building End-to-End Apps for Microsoft SharePoint with Windows Azure and Windows 8

• 0 to 60: Developing Apps for Microsoft SharePoint 2013• Developing

Apps for Microsoft SharePoint 2013 with Microsoft Visual Studio 2012

• Real SharePoint Apps, Real Fast with the New Microsoft Access 2013

• Advanced Patterns in Cloud-Hosted Apps for Microsoft SharePoint

• Deeper Dive into Building SharePoint Apps Access 2013• Building

Modern, HTML5-based Business Apps for SharePoint 2013 with Visual Studio LightSwitch

Sessions TechEd North America 2013

msdn

Resources for Developers

http://microsoft.com/msdn

Learning

Microsoft Certification & Training Resources

www.microsoft.com/learning

TechNet

Resources

Sessions on Demand

http://channel9.msdn.com/Events/TechEd

Resources for IT Professionals

http://microsoft.com/technet

Evaluate this session

Scan this QR code to evaluate this session.

© 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.