Transcript Introduction to Cloud-Hosted Apps

Introduction to
Cloud Hosted Apps
Your apps here!
Bob German
Principal Architect
@Bob1German
http://blogs.msdn.com/BobGerman/
Bob German

SharePoint Principal Architect at BlueMetal Architects

Developer and architect on the SharePoint platform
since Site Server 3.0

Co-author of SharePoint 2010 Development with Silverlight
for Addison-Wesley
BlueMetal Architects

Boston, New York and Chicago.

We strive to build solutions that exactly meet
our clients’ needs

SharePoint / Information Management

Data Platforms / Analytics ● Design

Mobile Apps ● Enterprise Apps ● App Modernization
Agenda
•
•
•
•
Brief review of SharePoint Apps
Authentication and Client API’s
Demo 1: WebForms App
Demo 2: MVC App
All code is available
for download
The New App Model
Host
Web
Code runs outside of SharePoint
• Can’t affect “farm solutions” affecting
servers
• Give apps just the permission they
need and no more
(like a phone app)
• App web isolates app storage for
easy clean-up
App Web
(optional)
App
Azure,
on-Premises, or Anywhere
Until now, developing for SharePoint was like developing for MS DOS or
Windows 3.1 … no isolation, weak security. It’s time SharePoint
development caught up with the rest of the industry!
App Isolation
Host
Web
http://myserver/sites/myweb/
App Web
(optional)
http://app12345/sites/myweb/
App
http://whatevs.com/somepath/
Azure
or other provider
Different domain names leverage
browsers’ same-origin policy
Where does your App run?
App Web
External Web Server
Optionally Provisioned by SharePoint on app
installation
Can be on-premises or in the cloud
No Server Code – period!
(though you can leverage installed ASP.NET
controls)
Code in Javascript on browser
Access host web via cross-domain library
May contain declarative, web-scoped features
(lists, site pages, client script, images, css)
Auto-hosted apps are provisioned by Office 365
on app installation
Provider-hosted apps can run on-premises, in
Azure, or anywhere (doesn’t even need to be
.NET)
Access host and app webs via OAuth – run
under:
Host
End user’s permissions
Web
App permissions
App
Web
App
User and App Identities
Programming Model
Code Runs As
Available API’s
Farm Solution
User (or elevate to App Pool
identity)
All
Sandboxed Solution
User (or run in a workflow
Very limited server API access
impersonation step as a specific No network/external access
user)
SharePoint Hosted App
App or User
Javascript Client OM (JSOM),
REST, SOAP web services*
Cloud Hosted App
App or User
Javascript Client OM (JSOM),
Managed Client OM (CSOM),
REST, SOAP web services*
* SOAP web services are “deprecated” for SharePoint 2013, but removing them would break a lot
of Office integration scenarios
App Authentication
Internal
External
(OAuth)
External
(S2S)
• User accesses SharePoint JSOM or REST API’s using inherent SharePoint
security already in place
• Used by Javascript on web pages in App web or using Cross-domain library
• Only runs as User – no App identity
• Standard Authorization protocol used in many public web sites (FaceBook,
Twitter, Live, Google, etc.) – “Valet Key” to access information
• Requires external authentication server (e.g. Azure ACS)
• Office 365 Auto-Hosted Apps automatically set up for OAuth
• SharePoint server is configured to trust an external server to authenticate
users (Server  Server)
• No external authentication server – great for on-premises scenarios
• Uses SSL Certs for simplicity – App code needs access to SSL Private Key
Client API’s
REST
OData
CSOM
• No client-side API components – access
from anywhere! (Javascript, .NET, PHP …)
• OData compliant content access for easy
access by ADO.NET Data Services, Excel, etc.
JSON, ATOM
/_api/
REST (Representational Entity State Transfer)
Client.svc
CSOM (Client Side Object Model)
• Client API available for Javascript (“JSOM”),
.NET, Silverlight
• Batched requests are more efficient
Client API’s
REST
OData
CSOM
• Site Content
• Site Collection Creation
• User Profiles
• Search
JSON, ATOM
/_api/
• Taxonomy
Client.svc
• Feeds
• Publishing
• Business Connectivity Services
• Sharing
• Workflow
• E-Discovery
• IRM
• Analytics
demo
Locations
Maps and displays locations in a contacts list
• ASP.NET WebForms
• Uses SharePoint 2013 GeoLocation column
• Remote event receiver geocodes list items
• Client web part displays map
.NET Web Development Choices
ASP Pages
WebForms
MVC
Control over HTML
Control over URLs
Drag and Drop
Development
Ease of Code Reuse
Ease of Testing
Replaceable Components
Strong Offering
Weak / No Offering
…
2001
…
2003
…
2007
…
2013
…
demo
PictureView
Organizes pictures across multiple SharePoint picture libraries
• ASP.NET MVC
• Multi-page app using Chrome Control for branding
• Testable controller using dependency injection
• Web part shows a slide show
Questions?
Code Downloads
Locations Demo
(WebForms)
http://bit.ly/SPC358-LocationSample
PictureView
Demo (MVC)
http://bit.ly/SPC419-SampleCode
@Bob1German
[email protected]
http://blogs.msdn.com/BobGerman