Transcript SharePoint 2013 App Model - SharePoint Maine User Group

SharePoint 2013 “Apps”
Brian Fraser
Fraser Technical Solutions, LLC
[email protected]
Problems with Traditional SharePoint
Development
• Farm Solutions
•
•
•
•
Code is considered fully trusted
Code runs as current user by default
Code can call SPSecurity.RunWithElevatedPrivileges to run as System account
Misbehaving code can impact the entire farm
• Sandboxed Solutions
•
•
•
•
Limited functionality
Code runs as current user only
Cannot elevate permissions
Not as secure as people think
Design goals
• Must support Office 365
• Code cannot run in SharePoint process
• SharePoint API accessible only through clearly defined web services
• An “app” has its own distinct identity
• An “app” can be granted permissions independent of users
• Easier publishing and discovery via App Catalog
Tenancy
• Implicitly handled for you in Office 365
• Allows grouping of site collections per customer (tenant)
• On premise installations typically have a single default tenancy
Pre Requisites (On premise installation)
• Claims Authentication
• App Management service
• Subscription Settings Service
• App Domain (*.contosoapps.com)
• SSL with wildcard certificate
• http://technet.microsoft.com/en-us/library/fp161236.aspx
App Installation
• Must be deployed to an app catalog
• App catalog is a special site collection. 1 per web application
• Apps can be deployed at site scope or tenancy scope
• App Web represents Isolated storage for an app instance
• Host Web is the parent of the app web
• App implicitly has full control over its app web
• App must request any other permissions during installation
App Hosting Models
• SharePoint Hosted
• Cloud Hosted
• Auto Hosted (Azure + O365 only)
• Provider Hosted
SharePoint Hosted Apps
• Contained entirely in app web
• Client side code only. No server side code.
• Typically JavaScript but can use any client side technology such as
flash, Silverlight, etc.
• Does not support “app only” authentication
• No need to program with access tokens for authentication. Uses
SharePoint internal authentication.
Provider Hosted App
• Server side code using virtually any technology is allowed i.e. Web
Forms, MVC, LAMP, PHP, etc.
• Requires separate remote web for all application code.
• Remote web must exist prior to deployment in SharePoint
• Application developer responsible for load balancing, multi tenancy
support, etc.
• Must use external authentication (S2S or OAUTH)
Auto Hosted Apps
• Supported in Office 365 only
• Based on private windows azure infrastructure associated with O365
tenancy
• Multi-tenancy and load balancing handled by infrastructure
• Azure web sites and databases provisioned automatically during app
installation
• OAuth authentication required
Getting Started – SharePoint hosted app
• Office 365 Developer site
• http://msdn.microsoft.com/en-us/library/office/fp179924.aspx
• “Napa” Office 365 Development Tools
• Demo
• Visual Studio
• Demo
What’s in a URL?
• http://app007bd0249c5cba.devapps.com/sites/dev1/Contacts_SharePointHosted/Pa
ges/Default.aspx?SPHostUrl=http%3A%2F%2Fsp2013dev%2Fsites%2Fdev1
&SPLanguage=en%2DUS&SPClientTag=0&SPProductNumber=15%2E0%2E4
481%2E1005&SPAppWebUrl=http%3A%2F%2Fapp%2D007bd0249c5cba%2
Edevapps%2Ecom%2Fsites%2Fdev1%2FContacts%5FSharePointHosted
• “app” is the app prefix. Based on tenancy. Configurable for on-prem only.
• “007bd0249c5cba” is the APPUID
• “devapps.com” is the app hosting domain
• “sites/dev1” domain relative URL of host web
• Query String “Standard Tokens”
Provider Hosted (S2S)
•
•
•
•
•
•
•
•
S2S “High Trust”
Requires X.509 Certificate
Remote web encrypts token request with private key
SharePoint Secure Token issuer validates request with public key and issues
authentication token
Remote web uses token in subsequent CSOM or REST calls
TokenHelper for working with tokens. Works natively with windows
authentication. Extensible for FBA and other authentication methods.
Register app principal with appregnew.aspx or register-SPAppPrincipal
“High Trust” because SharePoint trusts the remote web to authenticate
user
Provider hosted demo
Provider Hosted OAUTH
• Requires Azure Control Services (ACS)
• Required for O365 auto hosted apps
• SharePoint obtains context token from ACS and POSTS to remote web
on app launch
• Client app extracts refresh token from context token and passes to
ACS to obtain OAUTH token
• Client makes CSOM/REST calls to SharePoint with OAUTH token
• Can be used On-Prem in place of S2S
Autohosted Demo