TECHNET DAY SARAJEVO 18.12.2012

AllDRAGAN PANJKOV, PLANB.

About Apps

about me

• Dragan Panjkov

• Working with SharePoint since 2007

• www.dragan-panjkov.com

• www.twitter.com/panjkov

• BAM Converter – available on Marketplace and CodePlex

• PlanB. d.o.o.

• www.planb.ba

• SharePoint user group

• www.1sug.com

apps basics

types, basic concepts, development

distribution, upgrade, on-prem config

apps?

introducing apps

• In SharePoint 2013 everything is an app …

• In strict sense: “Apps are self-contained pieces of functionality that extend the capabilities of a SharePoint site.”

why apps

• Isolated (safe!)

• Multi-tenant

• Multiple development possibilities (even non-MS stack)

• Easier to deploy (no SharePointisms by deployment)

• Easier to maintain (lifecycle – versioning, upgrades)

• Manageable (Office Store, Corporate Catalog)

• Cloud ready!

get app to site collection

• All site content provides functionality to add apps

• Both Office Store and corporate catalog visible from single place

• Users can add Apps to be available

• Apps can request permissions, depending on implementation

USER PERSPECTIVE

app types, basic concepts, development

what is an app?• Web application registered with SharePoint, configured using XML

(app.manifest)

<?xml version="1.0" encoding="utf-8" ?><!--Created:cb85b80c-f585-40ff-8bfc-12ff4d0e34a9--><App xmlns="http://schemas.microsoft.com/sharepoint/2012/app/manifest"

Name="SharePointAppSPCADemo"ProductID="{9b33c5b6-bc7c-4905-8b02-e2e24f404fea}"Version="1.0.0.0"SharePointMinVersion="15.0.0.0"

><Properties>

<Title>SharePointApp SPCA Demo</Title><StartPage>~appWebUrl/Pages/Default.aspx?{StandardTokens}</StartPage>

</Properties>

<AppPrincipal><Internal />

</AppPrincipal><AppPermissionRequests>

<AppPermissionRequest Scope="http://sharepoint/content/sitecollection/web" Right="Read" /><AppPermissionRequest Scope="http://sharepoint/search" Right="QueryAsUserIgnoreAppPrincipal" />

</AppPermissionRequests></App>

sp app design - a choice of three approaches

App Web

(from WSP)

Parent

Web

SharePoint-hosted App

Provision an isolated sub web on a parent

web

• Reuse web elements

(lists, files, out-of-box web parts)

• No server code allowed; use client

JavaScript for logic, UX

Azure Auto-Provisioned App

Windows Azure + SQL Azure provisioned

invisibly as apps are installed

Azure

(from WebDeploy,

DacPac)

SharePoint Web

Get remote events from

SharePoint

Use CSOM/REST +

OAuth to work with SP

Cloud-based Apps

Developer-Hosted App

“Bring your own server hosting infrastructure”

Developers will need to isolate tenants

SharePoint

WebYour Hosted Site

animated

when to use cloud-hosted apps?Cloud Hosted Apps SharePoint Hosted Apps

Preferred hosting model for almost all

types of apps

Good for smaller apps & resource storage

Full power of web – choose your

infrastructure & technology

SharePoint-based; no server-side code

May require your own hosting Automatically hosted in SharePoint

May require you own handling of

multitenancy & permission management

Inherent multitenancy & isolation

technology comparison

SharePoint Hosted Cloud Hosted

App Scope SharePoint Site Site or Tenancy

Architecture Web Site Multi-Tenant App

Developer Skillset SharePoint + HTML/JS Full Stack

UI Technologies SharePoint + HTML/JS Any Web Stack

Server Code None Any

Storage Lists and Doc Libs Any

Key Limitations No Server Code Hosting Expertise Required

common app architecture

APP

CSOM CSOM

REST

use cases for autohosted apps

• Team apps

• Resource tracking

• Team processes

• Event receivers

• Individual productivity

• Document assembly, etc.

user experience integration

Full page

Implement complete app experiences

to satisfy business scenarios

Parts

Create app parts that can interact

with the SharePoint experience

UI Command extensions

Add new commands to the ribbon and item

menus

developing apps

APP DEVELOPMENT INTRO

app identity

• Challenge with SPS2010

• Farm solutions – too much privileges - risk of RunWithElevatedPrivileges

• Sandbox solutions – no RunWithElevatedPrivileges – always under user context

• In SharePoint 2013 apps have their own identity and specific permissions

• Installing user either grants or denies permissions to host web

• Permission is explicitly given for a specific scope

• App identity is passed around using oAuth tokens

app permissions

• Default rights : Read, Write, Manage and Full Control

• Not possible to customize

• Apps are granted permissions to a scope and all children of the scope

• Defined in declarative XML

app scopes

• SPSite – site collection

• SPWeb – site

• SPList

• Tenancy

• Other scopes (and rights) for performing search queries, accessing taxonomy data, user profiles, etc...

sharepoint apps: establishing trust

azure access control service (ACS)

• ACS is used as authorization server

• required with oAuth implementation in SharePoint 2013

• How is the ACS server configured?

• Automatically done for sites in Office 365 Preview

• On-premise farms, a trust to ACS must be configured.

• Possible to avoid when using Server-to-server (S2S) trust

JavaScript

Library

Silverlight

Library

.Net CLR

Library

Custom Client Code

Client

Server

_api is new alias for _vti_bin/client.svc

sharepoint 2013 remote api

REST

OData

JSON

CSOM

deployment, upgrade, configuration

from developer to end user

Dev center

submissionOffice Store

Integrated

Office

Store

DirectVendor/

IT projects

SharePoint

App Catalog

TRIAL/

PURCHASE

TRIAL/

PURCHASE

Office and SharePoint

Developer

End users

IT admin

apps upgrade process

animated

Infrastructure configuration for SP Apps

1) Wild card DNS entry for app domain

2) Apps service application and subscription service created in environment hosting SP apps

3) SharePoint application for routing the incoming requests to app DNS entry

4) App catalog created for SharePoint applications to enable end users to utilize apps

SharePoint farm

http://*.apps192.168.x.x

dns configuration on-premises

• Define wildcard DNS entry for apps

• *.apps.contoso.com or something similar

• Configure app address in SP side using Central Admin or PowerShell

• One address per farm

app configuration for on-premises farm• Ensure that App service application and subscription service are created and

running in farm

• Subscription service is used to provide unique Site Collection ID for App Urls

• Apps will be hosted on own domain, within their own frame• Leverages web browser same-origin policy for script isolation

• URL naming – each app has unique URL – one app – one = URL• http://default-appUID.apps.contoso.com

• appUID – combination of site collection ID and particular SPWeb where app is installed

http://sp/sites/web http:// /sites/web/appguidtenant-

apphash1.contosoapps.com

main SharePoint site app1 SharePoint site

http://apps-87e90ada14c175.contosoapps.com/sites/web/014c9c59-5d9c-4a59-a5ce-2116a4c90296

apps…

• …are not executed in SharePoint App pool

• …are in most of the cases not even running on SP Server

• …can have full trust, with user’s approval (OAuth)

• …can access SharePoint Data

• …can access outer world non-SharePoint Data

• …can use any external resources

• …can be executed in it’s own chrome, as app parts, or as SharePoint extensions

resources

• dev.office.com

• blogs.msdn.com/b/officeapps

• blog.tedpattison.net

• http://www.andrewconnell.com/blog/archive/2012/10/02/fully-scripted-solution-for-creating-and-registering-self-signed-certs.aspx

• http://www.binarywave.com/blogs/eshupps/Lists/Posts/Post.aspx?ID=267

questions?

WWW.DRAGAN-PANJKOV.COM

@PANJKOV

thank you.

Provider Hosted – S2S

• High trust applications used on-premise

• Can assert any user’s identity

• Requires configuration to establish trust between SharePoint farm and S2S app

• Needs to be done for every S2S app

Configure S2S

• App Isolation is configured

• Disable App Principal check

• Generate Public/Private certificate pair

• Generate Client Id

• Set up Security Token Issuer

• Register App Principal

• Update Web.config and ensure user profiles exist

• http://www.binarywave.com/blogs/eshupps/Lists/Posts/Post.aspx?ID=267