Bob GermanPrincipal Architect
Introduction to Cloud Hosted Apps
Your apps here!
SPS Boston
Bob German SharePoint Principal Architect at BlueMetal Architects
Developer and architect on the SharePoint platform since Site Server 3.0
Co-author of SharePoint 2010 Development with Silverlightfor Addison-Wesley
BlueMetal Architects Boston, New York and Chicago.
We strive to build solutions that exactly meet our clients’ needs SharePoint / Information Management Data Platforms / Analytics ● Design Mobile Apps ● Enterprise Apps ● App Modernization
@Bob1Germanhttp://blogs.msdn.com/BobGerman/
Agenda
• Brief review of SharePoint Apps• Authentication and Client API’s• Demo 1: WebForms App• Demo 2: MVC App
All code is availablefor download
The New App Model
Code runs outside of SharePoint• Can’t affect “farm solutions” affecting
servers• Give apps just the permission they
need and no more(like a phone app)
• App web isolates app storage foreasy clean-up
AppAzure,
on-Premises, or Anywhere
HostWeb
App Web(optional)
Until now, developing for SharePoint was like developing for MS DOS or Windows 3.1 … no isolation, weak security. It’s time SharePoint development caught up with the rest of the industry!
App Isolation
App Azureor other provider
HostWeb
App Web(optional)
http://myserver/sites/myweb/
http://app12345/sites/myweb/
http://whatevs.com/somepath/
Different domain names leverage browsers’ same-origin policy
Where does your App run?
App Web External Web ServerOptionally Provisioned by SharePoint on app installation
No Server Code – period!(though you can leverage installed ASP.NET controls)
Code in Javascript on browserAccess host web via cross-domain library
May contain declarative, web-scoped features (lists, site pages, client script, images, css)
Can be on-premises or in the cloud
Auto-hosted apps are provisioned by Office 365 on app installation
Provider-hosted apps can run on-premises, in Azure, or anywhere (doesn’t even need to be .NET)
Access host and app webs via OAuth – run under:
End user’s permissionsApp permissions
App
HostWeb
AppWeb
User and App Identities
Programming Model Code Runs As Available API’s
Farm Solution User (or elevate to App Pool identity)
All
Sandboxed Solution User (or run in a workflow impersonation step as a specific user)
Very limited server API accessNo network/external access
SharePoint Hosted App App or User Javascript Client OM (JSOM),REST, SOAP web services*
Cloud Hosted App App or User Javascript Client OM (JSOM),Managed Client OM (CSOM),REST, SOAP web services*
* SOAP web services are “deprecated” for SharePoint 2013, but removing them would break a lot of Office integration scenarios
App Authentication
•User accesses SharePoint JSOM or REST API’s using inherent SharePoint security already in place•Used by Javascript on web pages in App web or using Cross-domain library•Only runs as User – no App identity
Internal
•Standard Authorization protocol used in many public web sites (FaceBook, Twitter, Live, Google, etc.) – “Valet Key” to access information•Requires external authentication server (e.g. Azure ACS)•Office 365 Auto-Hosted Apps automatically set up for OAuth
External(OAuth)
•SharePoint server is configured to trust an external server to authenticate users (Server Server)•No external authentication server – great for on-premises scenarios•Uses SSL Certs for simplicity – App code needs access to SSL Private Key
External(S2S)
Client API’s
REST (Representational Entity State Transfer)
• No client-side API components – access from anywhere! (Javascript, .NET, PHP …)
• OData compliant content access for easy access by ADO.NET Data Services, Excel, etc.
CSOM (Client Side Object Model)
• Client API available for Javascript (“JSOM”), .NET, Silverlight
• Batched requests are more efficient
SharePoint Server API
Client AppClient App
ADO.NET Data Svcs Client
JSON, ATOM
Client Side Endpoints
Client App
CSOM Proxy
/_api/ Client.svc
REST OData CSOM
Client API’s
• Site Content
• Site Collection Creation
• User Profiles
• Search
• Taxonomy
• Feeds
• Publishing
• Business Connectivity Services
• Sharing
• Workflow
• E-Discovery
• IRM
• Analytics
SharePoint Server API
Client AppClient App
ADO.NET Data Svcs Client
JSON, ATOM
Client Side Endpoints
Client App
CSOM Proxy
/_api/ Client.svc
REST OData CSOM
LocationsMaps and displays locations in a contacts list• ASP.NET WebForms• Uses SharePoint 2013 GeoLocation column• Remote event receiver geocodes list items• Client web part displays map
demo
.NET Web Development Choices
ASP Pages WebForms MVC
Control over HTML
Control over URLs
Drag and Drop Development
Ease of Code Reuse
Ease of Testing
Replaceable Components
Strong Offering
Weak / No Offering
… 2001 … 2003 … 2007 … 2013 …
PictureViewOrganizes pictures across multiple SharePoint picture libraries• ASP.NET MVC• Multi-page app using Chrome Control for branding• Testable controller using dependency injection• Web part shows a slide show
demo
Questions?
Code DownloadsLocations Demo (WebForms) http://bit.ly/SPC358-LocationSample
PictureView Demo (MVC) http://bit.ly/SPC419-SampleCode
http://blogs.msdn.com/BobGerman
Top Related